Tagged: vulnerability

Microsoft Releases Advisory for Unpatched Windows Vulnerability 0

Microsoft Releases Advisory for Unpatched Windows Vulnerability

Original release date: October 22, 2014 Microsoft has released a security advisory to provide recommended mitigations for an unpatched vulnerability, ( CVE-2014-6352 ) which affects all Microsoft Windows releases except Windows Server 2003. This vulnerability could allow an attacker to take control of an affected system if a user opens a specially crafted Microsoft Office file

VU#577193: POODLE vulnerability in SSL 3.0 0

VU#577193: POODLE vulnerability in SSL 3.0

Vulnerability Note VU#577193 POODLE vulnerability in SSL 3.0 Original Release date: 17 Oct 2014 | Last revised: 17 Oct 2014 Overview Many modern TLS clients can fall back to version 3.0 of the SSL protocol, which is vulnerable to a padding-oracle attack when Cypher-block chaining (CBC) mode is used. This is commonly referred to as the “POODLE” (Padding Oracle On Downgraded Legacy Encryption) attack

Apple Releases Security Update 2014-005 0

Apple Releases Security Update 2014-005

Original release date: October 17, 2014 Apple has released Security Update 2014-005 to address vulnerabilities in SSL 3.0. US-CERT recommends users and administrators review Apple Security Update HT6531 for additional details

Drupal Releases Security Advisory 0

Drupal Releases Security Advisory

Original release date: October 17, 2014 Drupal has released a security advisory to address an application program interface (API) vulnerability ( CVE-2014-3704 ) that could allow an attacker to execute arbitrary SQL commands on an affected system. This vulnerability affects all Drupal core 7.x versions prior to 7.32. US-CERT advises users and administrators review Drupal’s Security Advisory and apply the necessary update or patch.