Security Alerts
1. Vulnerability in blkid
(98993)
[28/11/2014]
Vulnerability was identified in the blkid. An
attacker could bypass security restrictions and execute arbitrary code on the
system. The affected version was not
specified.
URL:xforce.iss.net/xforce/xfdb/98993
2. Vulnerability in Canto
(98947)
[28/11/2014]
Vulnerability was identified in the Canto. An
attacker could bypass security restrictions and execute arbitrary code on the
system. This vulnerability affects versions prior to 0.9.0 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/98947
3. Vulnerability in GNU Project Patch
(98992)
[28/11/2014]
Vulnerability was identified in the GNU Project
Patch. An attacker could bypass security restrictions and execute arbitrary code
on the system. The affected version was not
specified.
URL:xforce.iss.net/xforce/xfdb/98992
4. Vulnerability in Icecast
(98991)
[28/11/2014]
Vulnerability was identified in the Icecast. An
attacker could bypass security restrictions and gain elevated privileges on the
system. This vulnerability affects versions prior to 2.4.0 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/98991
5. Vulnerability in MantisBT
(98987)
[28/11/2014]
Vulnerability was identified in the MantisBT. An
attacker could bypass security restrictions, execute arbitrary code and perform
SQL injection attacks. This vulnerability affects versions prior to 1.2.18 of
the mentioned product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/98987
6. Vulnerability in Mutt
(98989)
[28/11/2014]
Vulnerability was identified in the Mutt. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. This vulnerability affects
version 1.5.23 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/98989
7. Security Updates in Debian
(DSA-3078-1)
[28/11/2014] Debian has
released security update packages for fixing the vulnerability identified in the
libksba package for multiple versions of Debian GNU/Linux. An attacker could
bypass security restrictions, execute arbitrary code, cause a denial of service
condition and crash the
application.
URL:www.debian.org/security/2014/dsa-3078
8. Security Updates in Mandriva (MDVSA-2014:230,
MDVSA-2014:231, MDVSA-2014:232, MDVSA-2014:233)
[28/11/2014] Mandriva has released security update packages for fixing the
vulnerabilities identified in the kernel, icecast, glibc and wordpress packages
for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker
could bypass security restrictions, gain elevated privileges, obtain sensitive
information, execute arbitrary code, perform cross-site scripting attacks, cause
a denial of service condition and crash the
application.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A230/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A231/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A232/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A233/
9. Security Updates in SUSE
(openSUSE-SU-2014:1508-1)
[28/11/2014] SUSE has
released security update packages for fixing the vulnerability identified in the
flashplayer package of openSUSE Evergreen 11.4. An attacker could bypass
security restrictions and execute arbitrary code on the
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00020.html
10.
Security Updates in Ubuntu GNU/Linux
(USN-2425-1, USN-2426-1, USN-2427-1)
[28/11/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the dbus, flac and libksba packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS
and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass
security restrictions, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2425-1/
URL:www.ubuntu.com/usn/usn-2426-1/
URL:www.ubuntu.com/usn/usn-2427-1/
11.
Vulnerability in Cisco Adaptive Security
Appliance (ASA) Software
[27/11/2014] Vulnerability was identified in the Cisco Adaptive Security
Appliance (ASA) Software. An attacker could bypass security restrictions and a
cause a denial of service condition. This vulnerability affects multiple
firmware versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3407
12.
Vulnerability in GNU Libksba
(98935)
[27/11/2014]
Vulnerability was identified in the GNU Libksba.
An attacker could bypass security restrictions, cause a denial of service
condition and crash the system. This vulnerability affects versions prior to
1.3.2 of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/98935
13.
Vulnerability in libFLAC
(98938)
[27/11/2014]
Vulnerability was identified in the libFLAC
library. An attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the system. This vulnerability
affects versions prior to 1.3.0 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/98938
14.
Vulnerabilities in multiple plugins for
WordPress (98940, 98941, 98943, 98944, 98945)
[27/11/2014] Vulnerabilities were identified in the ThemePunch Slider
Revolution Responsive, ThemePunch Showbiz Pro Responsive Teaser, DukaPress,
Google Doc Embedder and wpDataTables Plugins for WordPress. An attacker could
bypass security restrictions, obtain sensitive information, execute arbitrary
code and perform SQL injection attacks. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
the vulnerabilities of the ThemePunch Slider Revolution Responsive, DukaPress
and Google Doc Embedder
Plugins.
URL:xforce.iss.net/xforce/xfdb/98940
URL:xforce.iss.net/xforce/xfdb/98941
URL:xforce.iss.net/xforce/xfdb/98943
URL:xforce.iss.net/xforce/xfdb/98944
URL:xforce.iss.net/xforce/xfdb/98945
15.
Security Updates in Oracle Linux
(ELSA-2014-1911, ELSA-2014-1912)
[27/11/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the ruby package for Oracle Linux 6 and 7. Due to multiple errors, an attacker
could bypass security restrictions, cause a denial of service condition and
crash the
system.
URL:linux.oracle.com/errata/ELSA-2014-1911.html
URL:linux.oracle.com/errata/ELSA-2014-1912.html
16.
Security Updates in Debian (DSA-3076-1,
DSA-3077-1)
[27/11/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the wireshark and openjdk-6 packages for multiple versions of Debian GNU/Linux.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
application.
URL:www.debian.org/security/2014/dsa-3076
URL:www.debian.org/security/2014/dsa-3077
17.
Security Updates in Mageia
(MGASA-2014-0486, MGASA-2014-0487, MGASA-2014-0488, MGASA-2014-0489,
MGASA-2014-0490, MGASA-2014-0491, MGASA-2014-0492, MGASA-2014-0493,
MGASA-2014-0494, MGASA-2014-0495, MGASA-2014-0496, MGASA-2014-0497,
MGASA-2014-0498)
[27/11/2014] Mageia has
released security update packages for fixing the vulnerabilities identified in
the perl-Plack, clamav, ruby-httpclient, asterisk, avidemux, drupal, wordpress,
icecast, phpmyadmin, glibc, flash-player-plugin and libksba packages for
multiple versions of Mageia. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, execute arbitrary code,
perform cross-site scripting attacks, cause a denial of service condition and
crash the
system.
URL:advisories.mageia.org/MGASA-2014-0486.html
URL:advisories.mageia.org/MGASA-2014-0487.html
URL:advisories.mageia.org/MGASA-2014-0488.html
URL:advisories.mageia.org/MGASA-2014-0489.html
URL:advisories.mageia.org/MGASA-2014-0490.html
URL:advisories.mageia.org/MGASA-2014-0491.html
URL:advisories.mageia.org/MGASA-2014-0492.html
URL:advisories.mageia.org/MGASA-2014-0493.html
URL:advisories.mageia.org/MGASA-2014-0494.html
URL:advisories.mageia.org/MGASA-2014-0495.html
URL:advisories.mageia.org/MGASA-2014-0496.html
URL:advisories.mageia.org/MGASA-2014-0497.html
URL:advisories.mageia.org/MGASA-2014-0498.html
18.
Security Updates in Mandriva
(MDVSA-2014:228, MDVSA-2014:229)
[27/11/2014] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the phpmyadmin and libvncserver packages for version MBS1 of Mandriva
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, perform
cross-site scripting attacks, cause a denial of service condition and crash the
application.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A228/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A229/
19.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1911-1, RHSA-2014:1912-1, RHSA-2014:1913-1, RHSA-2014:1914-1,
RHSA-2014:1915-1)
[27/11/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the ruby, ruby193-ruby, ruby200-ruby and Adobe Flash Player packages for Red
Hat Software Collections 1 and Red Hat Enterprise Linux 5, 6 and 7. Due to
multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the
application.
URL:rhn.redhat.com/errata/RHSA-2014-1911.html
URL:rhn.redhat.com/errata/RHSA-2014-1912.html
URL:rhn.redhat.com/errata/RHSA-2014-1913.html
URL:rhn.redhat.com/errata/RHSA-2014-1914.html
URL:rhn.redhat.com/errata/RHSA-2014-1915.html
20.
Security Updates in Ubuntu GNU/Linux
(USN-2423-1)
[27/11/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the ClamAV package for versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:www.ubuntu.com/usn/usn-2423-1/
21. Vulnerabilities in Adobe Flash Player
(APSB14-26)
[26/11/2014] Vulnerabilities were identified in the Adobe Flash Player. An
attacker could bypass security restrictions, executive arbitrary code, obtain
sensitive information, gain elevated privileges, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple versions
of the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:helpx.adobe.com/security/products/flash-player/apsb14-26.html
URL:technet.microsoft.com/en-us/library/security/2755801
URL:www.hkcert.org/my_url/en/alert/14112601
URL:www.us-cert.gov/ncas/current-activity/2014/11/25/Adobe-Releases-Security-Updates-Flash-Player
URL:xforce.iss.net/xforce/xfdb/98932
22.
Vulnerability in Cisco IOS XR
Software
[26/11/2014]
Vulnerability was identified in the Cisco IOS XR
Software. An attacker could bypass security restrictions and cause a denial of
service condition. This vulnerability affects multiple firmware versions of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8005
23.
Vulnerability in TP-Link TL-WR740N Router
(98927)
[26/11/2014]
Vulnerability was identified in the TP-Link
TL-WR740N Router. An attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the system. This
vulnerability affects multiple firmware versions of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/98927
24.
Vulnerabilities in Linux Kernel (98918,
98919, 98920)
[26/11/2014] Vulnerabilities were identified in the Linux Kernel. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. These vulnerabilities affect
multiple versions of the mentioned product. Security patches are available to
resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/98918
URL:xforce.iss.net/xforce/xfdb/98919
URL:xforce.iss.net/xforce/xfdb/98920
25.
Vulnerability in RobotStats
(98915)
[26/11/2014]
Vulnerability was identified in the RobotStats.
An attacker could bypass security restrictions, execute arbitrary code and
perform SQL injection attacks. This vulnerability affects version 1.0 of the
mentioned
product.
URL:xforce.iss.net/xforce/xfdb/98915
26.
Security Updates in Mageia
(MGASA-2014-0484, MGASA-2014-0485)
[26/11/2014] Mageia has
released security update packages for fixing the vulnerabilities identified in
the graphicsmagick and chromium-browser-stable packages for multiple versions of
Mageia. Due to multiple errors, an attacker could bypass security restrictions,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:advisories.mageia.org/MGASA-2014-0484.html
URL:advisories.mageia.org/MGASA-2014-0485.html
27.
Security Updates in Mandriva
(MDVSA-2014:225, MDVSA-2014:226, MDVSA-2014:227)
[26/11/2014] Mandriva has released security update packages for fixing the
vulnerabilities identified in the ruby, imagemagick and ffmpeg packages for
version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could
bypass security restrictions, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A225/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A226/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A227/
28.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1906-1)
[26/11/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the Red Hat OpenShift Enterprise 2. Due to multiple errors, an attacker could
bypass security restrictions, execute arbitrary code, cause a denial of service
condition and crash the
application.
URL:rhn.redhat.com/errata/RHSA-2014-1906.html
29.
Security Updates in Ubuntu GNU/Linux
(USN-2415-1, USN-2416-1, USN-2417-1, USN-2418-1 ,USN-2419-1, USN-2420-1,
USN-2421-1, USN-2422-1)
[26/11/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the linux, linux-ec2, linux-ti-omap4, linux-lts-trusty and squid3 packages for
versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2415-1/
URL:www.ubuntu.com/usn/usn-2416-1/
URL:www.ubuntu.com/usn/usn-2417-1/
URL:www.ubuntu.com/usn/usn-2418-1/
URL:www.ubuntu.com/usn/usn-2419-1/
URL:www.ubuntu.com/usn/usn-2420-1/
URL:www.ubuntu.com/usn/usn-2421-1/
URL:www.ubuntu.com/usn/usn-2422-1/
30.
Vulnerability in Cisco IOS XR
Software
[25/11/2014]
Vulnerability was identified in the Cisco IOS XR
Software. An attacker could bypass security restrictions and a cause a denial of
service condition. This vulnerability affects multiple firmware versions of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8004
31.
Vulnerabilities in Novell Products
(5195642, 5195690, 5195691, 5195692)
[25/11/2014] Vulnerabilities were identified in the Novell GroupWise and
Novell GroupWise Mobility Service. An attacker could bypass security
restrictions, obtain sensitive information and execute arbitrary code. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=2XOEfWyu-R4~
URL:download.novell.com/Download?buildid=7Oi1UsDsieQ~
URL:download.novell.com/Download?buildid=adVNltsFnxU~
URL:download.novell.com/Download?buildid=XoayGryMK9M~
32.
Vulnerability in Dell SonicWALL Global
Management System (98911)
[25/11/2014] Vulnerability was identified in the Dell SonicWALL Global
Management System. An attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code and compromise the system. This vulnerability
affects version 7.2 of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/98911
33.
Vulnerability in ClamAV
(98882)
[25/11/2014]
Vulnerability was identified in the ClamAV. An
attacker could bypass security restrictions, execute arbitrary code and cause a
denial of service condition. This vulnerability affects versions prior to 0.98.5
of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:www.clamav.net/download.html
URL:xforce.iss.net/xforce/xfdb/98882
34.
Vulnerability in
FreeBSD
[25/11/2014]
Vulnerability was identified in FreeBSD. An
attacker could bypass security restrictions and cause a denial of service
condition. This vulnerability affects version 5.4 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:www.freebsd.org/releases/10.1R/relnotes.html
URL:xforce.iss.net/xforce/xfdb/98883
35.
Vulnerability in Privacyware
Privatefirewall (98910)
[25/11/2014] Vulnerability was identified in the Privacyware
Privatefirewall. An attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code and compromise the system. This vulnerability
affects version 7.0.30.3 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/98910
36.
Security Updates in Oracle Linux
(ELSA-2014-1893)
[25/11/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the libXfont package for Oracle Linux 5. Due to multiple errors, an attacker
could bypass security restrictions, cause a denial of service condition and
crash the
system.
URL:linux.oracle.com/errata/ELSA-2014-1893.html
37.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1893-1, RHSA-2014:1894-1)
[25/11/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the libXfont and chromium-browser packages for Red Hat Enterprise Linux 5 and
6 Supplementary. Due to multiple errors, an attacker could bypass security
restrictions, gain elevated privileges, execute arbitrary code, perform phishing
attacks, cause a denial of service condition and crash the
application.
URL:rhn.redhat.com/errata/RHSA-2014-1893.html
URL:rhn.redhat.com/errata/RHSA-2014-1894.html
38.
Security Updates in SUSE
(SUSE-SU-2014:1458-3)
[25/11/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the MozillaFirefox package of SUSE Linux Enterprise 10. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00019.html
39.
Security Updates in Ubuntu GNU/Linux
(USN-2414-1)
[25/11/2014] Ubuntu has
released security update packages for fixing the vulnerability identified in the
kde-runtime packages for version 12.04 LTS of Ubuntu GNU/Linux. An attacker
could bypass security restrictions and execute arbitrary
code.
URL:www.ubuntu.com/usn/usn-2414-1/
40. Vulnerability in Huawei HiLink Products
(Huawei-SA-20140806-01-HiLink)
[24/11/2014] Vulnerability was identified in Huawei E3276, E3236,
E5180s-22 and E586Bs-2. An attacker could bypass security restrictions, execute
arbitrary code and perform cross-site request forgery attacks. This
vulnerability affects multiple firmware versions of the mentioned products.
Security patches are available to resolve this
vulnerability.
URL:huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-360246.htm
URL:xforce.iss.net/xforce/xfdb/98858
41.
Vulnerabilities in Asterisk
(AST-2014-012, AST-2014-013, AST-2014-014, AST-2014-015, AST-2014-016,
AST-2014-017, AST-2014-018)
[24/11/2014] Vulnerabilities were identified in the Asterisk. An attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the system. These vulnerabilities affect multiple versions of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:downloads.asterisk.org/pub/security/AST-2014-012.html
URL:downloads.asterisk.org/pub/security/AST-2014-013.html
URL:downloads.asterisk.org/pub/security/AST-2014-014.html
URL:downloads.asterisk.org/pub/security/AST-2014-015.html
URL:downloads.asterisk.org/pub/security/AST-2014-016.html
URL:downloads.asterisk.org/pub/security/AST-2014-017.html
URL:downloads.asterisk.org/pub/security/AST-2014-018.html
URL:xforce.iss.net/xforce/xfdb/98863
URL:xforce.iss.net/xforce/xfdb/98864
42.
Vulnerability in PCRE
(98854)
[24/11/2014]
Vulnerability was identified in the PCRE. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition. This vulnerability affects version 8.36 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/98854
43.
Vulnerabilities in
WordPress
[24/11/2014]
Vulnerabilities were identified in the
WordPress. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
versions prior to 4.0.1 of the mentioned product. Security patches are available
to resolve these
vulnerabilities.
URL:wordpress.org/news/2014/11/wordpress-4-0-1/
URL:www.us-cert.gov/ncas/current-activity/2014/11/21/WordPress-Releases-Security-Update
44.
Security Updates in Oracle
Solaris
[24/11/2014]
Oracle has released security update packages for
fixing the vulnerabilities identified in the XPDF, Common Unix Printing System
(CUPS), Facter, Sendmail, Perl, OpenStack Neutron, OpenStack keystonemiddleware,
Python, GNU patch utility, GnuTLS, OpenStack Compute (Nova) and Wireshark
packages for Oracle Solaris 10, 11.1 and 11.2. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:blogs.oracle.com/sunsecurity/entry/cve_2012_2142_arbitrary_code
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_2856_cross_site
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3248_untrusted_search
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_3956_information_disclosure
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_4330_buffer_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_6414_unauthenticated_access
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_7144_cryptographic_issues
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_7185_integer_overflow
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_gnu_patch
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_gnutls
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_nova
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark11
45.
Security Updates in Gentoo Linux (GLSA
201411-06, GLSA 201411-07, GLSA 201411-08, GLSA 201411-09, GLSA
201411-10)
[24/11/2014]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the Adobe Flash Player, Openswan,
Aircrack-ng, Ansible and Asterisk packages for multiple versions of Gentoo
Linux. Due to multiple errors, an attacker could bypass security restrictions,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:www.gentoo.org/security/en/glsa/glsa-201411-06.xml
URL:www.gentoo.org/security/en/glsa/glsa-201411-07.xml
URL:www.gentoo.org/security/en/glsa/glsa-201411-08.xml
URL:www.gentoo.org/security/en/glsa/glsa-201411-09.xml
URL:www.gentoo.org/security/en/glsa/glsa-201411-10.xml
46.
Security Updates in Mandriva
(MDVSA-2014:218, MDVSA-2014:219, MDVSA-2014:200, MDVSA-2014:221, MDVSA-2014:222,
MDVSA-2014:223, MDVSA-2014:224)
[24/11/2014] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the asterisk, srtp, qemu, php-smarty, libvirt, wireshark and krb5 packages
for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A218/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A219/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A220/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A221/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A222/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A223/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A224/
47.
Security Updates in Mageia
(MGASA-2014-0460, MGASA-2014-0461, MGASA-2014-0462, MGASA-2014-0463,
MGASA-2014-0464, MGASA-2014-0465, MGASA-2014-0466, MGASA-2014-0467,
MGASA-2014-0468, MGASA-2014-0469, MGASA-2014-0470, MGASA-2014-0471,
MGASA-2014-0472, MGASA-2014-0473, MGASA-2014-0474, MGASA-2014-0475,
MGASA-2014-0476, MGASA-2014-0477, MGASA-2014-0478, MGASA-2014-0479,
MGASA-2014-0480, MGASA-2014-0481, MGASA-2014-0482,
MGASA-2014-0483)
[24/11/2014] Mageia has
released security update packages for fixing the vulnerabilities identified in
the boinc-client, hawtjni, python-djblets, privoxy, ffmpeg, srtp, kdenetwork4,
qemu, usbredir, php-smarty, libvirt, wireshark, ruby, kernel,
kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox,
kmod-xtables-addons, kmod-broadcom-wl, kmod-fglrx, kmod-nvidia173,
kmod-nvidia304, kmod-nvidia-current, python-pillow, python-imaging, krb5,
kdebase4-runtime, kwebkitpart, kernel-vserver, kdebase4-workspace, polarssl,
imagemagick and moodle packages for multiple versions of Mageia. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2014-0460.html
URL:advisories.mageia.org/MGASA-2014-0461.html
URL:advisories.mageia.org/MGASA-2014-0462.html
URL:advisories.mageia.org/MGASA-2014-0463.html
URL:advisories.mageia.org/MGASA-2014-0464.html
URL:advisories.mageia.org/MGASA-2014-0465.html
URL:advisories.mageia.org/MGASA-2014-0466.html
URL:advisories.mageia.org/MGASA-2014-0467.html
URL:advisories.mageia.org/MGASA-2014-0468.html
URL:advisories.mageia.org/MGASA-2014-0469.html
URL:advisories.mageia.org/MGASA-2014-0470.html
URL:advisories.mageia.org/MGASA-2014-0471.html
URL:advisories.mageia.org/MGASA-2014-0472.html
URL:advisories.mageia.org/MGASA-2014-0473.html
URL:advisories.mageia.org/MGASA-2014-0474.html
URL:advisories.mageia.org/MGASA-2014-0475.html
URL:advisories.mageia.org/MGASA-2014-0476.html
URL:advisories.mageia.org/MGASA-2014-0477.html
URL:advisories.mageia.org/MGASA-2014-0478.html
URL:advisories.mageia.org/MGASA-2014-0479.html
URL:advisories.mageia.org/MGASA-2014-0480.html
URL:advisories.mageia.org/MGASA-2014-0481.html
URL:advisories.mageia.org/MGASA-2014-0482.html
URL:advisories.mageia.org/MGASA-2014-0483.html
48.
Security Updates in SUSE
(SUSE-SU-2014:1458-2)
[24/11/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the MozillaFirefox package of SUSE Linux Enterprise 11. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00018.html
Source(s)
of above information:
Sunday, November 30, 2014
Monday, November 24, 2014
IT Security Alerts Weekly Digest (16 Nov ~ 22 Nov 2014)
1. Vulnerabilities in IBM Products (1687740, 1690342,
1690823)
[21/11/2014] Vulnerabilities were identified in the IBM Java SDK shipped with IBM WebSphere Application Server, IBM Domino server and IBM Security Network Protection. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21687740
URL:www.ibm.com/support/docview.wss?uid=swg21690342
URL:www.ibm.com/support/docview.wss?uid=swg21690823
URL:xforce.iss.net/xforce/xfdb/98519
2. Vulnerability in Trend Micro OfficeScan
[21/11/2014] Vulnerability was identified in Trend Micro(TM) OfficeScan 10.6. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the application. This vulnerability affects versions prior to Service Pack (SP) 3 Patch 1 of the mentioned products. Security patches are available to resolve this vulnerability.
URL:files.trendmicro.com/documentation/guides/osce/osce_106_sp3_patch1_win_en_criticalpatch_5712_Readme.txt
URL:files.trendmicro.com/documentation/guides/osce/OSCE%2010.6%20SP3%20Smart%20Scan%20Enhancement%20Critical%20Patch%20FAQ.pdf
3. Vulnerability in Faronics Deep Freeze (98812)
[21/11/2014] Vulnerability was identified in Faronics Deep Freeze. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. This vulnerability affects version 8.10 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/98812
4. Vulnerabilities in Drupal (SA-CORE-2014-006)
[21/11/2014] Vulnerabilities were identified in the Drupal. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the application. These vulnerabilities affect versions prior to 6.34 for Drupal core 6.x and versions prior to 7.34 for Drupal core 7.x of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.drupal.org/SA-CORE-2014-006
URL:www.us-cert.gov/ncas/current-activity/2014/11/20/Drupal-Releases-Security-Advisory
5. Vulnerability in GNU C Library (98852)
[21/11/2014] Vulnerability was identified in the GNU C Library (glibc). An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/98852
6. Vulnerability in Icecast (98850)
[21/11/2014] Vulnerability was identified in the Icecast. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects versions prior to 2.4.1 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/98850
7. Vulnerability in Lsyncd (98806)
[21/11/2014] Vulnerability was identified in the Lsyncd. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects version 2.0.7-3 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/98806
8. Vulnerability in Paid Memberships Pro plugin for WordPress (98805)
[21/11/2014] Vulnerability was identified in the Paid Memberships Pro plugin for WordPress. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code on the system. This vulnerability affects versions prior to 1.7.15 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/98805
9. Vulnerability in Xen (XSA-113)
[21/11/2014] Vulnerability was identified in the Xen. An attacker could bypass security restrictions, cause a denial of service condition and crash the application. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xenbits.xen.org/xsa/advisory-113.html
URL:xforce.iss.net/xforce/xfdb/98853
10. Security Updates in Oracle Products (ELSA-2014-1885, ELSA-2014-3092, ELSA-2014-3093, ELSA-2014-3094)
[21/11/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the Kerberos and NSS packages for Oracle Solaris 8, 9, 10 and 11.2, libxml2 and bash packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_4345_numeric_errors
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_nss
URL:linux.oracle.com/errata/ELSA-2014-1885.html
URL:linux.oracle.com/errata/ELSA-2014-3092.html
URL:linux.oracle.com/errata/ELSA-2014-3093.html
URL:linux.oracle.com/errata/ELSA-2014-3094.html
11. Security Updates in Debian (DSA-3075-1)
[21/11/2014] Debian has released security update packages for fixing the vulnerabilities identified in the drupal7 package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.debian.org/security/2014/dsa-3075
12. Security Updates in Mandriva (MDVSA-2014:216, MDVSA-2014:217)
[21/11/2014] Mandriva has released security update packages for fixing the vulnerabilities identified in the php-ZendFramework and clamav packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A216/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A217/
13. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1880-1, RHSA-2014:1881-1, RHSA-2014:1882-1, RHSA-2014:1885-1)
[21/11/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the java-1.5.0-ibm, java-1.7.0-ibm, java-1.7.1-ibm and libxml2 packages for Red Hat Enterprise Linux 5 , 6 and 7 Supplementary. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.
URL:rhn.redhat.com/errata/RHSA-2014-1880.html
URL:rhn.redhat.com/errata/RHSA-2014-1881.html
URL:rhn.redhat.com/errata/RHSA-2014-1882.html
URL:rhn.redhat.com/errata/RHSA-2014-1885.html
14. Security Updates in Ubuntu GNU/Linux (USN-2412-1, USN-2413-1)
[21/11/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the ruby1.8, ruby1.9.1, ruby2.0, ruby2.1 and apparmor packages for versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the application.
URL:www.ubuntu.com/usn/usn-2412-1/
URL:www.ubuntu.com/usn/usn-2413-1/
15. Vulnerabilities in Apple OS X (HT204017, HT6591)
[20/11/2014] Vulnerabilities were identified in the Apple OS X Yosemite. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect versions prior to v10.10.1 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-us/HT204017
URL:support.apple.com/en-us/HT6591
16. Vulnerability in KNOX component of Samsung Galaxy firmware (98780)
[20/11/2014] Vulnerability was identified in KNOX component of Samsung Galaxy firmware. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. This vulnerability affects Samsung Galaxy Ace 4, Samsung Galaxy Note 3, Samsung Galaxy S4 and Samsung Galaxy S5.
URL:xforce.iss.net/xforce/xfdb/98780
17. Vulnerabilities in Google Products
[20/11/2014] Vulnerabilities were identified in the Google Android and Google Chrome. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise an affected system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.hk/2014/11/stable-channel-update_18.html
URL:www.hkcert.org/my_url/en/alert/14112001
URL:www.us-cert.gov/ncas/current-activity/2014/11/19/Google-Releases-Security-Update-Chrome
URL:xforce.iss.net/xforce/xfdb/98790
URL:xforce.iss.net/xforce/xfdb/98801
18. Security Updates in Debian (DSA-3073-1)
[20/11/2014] Debian has released security update packages for fixing the vulnerability identified in the php5 package for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, cause a denial of service condition and crash the application.
URL:www.debian.org/security/2014/dsa-3074
19. Security Updates in Mandriva (MDVSA-2014:215)
[20/11/2014] Mandriva has released security update packages for fixing the vulnerability identified in the gnutls package for version MBS1 of Mandriva GNU/Linux. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A215/
20. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1876-1, RHSA-2014:1877-1)
[20/11/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the java-1.6.0-ibm and java-1.7.0-ibm packages for Red Hat Enterprise Linux 5 and 6 Supplementary. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.
URL:rhn.redhat.com/errata/RHSA-2014-1876.html
URL:rhn.redhat.com/errata/RHSA-2014-1877.html
21. Security Updates in SUSE (SUSE-SU-2014:1458-1)
[20/11/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the MozillaFirefox package of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00017.html
22. Security Updates in Ubuntu GNU/Linux (USN-2410-1)
[20/11/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the oxide-qt package for versions 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.ubuntu.com/usn/usn-2410-1/
23. Vulnerability in Microsoft Windows (3011780)
[19/11/2014] Vulnerability was identified in the Microsoft Windows. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. This vulnerability affects multiple versions of the mentioned product. Security patches and updates are available to resolve this vulnerability.
URL:technet.microsoft.com/library/security/MS14-068
URL:www.hkcert.org/my_url/en/alert/14111901
URL:www.kb.cert.org/vuls/id/213119
URL:www.us-cert.gov/ncas/current-activity/2014/11/18/Microsoft-Releases-Patch-MS14-068-Vulnerability
URL:xforce.iss.net/xforce/xfdb/98380
24. Vulnerabilities in Cisco Products
[19/11/2014] Vulnerabilities were identified in the Cisco Unified Computing System (Management software) and Cisco Unified Communications Manager IM and Presence Service. An attacker could bypass security restrictions, gain elevated privileges and perform cross-site request forgery attacks. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7996
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8000
URL:xforce.iss.net/xforce/xfdb/98769
25. Vulnerabilities in Check Point Security Gateway (sk100431, sk100505, sk98935)
[19/11/2014] Vulnerabilities were identified in the Check Point Security Gateway. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100431
URL:supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100505
URL:supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98935
URL:xforce.iss.net/xforce/xfdb/98761
URL:xforce.iss.net/xforce/xfdb/98762
URL:xforce.iss.net/xforce/xfdb/98763
26. Security Updates in Oracle Linux (ELSA-2014-1870, ELSA-2014-1873)
[19/11/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the libXfont and libvirt packages for Oracle Linux 6 and 7. An attacker could bypass security restrictions, execute arbitrary code and cause a denial of service condition.
URL:linux.oracle.com/errata/ELSA-2014-1870.html
URL:linux.oracle.com/errata/ELSA-2014-1873.html
27. Security Updates in Mandriva (MDVSA-2014:213, MDVSA-2014:214)
[19/11/2014] Mandriva has released security update packages for fixing the vulnerabilities identified in the curl and dbus packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A213/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A214/
28. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1670-2, RHSA-2014:1870-1, RHSA-2014:1872-1, RHSA-2014:1873-1)
[19/11/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the qemu-kvm-rhev, libXfont, kernel and libvirt packages for Red Hat Enterprise Linux 6, 6.4 Extended Update Support and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.
URL:rhn.redhat.com/errata/RHSA-2014-1670.html
URL:rhn.redhat.com/errata/RHSA-2014-1870.html
URL:rhn.redhat.com/errata/RHSA-2014-1872.html
URL:rhn.redhat.com/errata/RHSA-2014-1873.html
29. Security Updates in SUSE (openSUSE-SU-2014:1444-1)
[19/11/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player package of openSUSE 12.3, 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00016.html
30. Security Updates in Ubuntu GNU/Linux (USN-2411-1)
[19/11/2014] Ubuntu has released security update packages for fixing the vulnerability identified in the mountall package for version 14.10 of Ubuntu GNU/Linux. An attacker could bypass security restrictions and obtain sensitive information.
URL:www.ubuntu.com/usn/usn-2411-1/
31. Vulnerabilities in Apple Products (HT6572, HT6590, HT6592)
[18/11/2014] Vulnerabilities were identified in the Apple OS X Yosemite v10.10.1, Apple iOS 8.1.1 and Apple TV 7.0.2. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-us/HT6572
URL:support.apple.com/en-us/HT6590
URL:support.apple.com/en-us/HT6592
URL:www.hkcert.org/my_url/en/alert/14111802
URL:www.us-cert.gov/ncas/current-activity/2014/11/17/Apple-Releases-Security-Updates-iOS-OS-X-Yosemite-and-Apple-TV
32. Vulnerability in Cisco IOS Software
[18/11/2014] Vulnerability was identified in the Cisco IOS Software. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple firmware versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7992
URL:www.hkcert.org/my_url/en/alert/14111801
33. Vulnerabilities in IBM Security Identity Manager (1689779)
[18/11/2014] Vulnerabilities were identified in the IBM Security Identity Manager. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect version 6.0 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21689779
URL:xforce.iss.net/xforce/xfdb/95943
URL:xforce.iss.net/xforce/xfdb/95944
URL:xforce.iss.net/xforce/xfdb/95961
URL:xforce.iss.net/xforce/xfdb/96150
URL:xforce.iss.net/xforce/xfdb/96179
34. Vulnerabilities in Moodle (MSA-14-0045, MSA-14-0046, MSA-14-0047, MSA-14-0048, MSA-14-0049)
[18/11/2014] Vulnerabilities were identified in the Moodle. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, and perform cross-site request forgery and cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:moodle.org/security/
URL:xforce.iss.net/xforce/xfdb/98707
URL:xforce.iss.net/xforce/xfdb/98708
URL:xforce.iss.net/xforce/xfdb/98709
URL:xforce.iss.net/xforce/xfdb/98710
URL:xforce.iss.net/xforce/xfdb/98711
35. Security Updates in Oracle Linux (ELSA-2014-1859, ELSA-2014-1861, ELSA-2014-1866)
[18/11/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the mysql55-mysql, mariadb and tzdata packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, gain elevated privileges, execute arbitrary code and cause a denial of service condition.
URL:linux.oracle.com/errata/ELSA-2014-1859.html
URL:linux.oracle.com/errata/ELSA-2014-1861.html
URL:linux.oracle.com/errata/ELEA-2014-1866.html
36. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1859-1, RHSA-2014:1860-1, RHSA-2014:1861-1, RHSA-2014:1862-1, RHSA-2014:1863-1, RHSA-2014:1865-1)
[18/11/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the mysql55-mysql and mariadb packages for Red Hat Enterprise Linux 5 and 7, mysql55-mysql and mariadb55-mariadb packages for Red Hat Software Collections 1, Subscription Asset Manager package for Red Hat Enterprise Linux 6, and bash Shift_JIS package for Red Hat Enterprise Linux 5.9 Extended Update Support. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.
URL:rhn.redhat.com/errata/RHSA-2014-1859.html
URL:rhn.redhat.com/errata/RHSA-2014-1860.html
URL:rhn.redhat.com/errata/RHSA-2014-1861.html
URL:rhn.redhat.com/errata/RHSA-2014-1862.html
URL:rhn.redhat.com/errata/RHSA-2014-1863.html
URL:rhn.redhat.com/errata/RHSA-2014-1865.html
37. Security Updates in SUSE (SUSE-SU-2014:1442-1)
[18/11/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player package of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00015.html
38. Vulnerabilities in Cisco Product
[17/11/2014] Vulnerabilities were identified in the Cisco IOS Software running Aironet Access Points. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7997
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7998
URL:xforce.iss.net/xforce/xfdb/98691
URL:xforce.iss.net/xforce/xfdb/98692
39. Vulnerabilities in Novell Products (5195475, 5195490, 5195491, 5195492)
[17/11/2014] Vulnerabilities were identified in the Novell Messenger, Novell Identity Manager, NetIQ Identity Manager Roles Based Provisioning Module and Novell Designer for Identity Manager. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=66t5njTLVmk~
URL:download.novell.com/Download?buildid=I2DgXp6pwVY~
URL:download.novell.com/Download?buildid=NjOScYlrw_E~
URL:download.novell.com/Download?buildid=sJ4Wcd1G7Bo~
40. Vulnerability in Huawei Honor Cube Wireless Router (Huawei-SA-20141114-01-WS860s)
[17/11/2014] Vulnerability was identified in the Huawei Honor Cube Wireless Router. An attacker could obtain sensitive information, tamper files on the device and compromise the device. This vulnerability affects versions V100R001C02B219 and prior of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-396206.htm
41. Vulnerabilities in multiple components for Joomla! (98663, 98667)
[17/11/2014] Vulnerabilities were identified in the HD FLV Player and com_eventbooking components for Joomla!. An attacker could bypass security restrictions, execute arbitrary code, and perform cross-site scripting and code injection attacks. These vulnerabilities affects multiple versions of the mentioned products.
URL:xforce.iss.net/xforce/xfdb/98663
URL:xforce.iss.net/xforce/xfdb/98667
42. Vulnerabilities in Direct Web Remoting (98686, 98687)
[17/11/2014] Vulnerabilities were identified in the Direct Web Remoting. An attacker could bypass security restrictions, execute arbitrary code, obtain sensitive information and perform cross-site scripting attacks. These vulnerabilities affects multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/98686
URL:xforce.iss.net/xforce/xfdb/98687
43. Vulnerabilities in GoGits Gogs (98693, 98694, 98695)
[17/11/2014] Vulnerabilities were identified in the GoGits Gogs. An attacker could bypass security restrictions, execute arbitrary code, obtain sensitive information, and perform cross-site scripting and code injection attacks. These vulnerabilities affects multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/98693
URL:xforce.iss.net/xforce/xfdb/98694
URL:xforce.iss.net/xforce/xfdb/98695
44. Vulnerability in Linux Kernel (98690)
[17/11/2014] Vulnerability was identified in the Linux Kernel. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/98690
45. Security Updates in Debian (DSA-3073-1)
[17/11/2014] Debian has released security update packages for fixing the vulnerability identified in the libgcrypt11 package for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions and obtain sensitive information.
URL:www.debian.org/security/2014/dsa-3073
46. Security Updates in Gentoo Linux (GLSA 201411-05)
[17/11/2014] Gentoo has released security update packages for fixing the vulnerability identified in the wget package for multiple versions of Gentoo Linux. An attacker could execute arbitrary code.
URL:www.gentoo.org/security/en/glsa/glsa-201411-05.xml
47. Security Updates in Mageia (MGASA-2014-0441, MGASA-2014-0442, MGASA-2014-0443, MGASA-2014-0444, MGASA-2014-0445, MGASA-2014-0446, MGASA-2014-0447, MGASA-2014-0448, MGASA-2014-0449, MGASA-2014-0450, MGASA-2014-0451, MGASA-2014-0452, MGASA-2014-0453, MGASA-2014-0454, MGASA-2014-0455, MGASA-2014-0456, MGASA-2014-0457, MGASA-2014-0458, MGASA-2014-0459)
[17/11/2014] Mageia has released security update packages for fixing the vulnerabilities identified in the php, php-timezonedb, apt, ruby, curl, kdebase4-workspace, libreoffice, flash-player-plugin, claws-mail, getmail, kernel-linus, kernel-tmb, kernel, kernel-userspace-headers, kmod-xtables-addons, rpm-mageia-setup, kmod-broadcom-wl, kmod-fglrx, kmod-nvidia173, kmod-nvidia304, kmod-nvidia-current, kernel-vserver, util-vserver, kernel-linus, dbus and gnutls packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2014-0441.html
URL:advisories.mageia.org/MGASA-2014-0442.html
URL:advisories.mageia.org/MGASA-2014-0443.html
URL:advisories.mageia.org/MGASA-2014-0444.html
URL:advisories.mageia.org/MGASA-2014-0445.html
URL:advisories.mageia.org/MGASA-2014-0446.html
URL:advisories.mageia.org/MGASA-2014-0447.html
URL:advisories.mageia.org/MGASA-2014-0448.html
URL:advisories.mageia.org/MGASA-2014-0449.html
URL:advisories.mageia.org/MGASA-2014-0450.html
URL:advisories.mageia.org/MGASA-2014-0451.html
URL:advisories.mageia.org/MGASA-2014-0452.html
URL:advisories.mageia.org/MGASA-2014-0453.html
URL:advisories.mageia.org/MGASA-2014-0454.html
URL:advisories.mageia.org/MGASA-2014-0455.html
URL:advisories.mageia.org/MGASA-2014-0456.html
URL:advisories.mageia.org/MGASA-2014-0457.html
URL:advisories.mageia.org/MGASA-2014-0458.html
URL:advisories.mageia.org/MGASA-2014-0459.html
48. Security Updates in Slackware (SSA:2014-320-01)
[17/11/2014] Slackware has released security update packages for fixing the vulnerabilities identified in the mozilla-thunderbird package for version 14.1 of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.314855
Source(s) of above information:
[21/11/2014] Vulnerabilities were identified in the IBM Java SDK shipped with IBM WebSphere Application Server, IBM Domino server and IBM Security Network Protection. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21687740
URL:www.ibm.com/support/docview.wss?uid=swg21690342
URL:www.ibm.com/support/docview.wss?uid=swg21690823
URL:xforce.iss.net/xforce/xfdb/98519
2. Vulnerability in Trend Micro OfficeScan
[21/11/2014] Vulnerability was identified in Trend Micro(TM) OfficeScan 10.6. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the application. This vulnerability affects versions prior to Service Pack (SP) 3 Patch 1 of the mentioned products. Security patches are available to resolve this vulnerability.
URL:files.trendmicro.com/documentation/guides/osce/osce_106_sp3_patch1_win_en_criticalpatch_5712_Readme.txt
URL:files.trendmicro.com/documentation/guides/osce/OSCE%2010.6%20SP3%20Smart%20Scan%20Enhancement%20Critical%20Patch%20FAQ.pdf
3. Vulnerability in Faronics Deep Freeze (98812)
[21/11/2014] Vulnerability was identified in Faronics Deep Freeze. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. This vulnerability affects version 8.10 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/98812
4. Vulnerabilities in Drupal (SA-CORE-2014-006)
[21/11/2014] Vulnerabilities were identified in the Drupal. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the application. These vulnerabilities affect versions prior to 6.34 for Drupal core 6.x and versions prior to 7.34 for Drupal core 7.x of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.drupal.org/SA-CORE-2014-006
URL:www.us-cert.gov/ncas/current-activity/2014/11/20/Drupal-Releases-Security-Advisory
5. Vulnerability in GNU C Library (98852)
[21/11/2014] Vulnerability was identified in the GNU C Library (glibc). An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/98852
6. Vulnerability in Icecast (98850)
[21/11/2014] Vulnerability was identified in the Icecast. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects versions prior to 2.4.1 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/98850
7. Vulnerability in Lsyncd (98806)
[21/11/2014] Vulnerability was identified in the Lsyncd. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects version 2.0.7-3 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/98806
8. Vulnerability in Paid Memberships Pro plugin for WordPress (98805)
[21/11/2014] Vulnerability was identified in the Paid Memberships Pro plugin for WordPress. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code on the system. This vulnerability affects versions prior to 1.7.15 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/98805
9. Vulnerability in Xen (XSA-113)
[21/11/2014] Vulnerability was identified in the Xen. An attacker could bypass security restrictions, cause a denial of service condition and crash the application. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xenbits.xen.org/xsa/advisory-113.html
URL:xforce.iss.net/xforce/xfdb/98853
10. Security Updates in Oracle Products (ELSA-2014-1885, ELSA-2014-3092, ELSA-2014-3093, ELSA-2014-3094)
[21/11/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the Kerberos and NSS packages for Oracle Solaris 8, 9, 10 and 11.2, libxml2 and bash packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_4345_numeric_errors
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_nss
URL:linux.oracle.com/errata/ELSA-2014-1885.html
URL:linux.oracle.com/errata/ELSA-2014-3092.html
URL:linux.oracle.com/errata/ELSA-2014-3093.html
URL:linux.oracle.com/errata/ELSA-2014-3094.html
11. Security Updates in Debian (DSA-3075-1)
[21/11/2014] Debian has released security update packages for fixing the vulnerabilities identified in the drupal7 package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.debian.org/security/2014/dsa-3075
12. Security Updates in Mandriva (MDVSA-2014:216, MDVSA-2014:217)
[21/11/2014] Mandriva has released security update packages for fixing the vulnerabilities identified in the php-ZendFramework and clamav packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A216/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A217/
13. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1880-1, RHSA-2014:1881-1, RHSA-2014:1882-1, RHSA-2014:1885-1)
[21/11/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the java-1.5.0-ibm, java-1.7.0-ibm, java-1.7.1-ibm and libxml2 packages for Red Hat Enterprise Linux 5 , 6 and 7 Supplementary. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.
URL:rhn.redhat.com/errata/RHSA-2014-1880.html
URL:rhn.redhat.com/errata/RHSA-2014-1881.html
URL:rhn.redhat.com/errata/RHSA-2014-1882.html
URL:rhn.redhat.com/errata/RHSA-2014-1885.html
14. Security Updates in Ubuntu GNU/Linux (USN-2412-1, USN-2413-1)
[21/11/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the ruby1.8, ruby1.9.1, ruby2.0, ruby2.1 and apparmor packages for versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the application.
URL:www.ubuntu.com/usn/usn-2412-1/
URL:www.ubuntu.com/usn/usn-2413-1/
15. Vulnerabilities in Apple OS X (HT204017, HT6591)
[20/11/2014] Vulnerabilities were identified in the Apple OS X Yosemite. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect versions prior to v10.10.1 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-us/HT204017
URL:support.apple.com/en-us/HT6591
16. Vulnerability in KNOX component of Samsung Galaxy firmware (98780)
[20/11/2014] Vulnerability was identified in KNOX component of Samsung Galaxy firmware. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. This vulnerability affects Samsung Galaxy Ace 4, Samsung Galaxy Note 3, Samsung Galaxy S4 and Samsung Galaxy S5.
URL:xforce.iss.net/xforce/xfdb/98780
17. Vulnerabilities in Google Products
[20/11/2014] Vulnerabilities were identified in the Google Android and Google Chrome. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise an affected system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.hk/2014/11/stable-channel-update_18.html
URL:www.hkcert.org/my_url/en/alert/14112001
URL:www.us-cert.gov/ncas/current-activity/2014/11/19/Google-Releases-Security-Update-Chrome
URL:xforce.iss.net/xforce/xfdb/98790
URL:xforce.iss.net/xforce/xfdb/98801
18. Security Updates in Debian (DSA-3073-1)
[20/11/2014] Debian has released security update packages for fixing the vulnerability identified in the php5 package for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, cause a denial of service condition and crash the application.
URL:www.debian.org/security/2014/dsa-3074
19. Security Updates in Mandriva (MDVSA-2014:215)
[20/11/2014] Mandriva has released security update packages for fixing the vulnerability identified in the gnutls package for version MBS1 of Mandriva GNU/Linux. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A215/
20. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1876-1, RHSA-2014:1877-1)
[20/11/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the java-1.6.0-ibm and java-1.7.0-ibm packages for Red Hat Enterprise Linux 5 and 6 Supplementary. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.
URL:rhn.redhat.com/errata/RHSA-2014-1876.html
URL:rhn.redhat.com/errata/RHSA-2014-1877.html
21. Security Updates in SUSE (SUSE-SU-2014:1458-1)
[20/11/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the MozillaFirefox package of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00017.html
22. Security Updates in Ubuntu GNU/Linux (USN-2410-1)
[20/11/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the oxide-qt package for versions 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.ubuntu.com/usn/usn-2410-1/
23. Vulnerability in Microsoft Windows (3011780)
[19/11/2014] Vulnerability was identified in the Microsoft Windows. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. This vulnerability affects multiple versions of the mentioned product. Security patches and updates are available to resolve this vulnerability.
URL:technet.microsoft.com/library/security/MS14-068
URL:www.hkcert.org/my_url/en/alert/14111901
URL:www.kb.cert.org/vuls/id/213119
URL:www.us-cert.gov/ncas/current-activity/2014/11/18/Microsoft-Releases-Patch-MS14-068-Vulnerability
URL:xforce.iss.net/xforce/xfdb/98380
24. Vulnerabilities in Cisco Products
[19/11/2014] Vulnerabilities were identified in the Cisco Unified Computing System (Management software) and Cisco Unified Communications Manager IM and Presence Service. An attacker could bypass security restrictions, gain elevated privileges and perform cross-site request forgery attacks. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7996
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8000
URL:xforce.iss.net/xforce/xfdb/98769
25. Vulnerabilities in Check Point Security Gateway (sk100431, sk100505, sk98935)
[19/11/2014] Vulnerabilities were identified in the Check Point Security Gateway. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100431
URL:supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100505
URL:supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98935
URL:xforce.iss.net/xforce/xfdb/98761
URL:xforce.iss.net/xforce/xfdb/98762
URL:xforce.iss.net/xforce/xfdb/98763
26. Security Updates in Oracle Linux (ELSA-2014-1870, ELSA-2014-1873)
[19/11/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the libXfont and libvirt packages for Oracle Linux 6 and 7. An attacker could bypass security restrictions, execute arbitrary code and cause a denial of service condition.
URL:linux.oracle.com/errata/ELSA-2014-1870.html
URL:linux.oracle.com/errata/ELSA-2014-1873.html
27. Security Updates in Mandriva (MDVSA-2014:213, MDVSA-2014:214)
[19/11/2014] Mandriva has released security update packages for fixing the vulnerabilities identified in the curl and dbus packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A213/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A214/
28. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1670-2, RHSA-2014:1870-1, RHSA-2014:1872-1, RHSA-2014:1873-1)
[19/11/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the qemu-kvm-rhev, libXfont, kernel and libvirt packages for Red Hat Enterprise Linux 6, 6.4 Extended Update Support and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.
URL:rhn.redhat.com/errata/RHSA-2014-1670.html
URL:rhn.redhat.com/errata/RHSA-2014-1870.html
URL:rhn.redhat.com/errata/RHSA-2014-1872.html
URL:rhn.redhat.com/errata/RHSA-2014-1873.html
29. Security Updates in SUSE (openSUSE-SU-2014:1444-1)
[19/11/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player package of openSUSE 12.3, 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00016.html
30. Security Updates in Ubuntu GNU/Linux (USN-2411-1)
[19/11/2014] Ubuntu has released security update packages for fixing the vulnerability identified in the mountall package for version 14.10 of Ubuntu GNU/Linux. An attacker could bypass security restrictions and obtain sensitive information.
URL:www.ubuntu.com/usn/usn-2411-1/
31. Vulnerabilities in Apple Products (HT6572, HT6590, HT6592)
[18/11/2014] Vulnerabilities were identified in the Apple OS X Yosemite v10.10.1, Apple iOS 8.1.1 and Apple TV 7.0.2. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and cause a denial of service condition. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-us/HT6572
URL:support.apple.com/en-us/HT6590
URL:support.apple.com/en-us/HT6592
URL:www.hkcert.org/my_url/en/alert/14111802
URL:www.us-cert.gov/ncas/current-activity/2014/11/17/Apple-Releases-Security-Updates-iOS-OS-X-Yosemite-and-Apple-TV
32. Vulnerability in Cisco IOS Software
[18/11/2014] Vulnerability was identified in the Cisco IOS Software. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple firmware versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7992
URL:www.hkcert.org/my_url/en/alert/14111801
33. Vulnerabilities in IBM Security Identity Manager (1689779)
[18/11/2014] Vulnerabilities were identified in the IBM Security Identity Manager. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect version 6.0 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21689779
URL:xforce.iss.net/xforce/xfdb/95943
URL:xforce.iss.net/xforce/xfdb/95944
URL:xforce.iss.net/xforce/xfdb/95961
URL:xforce.iss.net/xforce/xfdb/96150
URL:xforce.iss.net/xforce/xfdb/96179
34. Vulnerabilities in Moodle (MSA-14-0045, MSA-14-0046, MSA-14-0047, MSA-14-0048, MSA-14-0049)
[18/11/2014] Vulnerabilities were identified in the Moodle. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, and perform cross-site request forgery and cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:moodle.org/security/
URL:xforce.iss.net/xforce/xfdb/98707
URL:xforce.iss.net/xforce/xfdb/98708
URL:xforce.iss.net/xforce/xfdb/98709
URL:xforce.iss.net/xforce/xfdb/98710
URL:xforce.iss.net/xforce/xfdb/98711
35. Security Updates in Oracle Linux (ELSA-2014-1859, ELSA-2014-1861, ELSA-2014-1866)
[18/11/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the mysql55-mysql, mariadb and tzdata packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, gain elevated privileges, execute arbitrary code and cause a denial of service condition.
URL:linux.oracle.com/errata/ELSA-2014-1859.html
URL:linux.oracle.com/errata/ELSA-2014-1861.html
URL:linux.oracle.com/errata/ELEA-2014-1866.html
36. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1859-1, RHSA-2014:1860-1, RHSA-2014:1861-1, RHSA-2014:1862-1, RHSA-2014:1863-1, RHSA-2014:1865-1)
[18/11/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the mysql55-mysql and mariadb packages for Red Hat Enterprise Linux 5 and 7, mysql55-mysql and mariadb55-mariadb packages for Red Hat Software Collections 1, Subscription Asset Manager package for Red Hat Enterprise Linux 6, and bash Shift_JIS package for Red Hat Enterprise Linux 5.9 Extended Update Support. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.
URL:rhn.redhat.com/errata/RHSA-2014-1859.html
URL:rhn.redhat.com/errata/RHSA-2014-1860.html
URL:rhn.redhat.com/errata/RHSA-2014-1861.html
URL:rhn.redhat.com/errata/RHSA-2014-1862.html
URL:rhn.redhat.com/errata/RHSA-2014-1863.html
URL:rhn.redhat.com/errata/RHSA-2014-1865.html
37. Security Updates in SUSE (SUSE-SU-2014:1442-1)
[18/11/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player package of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00015.html
38. Vulnerabilities in Cisco Product
[17/11/2014] Vulnerabilities were identified in the Cisco IOS Software running Aironet Access Points. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7997
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7998
URL:xforce.iss.net/xforce/xfdb/98691
URL:xforce.iss.net/xforce/xfdb/98692
39. Vulnerabilities in Novell Products (5195475, 5195490, 5195491, 5195492)
[17/11/2014] Vulnerabilities were identified in the Novell Messenger, Novell Identity Manager, NetIQ Identity Manager Roles Based Provisioning Module and Novell Designer for Identity Manager. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=66t5njTLVmk~
URL:download.novell.com/Download?buildid=I2DgXp6pwVY~
URL:download.novell.com/Download?buildid=NjOScYlrw_E~
URL:download.novell.com/Download?buildid=sJ4Wcd1G7Bo~
40. Vulnerability in Huawei Honor Cube Wireless Router (Huawei-SA-20141114-01-WS860s)
[17/11/2014] Vulnerability was identified in the Huawei Honor Cube Wireless Router. An attacker could obtain sensitive information, tamper files on the device and compromise the device. This vulnerability affects versions V100R001C02B219 and prior of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-396206.htm
41. Vulnerabilities in multiple components for Joomla! (98663, 98667)
[17/11/2014] Vulnerabilities were identified in the HD FLV Player and com_eventbooking components for Joomla!. An attacker could bypass security restrictions, execute arbitrary code, and perform cross-site scripting and code injection attacks. These vulnerabilities affects multiple versions of the mentioned products.
URL:xforce.iss.net/xforce/xfdb/98663
URL:xforce.iss.net/xforce/xfdb/98667
42. Vulnerabilities in Direct Web Remoting (98686, 98687)
[17/11/2014] Vulnerabilities were identified in the Direct Web Remoting. An attacker could bypass security restrictions, execute arbitrary code, obtain sensitive information and perform cross-site scripting attacks. These vulnerabilities affects multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/98686
URL:xforce.iss.net/xforce/xfdb/98687
43. Vulnerabilities in GoGits Gogs (98693, 98694, 98695)
[17/11/2014] Vulnerabilities were identified in the GoGits Gogs. An attacker could bypass security restrictions, execute arbitrary code, obtain sensitive information, and perform cross-site scripting and code injection attacks. These vulnerabilities affects multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/98693
URL:xforce.iss.net/xforce/xfdb/98694
URL:xforce.iss.net/xforce/xfdb/98695
44. Vulnerability in Linux Kernel (98690)
[17/11/2014] Vulnerability was identified in the Linux Kernel. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/98690
45. Security Updates in Debian (DSA-3073-1)
[17/11/2014] Debian has released security update packages for fixing the vulnerability identified in the libgcrypt11 package for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions and obtain sensitive information.
URL:www.debian.org/security/2014/dsa-3073
46. Security Updates in Gentoo Linux (GLSA 201411-05)
[17/11/2014] Gentoo has released security update packages for fixing the vulnerability identified in the wget package for multiple versions of Gentoo Linux. An attacker could execute arbitrary code.
URL:www.gentoo.org/security/en/glsa/glsa-201411-05.xml
47. Security Updates in Mageia (MGASA-2014-0441, MGASA-2014-0442, MGASA-2014-0443, MGASA-2014-0444, MGASA-2014-0445, MGASA-2014-0446, MGASA-2014-0447, MGASA-2014-0448, MGASA-2014-0449, MGASA-2014-0450, MGASA-2014-0451, MGASA-2014-0452, MGASA-2014-0453, MGASA-2014-0454, MGASA-2014-0455, MGASA-2014-0456, MGASA-2014-0457, MGASA-2014-0458, MGASA-2014-0459)
[17/11/2014] Mageia has released security update packages for fixing the vulnerabilities identified in the php, php-timezonedb, apt, ruby, curl, kdebase4-workspace, libreoffice, flash-player-plugin, claws-mail, getmail, kernel-linus, kernel-tmb, kernel, kernel-userspace-headers, kmod-xtables-addons, rpm-mageia-setup, kmod-broadcom-wl, kmod-fglrx, kmod-nvidia173, kmod-nvidia304, kmod-nvidia-current, kernel-vserver, util-vserver, kernel-linus, dbus and gnutls packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2014-0441.html
URL:advisories.mageia.org/MGASA-2014-0442.html
URL:advisories.mageia.org/MGASA-2014-0443.html
URL:advisories.mageia.org/MGASA-2014-0444.html
URL:advisories.mageia.org/MGASA-2014-0445.html
URL:advisories.mageia.org/MGASA-2014-0446.html
URL:advisories.mageia.org/MGASA-2014-0447.html
URL:advisories.mageia.org/MGASA-2014-0448.html
URL:advisories.mageia.org/MGASA-2014-0449.html
URL:advisories.mageia.org/MGASA-2014-0450.html
URL:advisories.mageia.org/MGASA-2014-0451.html
URL:advisories.mageia.org/MGASA-2014-0452.html
URL:advisories.mageia.org/MGASA-2014-0453.html
URL:advisories.mageia.org/MGASA-2014-0454.html
URL:advisories.mageia.org/MGASA-2014-0455.html
URL:advisories.mageia.org/MGASA-2014-0456.html
URL:advisories.mageia.org/MGASA-2014-0457.html
URL:advisories.mageia.org/MGASA-2014-0458.html
URL:advisories.mageia.org/MGASA-2014-0459.html
48. Security Updates in Slackware (SSA:2014-320-01)
[17/11/2014] Slackware has released security update packages for fixing the vulnerabilities identified in the mozilla-thunderbird package for version 14.1 of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.314855
Source(s) of above information:
Subscribe to:
Posts (Atom)