With the improvement in computer technology, new software and operating systems (OS) based on new technology has been evolved. However, new technologies can sometimes leave us open to attack. These software and operating systems (OS) sometimes are vulnerable to attacks that can in turn be harmful for our computer system.
The US-CERT Cyber Security Bulletin provides a summary of latest vulnerabilities that have been recorded by its research department for the Week of September 29, 2014
The National Institute of Standards and Technology (NIST) have found vulnerabilities that can make a system prone to malware attacks and unauthorized access.
Common vulnerabilities and their impact recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week are:
- GNU Bash vulnerability through 4.3 bash43-026 allows remote attackers to execute malicious code, steal sensitive data, cause a denial of service attack or even get complete access to a system. This vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169. Find out other vulnerable versions from here: http://1.usa.gov/1qgtB1H
- Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows cyber-criminals to get administrative privileges by leveraging access to an extreme Scale distributed ObjectGrid network. Find out the other vulnerable versions from here: http://1.usa.gov/1qgumYQ
- Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service. Find out other vulnerable versions from here: http://1.usa.gov/1vNz591
- SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable. Find out other vulnerable versions from here: http://1.usa.gov/1vNzicc
- Buffer overflow vulnerability in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows attackers to cause a denial of service attack or possibly execute malicious code. Find out other vulnerable versions from here: http://1.usa.gov/1sarIZZ
- Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Find out other vulnerable versions from here: http://1.usa.gov/1qgA5Oe
There are many such vulnerable software ranked in the division of high, medium, and low severities.
To know more about these vulnerable software and the affected versions read the US-CERT Cyber Security Bulletin from here: http://1.usa.gov/1se4Ed3