The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by their research department for the Week of July 7, 2014.
The National Institute of Standards and Technology (NIST) have recorded vulnerabilities labeled as high, medium and low according to their severity. These vulnerabilities are based on the CVE vulnerability naming standard.
Common vulnerabilities and their impact recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week are:
- Vulnerabilities in Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow hackers to bypass intended access restrictions via unspecified vectors. Find out the vulnerable versions of Adobe Flash Player from here: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0537
- Vulnerabilities in Microsoft Internet Explorer 6 through 11 also known as Internet Explorer Memory Corruption Vulnerability allow remote attackers to execute malicious code or cause a denial of service (memory corruption). Find out the vulnerable versions of Microsoft Internet Explorer 6 through 11 from here: https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2800
- Vulnerabilities in Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack it also allows unauthorized modification of data. Find out the vulnerable versions of Apache Syncope from here: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3503
- Vulnerabilities in IBM Flex System Manager (FSM) 1.1 through 1.3 before 1.3.2.0 lets cyber-criminals enumerate user accounts via unspecified vectors. It also allows unauthorized disclosure of information. Find out the vulnerable versions of IBM Flex System Manager (FSM) from here: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5423
- Vulnerabilities in Linux kernel before 3.15.4 on Intel processors allows unauthorized disclosure of information, unauthorized modification and also allows disruption of service.Find out the vulnerable versions of Linux kernel before 3.15.4 from here: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4699
There are many such vulnerable software ranked in the division of high, medium, and low severities.
To know more about these vulnerable software and the affected versions read the US-CERT Cyber Security Bulletin from here: https://www.us-cert.gov/ncas/bulletins/SB14-195
