Menu Close

CVE vulnerabilities for April – 2014

Here are the CVE vulnerablities for April 2014 so far.

CVE (Common Vulnerabilities and Exposure) vulnerability data are taken from National Vulnerability Database (NVD) xml feeds provided by National Institue of Standards and Technology.

 

The most interesting ones (there are 50 listed) in my opinion:

The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.

notice that if you have a Sophos Web Appliance,

Sophos_Secure-Web-Gateway

It is not like a regular computer with point and click or auto updates – unless it is configured like this.

(this is not a knock on Sophos, as things happen – even to OpenSSL and heartbleed, but one needs to fix this ASAP)

And as usual, unless there is a security culture, with a number of hours spent on security, a catastrophe will happen, and you are one step closer to headlines and financial ruin.

 

Leave a Reply