1. Vulnerabilities in Cisco IOS XE
Software
[10/10/2014]
Vulnerabilities were identified in the Cisco IOS
XE Software. An attacker could bypass security restrictions, perform code
injection attacks and cause a denial of service condition. These vulnerabilities
affect multiple versions of the mentioned product. Security patches are
available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3403
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3404
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3405
2. Vulnerabilities in HP Products (c04463322,
c04472866)
[10/10/2014]
Vulnerabilities were identified in the HP System
Management Homepage (SMH) and HP Operations Manager. An attacker could bypass
security restrictions, obtain sensitive information, execute arbitrary code,
perform cross-site scripting attacks, cause a denial of service condition and
crash the system. These vulnerabilities affect multiple versions of mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04463322
URL:h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866
URL:www.kb.cert.org/vuls/id/125228
3. Vulnerabilities in IBM Products (T1021279, 1679067,
1682767, 1684768, 1685244, 1685551, 1685604, 1686210)
[10/10/2014] Vulnerabilities were identified in the IBM Starter Kit for
Cloud, IBM SmartCloud Entry appliance, IBM TPF Toolkit, IBM WebSphere
Application Server, IBM WebSphere Application Server Hypervisor Edition, IBM
Rational Directory Server, IBM Rational Directory Administrator, IBM Tivoli
Access Manager for e-business, IBM Cognos Planning, IBM WebSphere Transformation
Extender (WTX) with Launcher Hypervisor Edition and IBM WebSphere MQ Telemetry
Component. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, perform
cross-site scripting attacks, cause a denial of service condition and compromise
a vulnerable system. These vulnerabilities affect multiple versions of mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=isg3T1021279
URL:www.ibm.com/support/docview.wss?uid=swg21679067
URL:www.ibm.com/support/docview.wss?uid=swg21682767
URL:www.ibm.com/support/docview.wss?uid=swg21684768
URL:www.ibm.com/support/docview.wss?uid=swg21685244
URL:www.ibm.com/support/docview.wss?uid=swg21685551
URL:www.ibm.com/support/docview.wss?uid=swg21685604
URL:www.ibm.com/support/docview.wss?uid=swg21686210
URL:xforce.iss.net/xforce/xfdb/96213
4. Vulnerability in F5 Products
(SOL15432)
[10/10/2014]
Vulnerability was identified in the F5 BIG-IP
LTM, F5 BIG-IP AAM, F5 BIG-IP AFM, F5 BIG-IP Analytics, F5 BIG-IP APM, F5 BIG-IP
ASM, F5 BIG-IP Edge Gateway, F5 BIG-IP GTM, F5 BIG-IP Link Controller, F5 BIG-IP
PEM, F5 BIG-IP PSM, F5 BIG-IP WebAccelerator, F5 BIG-IP WOM and F5 Enterprise
Manager. An attacker could bypass security restrictions and perform HTTP request
smuggling attacks. This vulnerability affects multiple versions of the mentioned
products. Security patches are available to resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/15000/400/sol15432.html
5. Vulnerabilities in Huawei E5332 wireless router
(Huawei-SA-20141009-01-E5332)
[10/10/2014] Vulnerabilities were identified in Huawei E5332 wireless
router. An attacker could bypass security restrictions, cause a denial of
service condition and crash the system. These vulnerabilities affect firmware
versions prior to 21.344.27.00.1080 of the mentioned product. Security patches
are available to resolve these
vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-373056.htm
6. Vulnerability in Google Calendar Events plugin for
WordPress (96867)
[10/10/2014] Vulnerability was identified in the Google Calendar Events
plugin for WordPress. An attacker could bypass security restrictions, execute
arbitrary code and perform cross-site scripting attacks. This vulnerability
affects versions prior to 2.0.4 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/96867
7. Vulnerability in oVirt
(96900)
[10/10/2014]
Vulnerability was identified in the oVirt. An
attacker could bypass security restrictions and cause a denial of service
condition. This vulnerability affects version 3.4 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/96900
8. Security Updates in Mageia (MGASA-2014-0403,
MGASA-2014-0404, MGASA-2014-0405, MGASA-2014-0406, MGASA-2014-0407,
MGASA-2014-0408, MGASA-2014-0409, MGASA-2014-0410, MGASA-2014-0411,
MGASA-2014-0412, MGASA-2014-0413)
[10/10/2014] Mageia has
released security update packages for fixing the vulnerabilities identified in
the cacti, fish, perl, perl-Data-Dumper, torque, python-requests, golang,
rsyslog, bugzilla and chromium-browser-stable packages for multiple versions of
Mageia. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise a vulnerable
system.
URL:advisories.mageia.org/MGASA-2014-0403.html
URL:advisories.mageia.org/MGASA-2014-0404.html
URL:advisories.mageia.org/MGASA-2014-0405.html
URL:advisories.mageia.org/MGASA-2014-0406.html
URL:advisories.mageia.org/MGASA-2014-0407.html
URL:advisories.mageia.org/MGASA-2014-0408.html
URL:advisories.mageia.org/MGASA-2014-0409.html
URL:advisories.mageia.org/MGASA-2014-0410.html
URL:advisories.mageia.org/MGASA-2014-0411.html
URL:advisories.mageia.org/MGASA-2014-0412.html
URL:advisories.mageia.org/MGASA-2014-0413.html
9. Security Updates in SUSE (openSUSE-SU-2014:1279-1,
openSUSE-SU-2014:1281-1)
[10/10/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the xen package for openSUSE 12.3 and 13.1. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html
URL:lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html
10.
Security Updates in Ubuntu GNU/Linux
(USN-2374-1, USN-2375-1, USN-2376-1, USN-2377-1, USN-2378-1, USN-2379-1,
USN-2380-1, USN-2381-1)
[10/10/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the linux, linux-ec2, linux-ti-omap4, linux-lts-trusty, bash and rsyslog
packages for versions 10.04 LTS, 12.04 LTS and 14.04 LTS of Ubuntu GNU/Linux.
Due to multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and compromise a vulnerable
system.
URL:www.ubuntu.com/usn/usn-2374-1/
URL:www.ubuntu.com/usn/usn-2375-1/
URL:www.ubuntu.com/usn/usn-2376-1/
URL:www.ubuntu.com/usn/usn-2377-1/
URL:www.ubuntu.com/usn/usn-2378-1/
URL:www.ubuntu.com/usn/usn-2379-1/
URL:www.ubuntu.com/usn/usn-2380-1/
URL:www.ubuntu.com/usn/usn-2381-1/
11.
Information Updates on Microsoft Security
Bulletin (MS14-051)
[09/10/2014] Microsoft
has updated information on the Security Bulletin for Microsoft Internet
Explorer. MS14-051 was corrected the severity table and vulnerability
information to add CVE-2014-4145 as a vulnerability addressed by this
update.
URL:technet.microsoft.com/library/security/ms14-051
12.
Vulnerabilities in Cisco Adaptive
Security Appliance (ASA) Software
(cisco-sa-20141008-asa)
[09/10/2014] Vulnerabilities were identified in the Cisco Adaptive
Security Appliance (ASA) Software. An attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, perform code
injection attacks, cause a denial of service condition and compromise a
vulnerable system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa
URL:www.us-cert.gov/ncas/current-activity/2014/10/08/Cisco-Releases-Security-Advisory-ASA
URL:xforce.iss.net/xforce/xfdb/96854
URL:xforce.iss.net/xforce/xfdb/96855
URL:xforce.iss.net/xforce/xfdb/96856
URL:xforce.iss.net/xforce/xfdb/96857
URL:xforce.iss.net/xforce/xfdb/96858
URL:xforce.iss.net/xforce/xfdb/96860
13.
Vulnerabilities in IBM Products (1678135,
1682526, 1682529, 1682767, 1684619, 1684620, 1685396, 1685531, 1685541,
1685914)
[09/10/2014]
Vulnerabilities were identified in the IBM
Rational Automation Framework, IBM Sterling Secure Proxy, IBM Sterling External
Authentication Server, IBM WebSphere Application Server, IBM Tivoli System
Automation, IBM Tivoli System Automation Application Manager, IBM API
Management, IBM QuickFile, IBM QRadar SIEM, IBM QRadar Vulnerability Manager,
IBM QRadar Risk Manager, IBM QRadar Forensics and IBM Proventia Network
Enterprise Scanner. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, perform
cross-site scripting attacks, cause a denial of service condition and compromise
a vulnerable system. These vulnerabilities affect multiple versions of mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21678135
URL:www.ibm.com/support/docview.wss?uid=swg21682526
URL:www.ibm.com/support/docview.wss?uid=swg21682529
URL:www.ibm.com/support/docview.wss?uid=swg21682767
URL:www.ibm.com/support/docview.wss?uid=swg21684619
URL:www.ibm.com/support/docview.wss?uid=swg21684620
URL:www.ibm.com/support/docview.wss?uid=swg21685396
URL:www.ibm.com/support/docview.wss?uid=swg21685531
URL:www.ibm.com/support/docview.wss?uid=swg21685541
URL:www.ibm.com/support/docview.wss?uid=swg21685914
URL:www.kb.cert.org/vuls/id/573356
14.
Vulnerabilities in Huawei Products
(Huawei-SA-20141008-OpenSSL)
[09/10/2014] Vulnerabilities were identified in multiple Huawei products.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise a vulnerable system. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
15.
Vulnerabilities in Juniper Products
(JSA10649, JSA10650, JSA10651, JSA10652, JSA10653, JSA10654,
JSA10655)
[09/10/2014]
Vulnerabilities were identified in the Junos OS,
Juniper SRX Series services gateways, Juniper E Series routers and Juniper
product or platform utilizing an em interface for communications, including M,
T, MX, high-end SRX, EX, QFX and PTX Series. An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, perform cross-site scripting attacks, cause a denial of service
condition and compromise a vulnerable system. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10649
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10650
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10651
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10652
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10653
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10654
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10655
16.
Security Updates in Debian (DSA-3047-1,
DSA-3048-1)
[09/10/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the rsyslog and apt packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2014/dsa-3047
URL:www.debian.org/security/2014/dsa-3048
17.
Security Updates in Mageia
(MGASA-2014-0395, MGASA-2014-0396, MGASA-2014-0397, MGASA-2014-0398,
MGASA-2014-0399, MGASA-2014-0400, MGASA-2014-0401,
MGASA-2014-0402)
[09/10/2014] Mageia has
released security update packages for fixing the vulnerabilities identified in
the dbus, squid, libvncserver, remmina, xerces-j2, python, mediawiki, libvirt
and phpmyadmin packages for multiple versions of Mageia. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise a vulnerable
system.
URL:advisories.mageia.org/MGASA-2014-0395.html
URL:advisories.mageia.org/MGASA-2014-0396.html
URL:advisories.mageia.org/MGASA-2014-0397.html
URL:advisories.mageia.org/MGASA-2014-0398.html
URL:advisories.mageia.org/MGASA-2014-0399.html
URL:advisories.mageia.org/MGASA-2014-0400.html
URL:advisories.mageia.org/MGASA-2014-0401.html
URL:advisories.mageia.org/MGASA-2014-0402.html
18.
Security Updates in Ubuntu GNU/Linux
(USN-2370-1, USN-2371-1)
[09/10/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the apt and exuberant-ctags packages for versions 12.04 LTS and 14.04 LTS of
Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:www.ubuntu.com/usn/usn-2370-1/
URL:www.ubuntu.com/usn/usn-2371-1/
19.
Vulnerability in Cisco Intrusion
Prevention System
[08/10/2014] Vulnerability was identified in the Cisco Intrusion
Prevention System. An attacker could bypass security restrictions and cause a
denial of service condition. This vulnerability affects multiple versions of the
mentioned products. Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3402
20.
Vulnerabilities in HP Products
(c04468121, c04470581)
[08/10/2014] Vulnerabilities were identified in the HP Systems Insight
Manager and HP Network Automation. An attacker could bypass security
restrictions, gain elevated privileges, execute arbitrary code and perform
cross-site scripting attacks. These vulnerabilities affect multiple versions of
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04468121
URL:h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04470581
URL:xforce.iss.net/xforce/xfdb/96828
URL:xforce.iss.net/xforce/xfdb/96829
21.
Vulnerabilities in Google
Chrome
[08/10/2014]
Vulnerabilities were identified in the Google
Chrome. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and compromise a vulnerable system. These
vulnerabilities affect multiple versions of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:googlechromereleases.blogspot.hk/2014/10/stable-channel-update.html
URL:googlechromereleases.blogspot.hk/2014/10/chrome-for-ios-update.html
URL:googlechromereleases.blogspot.hk/2014/10/stable-channel-update-for-chrome-os.html
URL:www.us-cert.gov/ncas/current-activity/2014/10/07/Google-Releases-Security-Updates-Chrome-and-Chrome-OS
22.
Vulnerability in Juniper Junos
(JSA10560)
[08/10/2014]
Vulnerability was identified in the Junos
devices with J-Web enabled. An attacker could bypass security restrictions, gain
elevated privileges, and execute arbitrary code. This vulnerability affects
multiple versions of the mentioned products. Security patches are available to
resolve this
vulnerability.
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10560
23.
Vulnerabilities in BMC Track-It!
(VU#121036)
[08/10/2014] Vulnerabilities were identified in the BMC Track-It!. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code and perform code injection attacks.
These vulnerabilities affect multiple versions of mentioned
product.
URL:www.kb.cert.org/vuls/id/121036
24. Vulnerability in Cryoserver Security Appliance
(VU#280844)
[08/10/2014] Vulnerability was identified in the Cryoserver Security
Appliance. An attacker could bypass security restrictions, gain elevated
privileges and compromise a vulnerable system. This vulnerability affects
version 7.3 of mentioned
product.
URL:www.kb.cert.org/vuls/id/280844
URL:xforce.iss.net/xforce/xfdb/96824
25.
Vulnerability in libvirt
(96820)
[08/10/2014]
Vulnerability was identified in the libvirt. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. This vulnerability affects multiple versions of mentioned
product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/96820
26.
Vulnerabilities in SCO
UnixWare
[08/10/2014]
Vulnerabilities were identified in the UnixWare.
An attacker could bypass security restrictions, cause a denial of service
condition and compromise a vulnerable system. These vulnerabilities affect
multiple versions of mentioned product. Security patches are available to
resolve these
vulnerabilities.
URL:ftp.sco.com/pub/unixware7/714/security/bash_4.3.28/bash-4.3.28-README.txt
27.
Security Updates in Oracle
Solaris
[08/10/2014]
Oracle has released security update packages for
fixing the vulnerabilities identified in the bash packages for Oracle Solaris 9,
10 and 11.2. Due to multiple errors, an attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_bash
28.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1365-1)
[08/10/2014] Red Hat
has released security update packages for fixing the vulnerability identified in
the kernel packages for Red Hat Enterprise Linux 6. An attacker could bypass
security restrictions, gain elevated privileges and cause a denial of service
condition.
URL:rhn.redhat.com/errata/RHSA-2014-1365.html
29.
Vulnerability in Apache HTTP
Server
[07/10/2014]
Vulnerability was identified in the Apache HTTP
Server. An attacker could cause a denial of service condition and crash the
system. This vulnerability affects versions prior to 2.4.11 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup&pathrev=1627749
URL:www.hkcert.org/my_url/en/alert/14100701
30.
Vulnerability in Cisco ASA
Software
[07/10/2014]
Vulnerability was identified in the Cisco
Adaptive Security Appliance (ASA) Software. An attacker could bypass security
restrictions, execute arbitrary code and cause a denial of service condition.
This vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3399
31.
Vulnerabilities in IBM Products
(N1020272, 1677285, 1682233, 1684771, 1685324, 1685526, 1685749, 1685866,
1686189)
[07/10/2014]
Vulnerabilities were identified in the IBM Power
Hardware Management Console, IBM Rational ClearCase, IBM WebSphere MQ, IBM
Business Process Manager, IBM Rational Software Architect, IBM InfoSphere
Guardium Database Activity Monitoring, IBM Tivoli System Automation for
Integrated Operations Management and IBM Tivoli Service Automation Manager. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise a vulnerable system. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=nas8N1020272
URL:www.ibm.com/support/docview.wss?uid=swg21677285
URL:www.ibm.com/support/docview.wss?uid=swg21682233
URL:www.ibm.com/support/docview.wss?uid=swg21684771
URL:www.ibm.com/support/docview.wss?uid=swg21685324
URL:www.ibm.com/support/docview.wss?uid=swg21685526
URL:www.ibm.com/support/docview.wss?uid=swg21685749
URL:www.ibm.com/support/docview.wss?uid=swg21685866
URL:www.ibm.com/support/docview.wss?uid=swg21686189
URL:xforce.iss.net/xforce/xfdb/92381
URL:xforce.iss.net/xforce/xfdb/95304
32.
Vulnerabilities in McAfee Products
(SB10085)
[07/10/2014]
Vulnerabilities were identified in multiple
McAfee products. An attacker could bypass security restrictions, cause a denial
of service condition and compromise a vulnerable system. These vulnerabilities
affect multiple versions of mentioned
products.
URL:kc.mcafee.com/corporate/index?page=content&id=SB10085
33.
Vulnerabilities in VMware Products
(VMSA-2014-0010)
[07/10/2014] Vulnerabilities were identified in multiple VMware products.
An attacker could bypass security restrictions, cause a denial of service
condition and compromise a vulnerable system. These vulnerabilities affect
multiple versions of mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:www.vmware.com/security/advisories/VMSA-2014-0010.html
34.
Vulnerabilities in Oracle
Products
[07/10/2014]
Vulnerabilities were identified in multiple
Oracle products. An attacker could bypass security restrictions, cause a denial
of service condition and compromise a vulnerable system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
35.
Vulnerability in Rejetto HTTP File Server
(VU#251276)
[07/10/2014] Vulnerability was identified in the Rejetto HTTP File Server.
An attacker could bypass security restrictions, execute arbitrary code and
perform code injection attacks. This vulnerability affects versions prior to
2.3c of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/251276
36.
Vulnerability in NetCommWireless Router
(VU#941108)
[07/10/2014] Vulnerability was identified in the NetCommWireless NB604N
ADSL2+ Wireless N300 Modem Router. An attacker could bypass security
restrictions, execute arbitrary code and perform cross-site scripting attacks.
This vulnerability affects firmware versions prior to
GAN5.CZ56T-B-NC.AU-R4B030.EN of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/941108
37.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1359-1)
[07/10/2014] Red Hat
has released security update packages for fixing the vulnerability identified in
the polkit-qt package for Red Hat Enterprise Linux 7. An attacker could bypass
security
restrictions.
URL:rhn.redhat.com/errata/RHSA-2014-1359.html
38.
Security Updates in SUSE
(SUSE-SU-2014:1220-4)
[07/10/2014] SUSE has
released security update packages for fixing the vulnerability identified in the
mozilla-nss package for SUSE Linux Enterprise 10. An attacker could bypass
security
restrictions.
URL:lists.opensuse.org/opensuse-security-announce/2014-10/msg00000.html
39.
Vulnerabilities in Cisco
Products
[06/10/2014]
Vulnerabilities were identified in the Cisco IOS
Software, Cisco Adaptive Security Appliance (ASA) Software and Cisco WebEx
Meetings Server (Cisco WMS). An attacker could bypass security restrictions,
obtain sensitive information, execute arbitrary code and compromise a vulnerable
system. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3396
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3398
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3400
40.
Vulnerabilities in HP System Management
Homepage (c04463322)
[06/10/2014] Vulnerabilities were identified in the HP System Management
Homepage. An attacker could bypass security restrictions, execute arbitrary
code, perform cross-site scripting attacks, obtain sensitive information, cause
a denial of service condition and crash the system. These vulnerabilities affect
multiple versions of mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04463322
URL:www.kb.cert.org/vuls/id/125228
41.
Vulnerabilities in IBM Products
(T1021272, 1681102, 1682023, 1682026, 1682567, 1682942, 1682950, 1683609,
1683668, 1683830, 1684073, 1684570, 1684695, 1684861, 1684862, 1684930, 1685120,
1685289, 1685323, 1685398, 1685472, 1685508, 1685526, 1685689, MIGR-5096266,
MIGR-5096284)
[06/10/2014] Vulnerabilities were identified in the IBM AIX, IBM Rational
Functional Tester, IBM PureData for Operational Analytics, IBM Smart Analytics
System, IBM WebSphere Message Broker, IBM Integration Bus, IBM Rational
ClearQuest, IBM QRadar SIEM, IBM Rational Developer for System z, IBM SPSS
Collaboration and Deployment Services, IBM WebSphere MQ Telemetry, IBM Image
Construction and Composition Tool, IBM PureApplication System, IBM FileNet P8
Application Engine, IBM Curam Social Program Management, IBM Tivoli
Netcool/OMNIbus, IBM Maximo Asset Management, IBM SmartCloud Control Desk, IBM
Tivoli Asset Management, IBM Tivoli Service Request Manager, IBM Change and
Configuration Management Database, IBM Tivoli Monitoring, IBM API Management,
IBM Workload Deployer, IBM WebSphere Partner Gateway Advanced/Enterprise
Edition, IBM WebSphere MQ, Tivoli Provisioning Manager, IBM Systems Director and
IBM Flex System Manager. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise a vulnerable system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=isg3T1021272
URL:www.ibm.com/support/docview.wss?uid=swg21681102
URL:www.ibm.com/support/docview.wss?uid=swg21682023
URL:www.ibm.com/support/docview.wss?uid=swg21682026
URL:www.ibm.com/support/docview.wss?uid=swg21682567
URL:www.ibm.com/support/docview.wss?uid=swg21682942
URL:www.ibm.com/support/docview.wss?uid=swg21682950
URL:www.ibm.com/support/docview.wss?uid=swg21683609
URL:www.ibm.com/support/docview.wss?uid=swg21683668
URL:www.ibm.com/support/docview.wss?uid=swg21683830
URL:www.ibm.com/support/docview.wss?uid=swg21684073
URL:www.ibm.com/support/docview.wss?uid=swg21684570
URL:www.ibm.com/support/docview.wss?uid=swg21684695
URL:www.ibm.com/support/docview.wss?uid=swg21684861
URL:www.ibm.com/support/docview.wss?uid=swg21684862
URL:www.ibm.com/support/docview.wss?uid=swg21684930
URL:www.ibm.com/support/docview.wss?uid=swg21685120
URL:www.ibm.com/support/docview.wss?uid=swg21685289
URL:www.ibm.com/support/docview.wss?uid=swg21685323
URL:www.ibm.com/support/docview.wss?uid=swg21685398
URL:www.ibm.com/support/docview.wss?uid=swg21685472
URL:www.ibm.com/support/docview.wss?uid=swg21685508
URL:www.ibm.com/support/docview.wss?uid=swg21685526
URL:www.ibm.com/support/docview.wss?uid=swg21685689
URL:www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096266
URL:www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096284
URL:xforce.iss.net/xforce/xfdb/94757
URL:xforce.iss.net/xforce/xfdb/95208
42.
Vulnerabilities in Novell Products
(5193231, 5193410)
[06/10/2014] Vulnerabilities were identified in the Novell Service Desk
and Novell NetIQ Identity Assurance Solution Client. An attacker could bypass
security restrictions, obtain sensitive information, execute arbitrary code,
cause a denial of service condition and crash the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=sp4kAmbumGM~
URL:download.novell.com/Download?buildid=s6M5LsksoOA~
43.
Vulnerabilities in Brocade Vyatta vRouter
(VU#111588)
[06/10/2014] Vulnerabilities were identified in the Brocade Vyatta 5400
vRouter. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, perform code
injection attacks and compromise a vulnerable system. These vulnerabilities
affects multiple firmware versions of the mentioned
product.
URL:www.kb.cert.org/vuls/id/111588
44. Vulnerabilities in phpMyAdmin
(PMASA-2014-11)
[06/10/2014] Vulnerabilities were identified in the phpMyAdmin. An
attacker could bypass security restrictions, execute arbitrary code and perform
cross-site scripting attacks. These vulnerabilities affect multiple versions of
the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:www.phpmyadmin.net/home_page/security/PMASA-2014-11.php
45.
Vulnerabilities in
Rsyslog
[06/10/2014]
Vulnerabilities were identified in the Rsyslog.
An attacker could bypass security restrictions, execute arbitrary code, perform
code injection attacks, cause a denial of service condition and compromise a
vulnerable system. These vulnerabilities affect multiple versions of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/
46.
Security Updates in Debian (DSA-3042-1,
DSA-3044-1, DSA-3045-1, DSA-3046-1)
[06/10/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the exuberant-ctags, qemu-kvm, qemu and mediawiki packages for multiple versions
of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.debian.org/security/2014/dsa-3042
URL:www.debian.org/security/2014/dsa-3044
URL:www.debian.org/security/2014/dsa-3045
URL:www.debian.org/security/2014/dsa-3046
47.
Security Updates in Gentoo Linux (GLSA
201410-01)
[06/10/2014]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the bash package for multiple versions
of Gentoo Linux. Due to multiple errors, an attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:www.gentoo.org/security/en/glsa/glsa-201410-01.xml
48.
Security Updates in Mageia
(MGASA-2014-03934)
[06/10/2014] Mageia has
released security update packages for fixing the vulnerabilities identified in
the bash package for multiple versions of Mageia. Due to multiple errors, an
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and compromise a vulnerable
system.
URL:advisories.mageia.org/MGASA-2014-0394.html
49.
Security Updates in Mandriva
(MDVSA-2014:194, MDVSA-2014:195)
[06/10/2014] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the phpmyadmin and libvirt packages for version MBS1 of Mandriva GNU/Linux.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A194/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A195/
50.
Security Updates in Ubuntu GNU/Linux
(USN-2369-1)
[06/10/2014] Ubuntu has
released security update packages for fixing the vulnerability identified in the
file package for versions 10.04 LTS, 12.04 LTS and 14.04 LTS of Ubuntu
GNU/Linux. An attacker could cause a denial of service
condition.
URL:www.ubuntu.com/usn/usn-2369-1/
No comments:
Post a Comment