Tagged: vulnerability

SB14-265: Vulnerability Summary for the Week of September 15, 2014 0

SB14-265: Vulnerability Summary for the Week of September 15, 2014

Original release date: September 22, 2014 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD , which contains historical vulnerability information

VU#730964: FortiNet FortiGate and FortiWiFi appliances contain multiple vulnerabilities 0

VU#730964: FortiNet FortiGate and FortiWiFi appliances contain multiple vulnerabilities

Vulnerability Note VU#730964 FortiNet FortiGate and FortiWiFi appliances contain multiple vulnerabilities Original Release date: 19 Sep 2014 | Last revised: 19 Sep 2014 Overview Fortinet FortiGate and FortiWiFi appliances are susceptible to man-in-the-middle attacks ( CWE-300 ) and a heap-based overflow vulnerability ( CWE-122 ). Description Fortinet FortiGate and FortiWiFi 4.00.6 and possibly earlier versions are susceptible to man-in-the-middle attacks ( CWE-300 ) and a heap-based overflow vulnerability ( CWE-122 )

Microsoft Patch Tuesday – September 2014, (Tue, Sep 9th) 0

Microsoft Patch Tuesday – September 2014, (Tue, Sep 9th)

Overview of the September 2014 Microsoft patches and their status. # Affected Contra Indications – KB Known Exploits Microsoft rating (**) ISC rating (*) clients servers MS14-052 Cumulative Security Update for Internet Explorer Microsoft Windows, Internet Explorer CVE-2013-7331 CVE-2014-2799 CVE-2014-4059 CVE-2014-4065 CVE-2014-4079 CVE-2014-4080 CVE-2014-4081 CVE-2014-4082 CVE-2014-4083 CVE-2014-4084 CVE-2014-4085 CVE-2014-4086 CVE-2014-4087 CVE-2014-4088 CVE-2014-4089 CVE-2014-4090 CVE-2014-4091 CVE-2014-4092 CVE-2014-4093 CVE-2014-4094 CVE-2014-4095 CVE-2014-4096 CVE-2014-4097 CVE-2014-4098 CVE-2014-4099 CVE-2014-4100 CVE-2014-4101 CVE-2014-4102 CVE-2014-4103 CVE-2014-4104 CVE-2014-4105 CVE-2014-4106 CVE-2014-4107 CVE-2014-4108 CVE-2014-4109 CVE-2014-4110 CVE-2014-4111 CVE-2013-7331 CVE-2014-2799 CVE-2014-4059 CVE-2014-4065 CVE-2014-4079 CVE-2014-4080 CVE-2014-4081 CVE-2014-4082 CVE-2014-4083 CVE-2014-4084 CVE-2014-4085 CVE-2014-4086 CVE-2014-4087 CVE-2014-4088 CVE-2014-4089 CVE-2014-4090 CVE-2014-4091 CVE-2014-4092 CVE-2014-4093 CVE-2014-4094 CVE-2014-4095 CVE-2014-4096 CVE-2014-4097 CVE-2014-4098 CVE-2014-4099 CVE-2014-4100 CVE-2014-4101 CVE-2014-4102 CVE-2014-4103 CVE-2014-4104 CVE-2014-4105 CVE-2014-4106 CVE-2014-4107 CVE-2014-4108 CVE-2014-4109 CVE-2014-4110 CVE-2014-4111 KB 2977629 Yes! Severity:Critical Exploitability: 1 Critical Important MS14-053 Vulnerability in .NET Framework Could Allow Denial of Service Microsoft Windows, Microsoft .NET Framework CVE-2014-4072 KB 2990931 No Severity:Important Exploitability: 1 Important Important MS14-054 Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege Microsoft Windows CVE-2014-4074 KB 2988948 No Severity:Important Exploitability: 1 Important Important MS14-055 Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service Microsoft Lync Server CVE-2014-4068 CVE-2014-4070 CVE-2014-4071 KB 2990928 No Severity:Important Exploitability: 1 Important Important We will update issues on this page for about a week or so as they evolve. We appreciate updates US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY (*): ISC rating We use 4 levels: PATCH NOW : Typically used where we see immediate danger of exploitation.

SB14-251: Vulnerability Summary for the Week of September 1, 2014 0

SB14-251: Vulnerability Summary for the Week of September 1, 2014

Original release date: September 08, 2014 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT).