The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Cisco has released an advisory to address a vulnerability in the web server used in multiple Wireless Residential Gateway products that could allow an unauthenticated, remote attacker to crash the web server and execute arbitrary code with elevated privileges.
- Cisco products affected by this vulnerability include:
- Cisco DPC3212 VoIP Cable Modem
- Cisco DPC3825 8x4 DOCSIS 3.0 Wireless Residential Gateway
- Cisco EPC3212 VoIP Cable Modem
- Cisco EPC3825 8x4 DOCSIS 3.0 Wireless Residential Gateway
- Cisco Model DPC3010 DOCSIS 3.0 8x4 Cable Modem
- Cisco Model DPC3925 8x4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
- Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA
- Cisco Model EPC3010 DOCSIS 3.0 Cable Modem
- Cisco Model EPC3925 8x4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
Users and administrators are encouraged to review the Cisco Advisory and apply the necessary updates.
Oracle has released its Critical Patch Update for July 2014 to address 113 vulnerabilities across multiple products.
This update contains the following security fixes:
- 5 for Oracle Database Server
- 29 for Oracle Fusion Middleware
- 7 for Oracle Hyperion
- 1 for Oracle Enterprise Manager Grid Control
- 5 for the Oracle E-Business Suite
- 3 for Oracle Supply Chain Products Suite
- 5 for Oracle PeopleSoft Products
- 6 for Oracle Siebel CRM
- 1 for Oracle Communications Applications
- 3 for Oracle Retail Applications
- 20 for Oracle Java SE
- 3 for Oracle and Sun Systems Products Suite
- 15 for Oracle Virtualization
- 10 for Oracle MySQL
US-CERT encourages users and administrators to review the Oracle July 2014 Critical Patch Update and apply the necessary updates.
Microsoft has released a security advisory to address improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.
Users and administrators are encouraged to review Microsoft Security Advisory 2982792 and apply the necessary updates.