Cybersecurity Framework for U.S. Critical Infrastructure

Critical infrastructure operators have been delivered a cybersecurity framework by the U.S. government that paints broad strokes as to how to defend IT and SCADA networks in some of the country’s most sensitive industries such as energy, water and financial services. NIST today announced the...

[SECURITY] Fedora 20 Update: icedtea-web-1.4.2-0.fc20

The IcedTea-Web project provides a Java web browser plugin, an implementati on of Java Web Start originally based on the Netx project and a settings too l to manage deployment settings for the aforementioned plugin and Web Start implementations...

Code injection

The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies...

CVE-2014-0815

The CVE-2014-0815 issue concerns Opera for Android versions before 18, where the browser’s URL/intent-scheme handling contains an interaction error that can disclose local data such as stored cookies. The affected component is Opera’s URL implementation, and exploitation would involve processing ...

CVE-2014-0815

The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies...

CVE-2014-1485

The Content Security Policy CSP implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient...

Design/Logic Flaw

The System Only Wrapper SOW implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involvi...

CVE-2014-1487

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages...

CVE-2014-1479

The System Only Wrapper SOW implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involvi...

[SECURITY] Fedora 19 Update: strongswan-5.1.1-4.fc19

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel...

CVE-2013-7313

The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement LSA packets before performing operations on the LSA database, which allows remote attackers to cause a denial o...

Design/Logic Flaw

The OSPF implementation on Brocade routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement LSA packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service routing disruption or obtain sensitiv...

CVE-2013-7314

Technical details about CVE-2013-7314 are not publicly available in the provided connected documents. Monitor for updates from vendor advisories and vulnerability databases to obtain affected products, impact, and remediation information.

CVE-2013-7310

The OSPF implementation on Yamaha routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement LSA packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service routing disruption or obtain sensitive...

CVE-2013-7310

The CVE-2013-7310 entry refers to Yamaha routers with an OSPF implementation that does not validate duplicate Link State ID values in LSA packets before updating the LSA database. This can enable remote attackers to cause a routing disruption (DoS) or to obtain sensitive packet information via a ...

CVE-2013-7306

CVE-2013-7306: OSPF LSA processing on Brocade routers does not guard against duplicate Link State IDs in LSAs before updating the database, enabling remote users to cause routing disruption (DoS) or glean sensitive packet data via a crafted LSA. This CVE is related to CVE-2013-0149 (OSPF LSA vali...

CVE-2013-7307

The CVE-2013-7307 family concerns OSPF implementations that fail to validate duplicate Link State ID values in LSA packets, leading to possible routing disruption or information disclosure. Connected records confirm concrete products/vendors affected by related CVEs in 2013-0149: Yamaha routers, ...

Moderate: Red Hat Security Advisory: openstack-keystone security and bug fix update

Updated openstack-keystone packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base scor...

WhatsApp Spam Campaing Leads to Banking Trojan

Spam emails promoting a non-existent PC version of the popular WhatsApp messaging service could be leading unsuspecting users to a malicious banking Trojan. The emails, written in Portuguese, trick the recipient into thinking they already have 11 pending friend invitations, according to Kaspersky...

CVE-2014-0665

The RBAC implementation in Cisco Identity Services Engine ISE Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, ak...