NCCIC / US-CERT
National Cyber Awareness System:
09/22/2014 06:59 AM EDT
Original release date: September 22, 2014
Back to top
Back to top
Back to top
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying informaton, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- acrobat | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. | 2014年09月17日 | 10.0 | CVE-2014-0560 |
| adobe -- acrobat | Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0567. | 2014年09月17日 | 10.0 | CVE-2014-0561 |
| adobe -- acrobat | Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors. | 2014年09月17日 | 7.8 | CVE-2014-0563 |
| adobe -- acrobat | Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0566. | 2014年09月17日 | 10.0 | CVE-2014-0565 |
| adobe -- acrobat | Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0565. | 2014年09月17日 | 10.0 | CVE-2014-0566 |
| adobe -- acrobat | Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0561. | 2014年09月17日 | 10.0 | CVE-2014-0567 |
| adobe -- acrobat | Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors. | 2014年09月17日 | 10.0 | CVE-2014-0568 |
| apple -- apple_tv | The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments. | 2014年09月18日 | 7.8 | CVE-2014-4369 APPLE APPLE |
| apple -- apple_tv | The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application. | 2014年09月18日 | 7.8 | CVE-2014-4373 APPLE APPLE |
| apple -- apple_tv | Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports. | 2014年09月18日 | 7.2 | CVE-2014-4375 APPLE APPLE |
| apple -- mac_os_x | IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted API arguments. | 2014年09月19日 | 10.0 | CVE-2014-4376 |
| apple -- apple_tv | An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application. | 2014年09月18日 | 7.1 | CVE-2014-4379 APPLE APPLE |
| apple -- apple_tv | The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context via a crafted application. | 2014年09月18日 | 9.3 | CVE-2014-4380 APPLE APPLE |
| apple -- apple_tv | Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application. | 2014年09月18日 | 9.3 | CVE-2014-4381 APPLE APPLE |
| apple -- apple_tv | IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418. | 2014年09月18日 | 9.3 | CVE-2014-4388 APPLE APPLE |
| apple -- apple_tv | Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments. | 2014年09月18日 | 9.3 | CVE-2014-4389 APPLE APPLE |
| apple -- mac_os_x | Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application. | 2014年09月19日 | 9.3 | CVE-2014-4390 |
| apple -- mac_os_x | Buffer overflow in the shader compiler in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GLSL shader. | 2014年09月19日 | 10.0 | CVE-2014-4393 |
| apple -- mac_os_x | An unspecified IOAcceleratorFamily function in Apple OS X before 10.9.5 lacks proper bounds checking on read operations, which allows attackers to execute arbitrary code in a privileged context via a crafted application. | 2014年09月19日 | 9.3 | CVE-2014-4402 |
| apple -- apple_tv | Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties. | 2014年09月18日 | 9.3 | CVE-2014-4404 APPLE APPLE |
| apple -- apple_tv | IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties. | 2014年09月18日 | 9.3 | CVE-2014-4405 APPLE APPLE |
| apple -- apple_tv | IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4388. | 2014年09月18日 | 9.3 | CVE-2014-4418 APPLE APPLE |
| apple -- os_x_server | SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2014年09月19日 | 7.5 | CVE-2014-4424 |
| ecava -- integraxor | Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature. | 2014年09月15日 | 9.0 | CVE-2014-2375 |
| ecava -- integraxor | SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2014年09月15日 | 7.5 | CVE-2014-2376 |
| emc -- documentum_content_server | EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors. | 2014年09月17日 | 8.5 | CVE-2014-4621 BUGTRAQ |
| emc -- documentum_content_server | EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. | 2014年09月17日 | 7.1 | CVE-2014-4622 BUGTRAQ |
| microsoft -- office | Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka "Microsoft Office Control Vulnerability." | 2014年09月19日 | 9.3 | CVE-2006-1318 |
| mpay24_project -- mpay24 | SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter. | 2014年09月12日 | 7.5 | CVE-2014-2008 XF OSVDB |
| mpexsolutions -- mx-smartimer | SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password parameter. | 2014年09月12日 | 7.5 | CVE-2014-5440 XF FULLDISC MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- acrobat | Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)." | 2014年09月17日 | 4.3 | CVE-2014-0562 |
| advantech -- advantech_webaccess | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter. | 2014年09月20日 | 6.8 | CVE-2014-0985 |
| advantech -- advantech_webaccess | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter. | 2014年09月20日 | 6.8 | CVE-2014-0986 |
| advantech -- advantech_webaccess | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter. | 2014年09月20日 | 6.8 | CVE-2014-0987 MISC |
| advantech -- advantech_webaccess | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter. | 2014年09月20日 | 6.8 | CVE-2014-0988 |
| advantech -- advantech_webaccess | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter. | 2014年09月20日 | 6.8 | CVE-2014-0989 |
| advantech -- advantech_webaccess | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the UserName parameter. | 2014年09月20日 | 6.8 | CVE-2014-0990 |
| advantech -- advantech_webaccess | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the projectname parameter. | 2014年09月20日 | 6.8 | CVE-2014-0991 |
| advantech -- advantech_webaccess | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the password parameter. | 2014年09月20日 | 6.8 | CVE-2014-0992 |
| apple -- mac_os_x | QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding. | 2014年09月19日 | 6.8 | CVE-2014-1391 |
| apple -- mac_os_x | Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file. | 2014年09月19日 | 6.8 | CVE-2014-4350 |
| apple -- iphone_os | Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS. | 2014年09月18日 | 4.3 | CVE-2014-4353 APPLE |
| apple -- iphone_os | Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session. | 2014年09月18日 | 5.8 | CVE-2014-4354 APPLE |
| apple -- iphone_os | The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app. | 2014年09月18日 | 5.0 | CVE-2014-4361 APPLE |
| apple -- iphone_os | The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app. | 2014年09月18日 | 5.0 | CVE-2014-4362 APPLE |
| apple -- iphone_os | Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element. | 2014年09月18日 | 5.0 | CVE-2014-4363 APPLE |
| apple -- apple_tv | The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash. | 2014年09月18日 | 4.3 | CVE-2014-4364 APPLE APPLE |
| apple -- iphone_os | Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | 2014年09月18日 | 5.0 | CVE-2014-4366 APPLE |
| apple -- iphone_os | The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events. | 2014年09月18日 | 6.9 | CVE-2014-4368 APPLE |
| apple -- iphone_os | NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2014年09月18日 | 5.0 | CVE-2014-4374 APPLE |
| apple -- apple_tv | Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. | 2014年09月18日 | 6.8 | CVE-2014-4377 APPLE APPLE |
| apple -- apple_tv | CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document. | 2014年09月18日 | 5.8 | CVE-2014-4378 APPLE APPLE |
| apple -- apple_tv | The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header. | 2014年09月18日 | 4.3 | CVE-2014-4383 APPLE APPLE |
| apple -- mac_os_x | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. | 2014年09月19日 | 6.9 | CVE-2014-4394 |
| apple -- mac_os_x | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. | 2014年09月19日 | 6.9 | CVE-2014-4395 |
| apple -- mac_os_x | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. | 2014年09月19日 | 6.9 | CVE-2014-4396 |
| apple -- mac_os_x | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. | 2014年09月19日 | 6.9 | CVE-2014-4397 |
| apple -- mac_os_x | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. | 2014年09月19日 | 6.9 | CVE-2014-4398 |
| apple -- mac_os_x | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. | 2014年09月19日 | 6.9 | CVE-2014-4399 |
| apple -- mac_os_x | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4401, and CVE-2014-4416. | 2014年09月19日 | 6.9 | CVE-2014-4400 |
| apple -- mac_os_x | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, and CVE-2014-4416. | 2014年09月19日 | 6.9 | CVE-2014-4401 |
| apple -- os_x_server | Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014年09月19日 | 4.3 | CVE-2014-4406 |
| apple -- apple_tv | IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls. | 2014年09月18日 | 4.3 | CVE-2014-4407 APPLE APPLE |
| apple -- apple_tv | The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call. | 2014年09月18日 | 6.9 | CVE-2014-4408 APPLE APPLE |
| apple -- iphone_os | WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing. | 2014年09月18日 | 4.3 | CVE-2014-4409 APPLE |
| apple -- apple_tv | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014年09月17日-1 and APPLE-SA-2014年09月17日-2. | 2014年09月18日 | 6.8 | CVE-2014-4410 APPLE APPLE |
| apple -- apple_tv | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014年09月17日-1 and APPLE-SA-2014年09月17日-2. | 2014年09月18日 | 6.8 | CVE-2014-4411 APPLE APPLE |
| apple -- apple_tv | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014年09月17日-1 and APPLE-SA-2014年09月17日-2. | 2014年09月18日 | 6.8 | CVE-2014-4412 APPLE APPLE |
| apple -- apple_tv | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014年09月17日-1 and APPLE-SA-2014年09月17日-2. | 2014年09月18日 | 6.8 | CVE-2014-4413 APPLE APPLE |
| apple -- apple_tv | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014年09月17日-1 and APPLE-SA-2014年09月17日-2. | 2014年09月18日 | 6.8 | CVE-2014-4414 APPLE APPLE |
| apple -- apple_tv | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014年09月17日-1 and APPLE-SA-2014年09月17日-2. | 2014年09月18日 | 6.8 | CVE-2014-4415 APPLE APPLE |
| apple -- mac_os_x | An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, and CVE-2014-4401. | 2014年09月19日 | 6.9 | CVE-2014-4416 |
| apple -- apple_tv | The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related to the random numbers. | 2014年09月18日 | 6.8 | CVE-2014-4422 APPLE APPLE |
| apple -- iphone_os | The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application. | 2014年09月18日 | 4.3 | CVE-2014-4423 APPLE |
| blackcat-cms -- blackcat_cms | Cross-site scripting (XSS) vulnerability in cattranslate.php in the CatTranslate JQuery plugin in BlackCat CMS 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | 2014年09月12日 | 4.3 | CVE-2014-5259 MISC XF BUGTRAQ MISC |
| ecava -- integraxor | Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. | 2014年09月15日 | 5.0 | CVE-2014-2377 |
| embarcadero -- embarcadero_c++builder_xe6 | Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file. | 2014年09月15日 | 6.8 | CVE-2014-0993 MISC |
| episerver -- episerver | Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker module 3.x before 3.4.5 for EPiServer allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2014年09月17日 | 4.3 | CVE-2012-1032 XF BID SECUNIA OSVDB |
| facebook -- facebook | Cross-site scripting (XSS) vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename extension that is improperly handled during MIME sniffing of chat traffic. | 2014年09月15日 | 4.3 | CVE-2014-6392 FULLDISC |
| fatfreecrm -- fat_free_crm | Multiple cross-site scripting (XSS) vulnerabilities in app/views/layouts/application.html.haml in Fat Free CRM before 0.13.3 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name in a (a) create or (b) edit user action. | 2014年09月12日 | 4.3 | CVE-2014-5441 CONFIRM MISC |
| ibm -- integration_bus | The web user interface in IBM WebSphere Message Broker 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.3 allows remote authenticated users to obtain sensitive information by reading the error page. | 2014年09月18日 | 4.0 | CVE-2014-4819 XF |
| ibm -- integration_bus_manufacturing_pack | Cross-site scripting (XSS) vulnerability in IBM Integration Bus Manufacturing Pack 1.x before 1.0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014年09月18日 | 4.3 | CVE-2014-4820 XF |
| ibm -- qradar_security_information_and_event_manager | SQL injection vulnerability in IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 2014年09月18日 | 6.5 | CVE-2014-4824 XF |
| ibm -- qradar_security_information_and_event_manager | IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 does not properly handle SSH connections, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | 2014年09月18日 | 4.3 | CVE-2014-4826 XF |
| mailenable -- mailenable | Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) body in an SMTP e-mail message. | 2014年09月19日 | 4.3 | CVE-2012-2588 XF BID EXPLOIT-DB SECUNIA OSVDB |
| mini_mail_dashboard_widget_project -- mini_mail_dashboard_widget | Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget plugin 1.42 for WordPress allows remote attackers to inject arbitrary web script or HTML via the body of an email. | 2014年09月17日 | 4.3 | CVE-2012-2583 XF BID EXPLOIT-DB OSVDB |
| moodle -- moodle | The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, and discover an author's username, by leveraging the student role and visiting a Q&A forum. | 2014年09月15日 | 4.0 | CVE-2014-3617 MLIST CONFIRM |
| mpay24_project -- mpay24 | The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log. | 2014年09月12日 | 5.0 | CVE-2014-2009 XF EXPLOIT-DB FULLDISC MISC OSVDB |
| mywebsql -- mywebsql | Cross-site scripting (XSS) vulnerability in MyWebSQL 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter to index.php. | 2014年09月12日 | 4.3 | CVE-2014-4735 MISC XF BUGTRAQ MISC |
| nongnu -- gksu | GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during installation of a VirtualBox extension pack. | 2014年09月18日 | 6.8 | CVE-2014-2886 MISC MISC MISC |
| open-xchange -- open-xchange_appsuite | Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name. | 2014年09月17日 | 4.3 | CVE-2014-5234 BID BUGTRAQ SECUNIA MISC |
| open-xchange -- open-xchange_appsuite | Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds. | 2014年09月17日 | 4.3 | CVE-2014-5235 BID BUGTRAQ SECUNIA MISC |
| orangehrm -- orangehrm | SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from third party information. | 2014年09月17日 | 6.5 | CVE-2012-1506 MISC XF BID SECUNIA OSVDB |
| orangehrm -- orangehrm | Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index.php. | 2014年09月17日 | 4.3 | CVE-2012-1507 MISC XF BID SECUNIA OSVDB OSVDB OSVDB |
| phorum -- phorum | Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2014年09月19日 | 4.3 | CVE-2012-6659 SECUNIA |
| php365 -- 365_links | Cross-site scripting (XSS) vulnerability in php365.com 365 Links 3.11 and earlier, 365 Links2 3.11 and earlier, 365 Links+ 2.10 and earlier, and 365 Links2+ 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014年09月18日 | 4.3 | CVE-2014-5317 CONFIRM JVNDB |
| powerdns -- powerdns_recursor | Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6.x before 3.6.1 allows remote attackers to cause a denial of service (crash) via an unknown sequence of malformed packets. | 2014年09月19日 | 5.0 | CVE-2014-3614 XF SECUNIA CONFIRM |
| schneider-electric -- vampset | Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file. | 2014年09月15日 | 4.4 | CVE-2014-5407 |
| schneider-electric -- clearscada | Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. | 2014年09月18日 | 5.0 | CVE-2014-5412 |
| schneider-electric -- clearscada | Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. | 2014年09月18日 | 5.0 | CVE-2014-5413 |
| spiceworks -- spiceworks | SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. NOTE: this entry was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6658 is for the XSS. | 2014年09月17日 | 6.5 | CVE-2012-2956 XF BID EXPLOIT-DB OSVDB |
| spiceworks -- spiceworks | Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName configuration in snmpd.conf. NOTE: this entry was SPLIT from CVE-2012-2956 per ADT2 due to different vulnerability types. | 2014年09月17日 | 4.3 | CVE-2012-6658 EXPLOIT-DB SECUNIA OSVDB |
| synology -- diskstation_manager | Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php. | 2014年09月12日 | 4.3 | CVE-2012-1556 XF BID SECUNIA OSVDB BUGTRAQ |
| vmware -- nsx | VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors. | 2014年09月15日 | 5.0 | CVE-2014-3796 |
| wireshark -- wireshark | Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors. | 2014年09月20日 | 5.0 | CVE-2014-6421 CONFIRM CONFIRM |
| wireshark -- wireshark | The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector. | 2014年09月20日 | 5.0 | CVE-2014-6422 CONFIRM CONFIRM |
| wireshark -- wireshark | The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line. | 2014年09月20日 | 5.0 | CVE-2014-6423 CONFIRM CONFIRM |
| wireshark -- wireshark | The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet. | 2014年09月20日 | 5.0 | CVE-2014-6424 CONFIRM CONFIRM |
| wireshark -- wireshark | The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing ' ' character. | 2014年09月20日 | 5.0 | CVE-2014-6425 CONFIRM CONFIRM |
| wireshark -- wireshark | The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | 2014年09月20日 | 5.0 | CVE-2014-6426 CONFIRM |
| wireshark -- wireshark | Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position. | 2014年09月20日 | 5.0 | CVE-2014-6427 CONFIRM CONFIRM |
| wireshark -- wireshark | The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2014年09月20日 | 5.0 | CVE-2014-6428 CONFIRM CONFIRM |
| wireshark -- wireshark | The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | 2014年09月20日 | 5.0 | CVE-2014-6429 CONFIRM CONFIRM |
| wireshark -- wireshark | The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | 2014年09月20日 | 5.0 | CVE-2014-6430 CONFIRM CONFIRM |
| wireshark -- wireshark | Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer. | 2014年09月20日 | 5.0 | CVE-2014-6431 CONFIRM CONFIRM |
| wireshark -- wireshark | The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | 2014年09月20日 | 5.0 | CVE-2014-6432 CONFIRM CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple -- iphone_os | Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. | 2014年09月18日 | 2.1 | CVE-2014-4352 APPLE |
| apple -- iphone_os | Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen. | 2014年09月18日 | 2.1 | CVE-2014-4356 APPLE |
| apple -- apple_tv | Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log. | 2014年09月18日 | 2.1 | CVE-2014-4357 APPLE APPLE |
| apple -- iphone_os | Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number. | 2014年09月18日 | 2.1 | CVE-2014-4367 APPLE |
| apple -- apple_tv | The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421. | 2014年09月18日 | 1.9 | CVE-2014-4371 APPLE APPLE |
| apple -- apple_tv | syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file. | 2014年09月18日 | 3.6 | CVE-2014-4372 APPLE APPLE |
| apple -- iphone_os | Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle. | 2014年09月18日 | 1.9 | CVE-2014-4384 APPLE |
| apple -- iphone_os | Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access. | 2014年09月18日 | 1.9 | CVE-2014-4386 APPLE |
| apple -- mac_os_x | The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table. | 2014年09月19日 | 2.1 | CVE-2014-4403 |
| apple -- apple_tv | The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4420, and CVE-2014-4421. | 2014年09月18日 | 1.9 | CVE-2014-4419 APPLE APPLE |
| apple -- apple_tv | The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4421. | 2014年09月18日 | 1.9 | CVE-2014-4420 APPLE APPLE |
| apple -- apple_tv | The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4420. | 2014年09月18日 | 1.9 | CVE-2014-4421 APPLE APPLE |
| ibm -- storwize_v7000_unified_software | IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file. | 2014年09月15日 | 2.1 | CVE-2014-3077 XF |
| ibm -- filenet_content_foundation | Cross-site scripting (XSS) vulnerability in Content Navigator in Content Engine in IBM FileNet Content Manager 5.2.x before 5.2.0.3-P8CPE-IF003 and Content Foundation 5.2.x before 5.2.0.3-P8CPE-IF003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2014年09月15日 | 3.5 | CVE-2014-4763 XF |
| schneider-electric -- clearscada | Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2014年09月18日 | 3.5 | CVE-2014-5411 |
| yealink -- gigabit_color_ip_phone_sip-t32g | Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com. | 2014年09月17日 | 3.5 | CVE-2012-1417 XF BID OSVDB EXPLOIT-DB SECUNIA MISC BUGTRAQ |
This product is provided subject to this Notification and this Privacy & Use policy.
This email was sent to linux-security@xxxxxxxxxxx using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (703) 235-5110
Powered by GovDelivery
- Prev by Date: SB14-258: Vulnerability Summary for the Week of September 8, 2014
- Next by Date: TA14-268A: GNU Bourne Again Shell (Bash) ‘Shellshock’ Vulnerability (CVE-2014-6271,CVE-2014-7169)
- Previous by thread: SB14-258: Vulnerability Summary for the Week of September 8, 2014
- Next by thread: TA14-268A: GNU Bourne Again Shell (Bash) ‘Shellshock’ Vulnerability (CVE-2014-6271,CVE-2014-7169)
- Index(es):
[Index of Archives]
[Fedora Announce]
[Linux Crypto]
[Kernel]
[Netfilter]
[Bugtraq]
[USB]
[Fedora Security]
(追記) (追記ここまで)