The US-CERT Cyber Security Bulletin provides a summary of latest vulnerabilities that have been recorded by its research department for the Week of September 15, 2014.
The National Institute of Standards and Technology (NIST) have recorded vulnerabilities, which are security weakness found in a program/software or operating system that can make a system prone to malware attacks and unauthorized access.
Common vulnerabilities and their impact recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week are:
- Cross-site scripting (XSS) vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows cyber-criminals to inject malicious/infected web script or HTML via a fake filename extension. Find out other vulnerable versions from here: https://1.usa.gov/1r3jpQh
- Vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute malicious code via unknown locations. Find out the vulnerable versions of Adobe Reader and Acrobat from here: https://1.usa.gov/1uCaHq3
- Vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service attack via vectors related to Mach ports. Find out other vulnerable versions from here: https://1.usa.gov/XSKcBI
- IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows cyber-criminals to execute malicious code or cause a denial of service attack. Find out other vulnerable versions from here: https://1.usa.gov/1rkDHnn
- Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths. This allows remote attackers to execute malicious code in an Office document (Microsoft Office). Find out other vulnerable versions from here: https://1.usa.gov/1wIQtwf
- SQL injection vulnerability in Wiki Server (CoreCollaboration) of Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows hackers to execute malicious SQL commands via unknown locations. Find out other vulnerable versions from here: https://1.usa.gov/XSKU23
There are many such vulnerable software ranked in the division of high, medium, and low severities.
To know more about these vulnerable software and the affected versions read the US-CERT Cyber Security Bulletin from here: https://1.usa.gov/1uCbDui