In This Weeks SecurityTracker Vulnerability Summary

Martys Computer Solutions

In This Weeks SecurityTracker Vulnerability Summary SecurityTracker Alerts: 20 Vendors: Apache Software Foundation - Apple Computer - Cisco - Deraison, Renaud et al - HP (Compaq) - Jelsoft Enterprises - Mozilla.org Products: Apache - Bugzilla - Cisco ASR Router - Cisco Security Manager - Cisco TelePresence - Cisco Unified Presence - HP Network Virtualization - HP VPN Firewall Module - Mozilla Firefox - Mozilla Thunderbird - Nessus - QuickTime - vBulletin - WebEx Meetings Server Headlines: 1. Tenable Nessus Access Control Flaw in Web UI Lets Remote Users Obtain Potentially Sensitive Information 2. Bugzilla Input Validation Flaw in JSONP Endpoint Permits Cross-Site Request Forgery Attacks 3. Cisco ASR 9000 Series IOS XR Router NetFlow Processing Flaw Lets Remote Users Deny Service 4. HP Network Virtualization Bugs Let Remote Users Obtain Information and Execute Arbitrary Code 5. Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Deny Service, and Spoof User Interface Elements 6. Cisco WebEx Meetings Server OutlookAction Class Lets Remote Users Determine Valid User Account Names 7. Apache mod_cache Null Pointer Dereference Lets Remote Users Deny Service 8. Cisco WebEx Meetings Server Invalid Token Timer Lets Remote Users Obtain Potentially Sensitive Information 9. Apple QuickTime mvhd Atom Memory Corruption Error Lets Remote Users Execute Arbitrary Code 10. Cisco WebEx Meetings Server ProfileAction Controller Lets Remote Users Obtain Sensitive Information 11. Cisco WebEx Meetings Server Input Validation Flaw Permits Cross-Site Request Forgery Attacks 12. HP VPN Firewall Module Unspecified Flaw Lets Remote Users Deny Service 13. Cisco Unified Presence Server Lets Remote Users Conduct SYN Flood Attacks to Deny Service 14. vBulletin Input Validation Flaw in ajax/render/memberlist_items Lets Remote Users Inject SQL Commands 15. Cisco TelePresence Server Input Validation Flaw in Web Interface Permits Cross-Site Scripting Attacks 16. Mozilla Firefox Race Condition in libnss CERT_DestroyCertificate() Lets Remote Users Execute Arbitrary Code 17. Apache Multiple Flaws Let Remote Users Deny Service or Execute Arbitrary Code 18. Cisco Security Manager Input Validation Flaw in Web Framework Code Lets Remote Users Inject SQL Commands 19. Cisco WebEx Meetings Server URLs Disclose Potentially Sensitive Information to Remote Authenticated Users 20. Mozilla Thunderbird Multiple Flaws Let Remote Users Deny Service and Execute Arbitrary Code ------------------------------------------------------------------------ Your SecurityTracker Vulnerability Alerts 1. Nessus Vendor: Deraison, Renaud et al A vulnerability was reported in Tenable Nessus. A remote user can obtain potentially sensitive information. Impact: Disclosure of system information Alert: securitytracker/id/1030614 2. Bugzilla Vendor: Mozilla.org A vulnerability was reported in Bugzilla. A remote user can conduct cross-site request forgery attacks. Impact: Disclosure of user information Alert: securitytracker/id/1030648 3. Cisco ASR Router Vendor: Cisco A vulnerability was reported in Cisco ISO XR on ASR 9000 Series Routers. A remote user can cause denial of service conditions. Impact: Denial of service via network Alert: securitytracker/id/1030623 4. HP Network Virtualization Vendor: HP (Compaq) Two vulnerabilities were reported in HP Network Virtualization. A remote user can execute arbitrary code on the target system. A remote user can obtain potentially sensitive information. Impact: Disclosure of system information Alert: securitytracker/id/1030624 5. Mozilla Firefox Vendor: Mozilla.org Multiple vulnerabilities were reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target users system. A remote user can cause denial of service conditions. A remote user can spoof user interface elements. Impact: Denial of service via network Alert: securitytracker/id/1030619 6. WebEx Meetings Server Vendor: Cisco A vulnerability was reported in Cisco WebEx Meetings Server. A remote user can determine user account names. Impact: Disclosure of system information Alert: securitytracker/id/1030641 7. Apache Vendor: Apache Software Foundation A vulnerability was reported in Apache. A remote user can cause denial of service conditions. Impact: Denial of service via network Alert: securitytracker/id/1030625 8. WebEx Meetings Server Vendor: Cisco A vulnerability was reported in Cisco WebEx Meetings Server. A remote user can obtain potentially sensitive information. Impact: Disclosure of system information Alert: securitytracker/id/1030646 9. QuickTime Vendor: Apple Computer A vulnerability was reported in Apple QuickTime. A remote user can cause arbitrary code to be executed on the target users system. Impact: Execution of arbitrary code via network Alert: securitytracker/id/1030638 10. WebEx Meetings Server Vendor: Cisco A vulnerability was reported in Cisco WebEx Meetings Server. A remote user can obtain potentially sensitive information. Impact: Disclosure of system information Alert: securitytracker/id/1030642 11. WebEx Meetings Server Vendor: Cisco A vulnerability was reported in Cisco WebEx Meetings Server. A remote user can conduct cross-site request forgery attacks. Impact: Modification of user information Alert: securitytracker/id/1030644 12. HP VPN Firewall Module Vendor: HP (Compaq) A vulnerability was reported in HP VPN Firewall Modules. A remote user can cause denial of service conditions. Impact: Denial of service via network Alert: securitytracker/id/1030649 13. Cisco Unified Presence Vendor: Cisco A vulnerability was reported in Cisco Unified Presence Server. A remote user can cause denial of service conditions. Impact: Denial of service via network Alert: securitytracker/id/1030643 14. vBulletin Vendor: Jelsoft Enterprises A vulnerability was reported in vBulletin. A remote user can inject SQL commands. Impact: Disclosure of system information Alert: securitytracker/id/1030647 15. Cisco TelePresence Vendor: Cisco A vulnerability was reported in Cisco TelePresence Server. A remote user can conduct cross-site scripting attacks. Impact: Disclosure of authentication information Alert: securitytracker/id/1030640 16. Mozilla Firefox Vendor: Mozilla.org A vulnerability was reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target users system. Impact: Execution of arbitrary code via network Alert: securitytracker/id/1030617 17. Apache Vendor: Apache Software Foundation Several vulnerabilities were reported in Apache. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. Impact: Denial of service via network Alert: securitytracker/id/1030615 18. Cisco Security Manager Vendor: Cisco A vulnerability was reported in Cisco Security Manager. A remote user can inject SQL commands. Impact: Disclosure of system information Alert: securitytracker/id/1030639 19. WebEx Meetings Server Vendor: Cisco A vulnerability was reported in Cisco WebEx Meetings Server. A remote authenticated user can obtain potentially sensitive information. Impact: Disclosure of system information Alert: securitytracker/id/1030645 20. Mozilla Thunderbird Vendor: Mozilla.org Multiple vulnerabilities were reported in Mozilla Thunderbird. A remote user can cause arbitrary code to be executed on the target users system. A remote user can cause denial of service conditions. Impact: Denial of service via network Alert: securitytracker/id/1030620

Posted on: Mon, 28 Jul 2014 13:58:50 +0000

In This Weeks SecurityTracker Vulnerability Summary - TopicsExpress

Trending Topics

Recently Viewed Topics