The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by their research department for the Week of July 14, 2014.
The National Institute of Standards and Technology (NIST) have recorded vulnerabilities, which are security weakness found in a program or operating system that can make a system susceptible to malware attacks.
Common vulnerabilities and their impact recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week are:
- Vulnerabilities in the web server on few Cisco Wireless Residential Gateway products allow hackers to execute malicious code via a crafted HTTP request. Find out the vulnerable versions of Cisco products here: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3306
- Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote authenticated users to gain privileges via unknown location. Find out its vulnerable versions from here: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2606
- Vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows cyber-criminal to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Find out its vulnerable versions from here: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2483
- Vulnerabilities in in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) 10.1 before 10.1-126.12 allows attackers to inject malicious web script or HTML via unspecified locations. Find out its vulnerable versions from here: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4346
- Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute uninformed SQL commands, which will therefore allow unauthorized disclosure of information, unauthorized modification and disruption of service. Find out its vulnerable versions from here: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4977
- Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows hackers to inject arbitrary web script or HTML via a crafted URL. Find out its vulnerable versions from here: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0957
There are many such vulnerable software ranked in the division of high, medium, and low severities.
To know more about these vulnerable software and the affected versions read the US-CERT Cyber Security Bulletin from here: https://www.us-cert.gov/ncas/bulletins/SB14-202
