Software and Operating systems (OS) sometimes are vulnerable to attacks. These vulnerability can be extremely harmful for our computer system.
The US-CERT Cyber Security Bulletin provides a summary of latest vulnerabilities that have been recorded by its research department for the Week of October 13, 2014
The National Institute of Standards and Technology (NIST) have found vulnerabilities that can make a system prone to malware attacks and unauthorized access.
Common vulnerabilities and their impact recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week are:
- Vulnerability in the DNS inspection engine in Cisco ASA Software 9.0 before 9.0(4.13), 9.1 before 9.1(5.7), and 9.2 before 9.2(2) allows remote attackers to cause a denial of service attacks via crafted DNS packets. Find out other vulnerable versions from here: http://1.usa.gov/10gX7zB
- Microsoft Word file format vulnerability in Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document. Find out other vulnerable versions from here: http://1.usa.gov/1w0JQYY
- Internet Explorer’s memory corruption vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malicious web site. Find out other vulnerable versions from here: http://1.usa.gov/122jSrC
- Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Find out the other vulnerable versions from here: http://1.usa.gov/1t3LUNV
- Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.1.x and 7.2.x allows remote attackers to inject arbitrary web script or HTML via malicious URL. Find out other vulnerable versions from here: http://1.usa.gov/10gZgLL
- NET Framework Remote Code Execution Vulnerability in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted request to a .NET web application. Find out other vulnerable versions from here: http://1.usa.gov/1COUMrB
There are many such vulnerable software ranked in the division of high, medium, and low severities.
To know more about these vulnerable software and the affected versions read the US-CERT Cyber Security Bulletin from here: http://1.usa.gov/1t3MgE4