The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by their research department for the Week of August 25, 2014.
The National Institute of Standards and Technology (NIST) have recorded vulnerabilities, which are security weakness found in a program or operating system that can make a system susceptible to malware attacks.
Common vulnerabilities and their impact recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week are:
- Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Find out the vulnerable versions of Google Chrome from here: https://goo.gl/IkhqIK
- Unspecified vulnerability in the HP Service Manager (SM) server 7.21 and 9.x before 9.34 allows hackers to bypass intended access restrictions, and modify data or cause a denial of service. Find out other vulnerable versions from here: https://goo.gl/Ad8Nyr
- Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges through unknown locations. Find out other vulnerable versions from here: https://goo.gl/57uOWT
- SQL injection vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Find out other vulnerable versions from here: https://goo.gl/FL9mti
- Cross-site scripting (XSS) vulnerability in IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Find out other vulnerable versions from here: https://goo.gl/MLqCg1
- MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it simpler for remote attackers to conduct clickjacking attacks via a crafted web site. Find out other vulnerable versions from here: https://goo.gl/v8RZFS
There are many such vulnerable software ranked in the division of high, medium, and low severities.
