Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.”
Monthly Archives: November 2014
CVE-2014-6345
Microsoft Internet Explorer 9 and 10 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka “Internet Explorer Cross-domain Information Disclosure Vulnerability.”
CVE-2014-6350
Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka “Internet Explorer Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2014-6349.
CVE-2014-6351
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.”
CVE-2014-6353
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.”
Adobe Releases Security Updates for Flash Player
Original release date: November 11, 2014
Adobe has released security updates to address multiple vulnerabilities in Flash Player, one of which could potentially allow an attacker to take control of the affected system.
Users and administrators are encouraged to review Adobe Security Bulletin APSB 14-24 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Patches 18 Vulnerabilities in Flash
Adobe pushed out security updates for Flash Player this afternoon, addressing 18 different vulnerabilities, all critical, that could allow an attacker to take control of an affected system.
Website reveals 73,000 unprotected security cameras with default passwords
As we’ve reported before, users and businesses leaving their router username and passwords as the manufacturer’s default are potentially leaving themselves open to an easy hack, but a new website has sprung up illustrating the point in alarming detail.
The post Website reveals 73,000 unprotected security cameras with default passwords appeared first on We Live Security.
Ubuntu Security Notice USN-2404-1
Ubuntu Security Notice 2404-1 – Pavel Hrdina discovered that libvirt incorrectly handled locking when processing the virConnectListAllDomains command. An attacker could use this issue to cause libvirtd to hang, resulting in a denial of service. Eric Blake discovered that libvirt incorrectly handled permissions when processing the qemuDomainFormatXML command. An attacker with read-only privileges could possibly use this to gain access to certain information from the domain xml file. Various other issues were also addressed.
Ubuntu Security Notice USN-2403-1
Ubuntu Security Notice 2403-1 – Sean Burford discovered that GnuTLS incorrectly handled printing certain elliptic curve parameters. A malicious remote server or client could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code.