The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by their research department for the Week of June 9, 2014.
These vulnerabilities are based on the CVE vulnerability naming standard and are classified as per the severity, determined by the Common Vulnerability Scoring System (CVSS) standard.
Common vulnerabilities and their impact recorded by Cyber Security Bulletin are:
- Vulnerabilities in Adobe Flash Player if exploited can allow unauthorized disclosure of information, unauthorized modification of data and disruption of service by attackers.
Find out the vulnerable versions of Adobe Flash Player from here: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0535
- Vulnerabilities in Microsoft Internet Explorer 6 through 11 allow cyber-criminals to execute malicious code or cause a denial of service (memory corruption) via a crafted web site.
Find out the vulnerable versions of Microsoft Internet Explorer from here: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0282
- Vulnerabilities in the browser engine of Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote hackers to cause a denial of service (memory corruption and application crash) or possibly execute malicious code via unknown paths.
Find out the vulnerable versions of Mozilla Firefox from here: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1533
- Vulnerabilities in Cisco WebEx Meeting Server does not correctly restrict the content of reply messages that in turn allow remote attackers to obtain sensitive data via a crafted URL.
For details visit the following link: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3286
- Vulnerabilities in IBM Security AppScan Source 8.0 through 9.0 allow remote attackers to obtain sensitive information by sniffing the network. This happens when the publish-assessment authorization is not properly restricted for the configured database server.
Find out the vulnerable versions of IBM Security AppScan Source from here: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0936
- Cross-site scripting (XSS) vulnerability in MediaWiki allows cyber-criminals to inject malicious web script or HTML via an invalid username.
Find out the vulnerable versions of MediaWiki from here: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3966
There are many such vulnerable software ranked in the division of high, medium, and low severities.
To know more about these vulnerable software and the affected versions read the US-CERT Cyber Security Bulletin from here: https://www.us-cert.gov/ncas/bulletins/SB14-167
