Rockwell Automation Connected Components Workbench (CCW) before 7.00.00 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an invalid property value to an ActiveX control that was built with an outdated compiler.
Monthly Archives: November 2014
CVE-2014-7246
The Core Server in OpenAM 9.5.3 through 9.5.5, 10.0.0 through 10.0.2, 10.1.0-Xpress, and 11.0.0 through 11.0.2, when deployed on a multi-server network, allows remote authenticated users to cause a denial of service (infinite loop) via a crafted cookie in a request.
CVE-2014-7878
The Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers’ installations, which allows remote attackers to execute arbitrary code by leveraging these keys for a connection.
CVE-2014-7991
The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376.
RHSA-2014:1852-1: Critical: flash-plugin security update
Red Hat Enterprise Linux: An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8437, CVE-2014-8438, CVE-2014-8440, CVE-2014-8441
RHBA-2014:1856-1: OpenShift Enterprise 2.1 openshift-enterprise-yum-validator bug fix update
Red Hat Enterprise Linux: Updated packages that fix a bug, including an updated
openshift-enterprise-yum-validator package, are now available for Red Hat
OpenShift Enterprise 2.1.
RHBA-2014:1855-1: OpenShift Enterprise 2.2 openshift-enterprise-yum-validator bug fix update
Red Hat Enterprise Linux: Updated packages that fix a bug, including an updated
openshift-enterprise-yum-validator package, are now available for Red Hat
OpenShift Enterprise 2.2.
RHBA-2014:1854-1: openssh bug fix update
Red Hat Enterprise Linux: Updated openssh packages that fix one bug are now available for Red Hat
Enterprise Linux 6.
RHBA-2014:1853-1: Red Hat Storage 2.1 enhancement and bug fix update #5
Red Hat Enterprise Linux: Updated glusterfs, gluster-nfs, glusterfs-fuse, glusterfs-geo-replication, and
redhat-storage-server packages that fix multiple bugs are now
available for use with the Red Hat Storage Server 2.1.