1. Vulnerabilities in IBM Products (1687740, 1690342,
1690823)
[21/11/2014]
Vulnerabilities were identified in the IBM Java
SDK shipped with IBM WebSphere Application Server, IBM Domino server and IBM
Security Network Protection. An attacker could bypass security restrictions,
obtain sensitive information, execute arbitrary code, cause a denial of service
condition and crash the application. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21687740
URL:www.ibm.com/support/docview.wss?uid=swg21690342
URL:www.ibm.com/support/docview.wss?uid=swg21690823
URL:xforce.iss.net/xforce/xfdb/98519
2. Vulnerability in Trend Micro
OfficeScan
[21/11/2014]
Vulnerability was identified in Trend Micro(TM)
OfficeScan 10.6. An attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the application.
This vulnerability affects versions prior to Service Pack (SP) 3 Patch 1 of the
mentioned products. Security patches are available to resolve this
vulnerability.
URL:files.trendmicro.com/documentation/guides/osce/osce_106_sp3_patch1_win_en_criticalpatch_5712_Readme.txt
URL:files.trendmicro.com/documentation/guides/osce/OSCE%2010.6%20SP3%20Smart%20Scan%20Enhancement%20Critical%20Patch%20FAQ.pdf
3. Vulnerability in Faronics Deep Freeze
(98812)
[21/11/2014]
Vulnerability was identified in Faronics Deep
Freeze. An attacker could bypass security restrictions, gain elevated privileges
and execute arbitrary code. This vulnerability affects version 8.10 of the
mentioned
product.
URL:xforce.iss.net/xforce/xfdb/98812
4. Vulnerabilities in Drupal
(SA-CORE-2014-006)
[21/11/2014] Vulnerabilities were identified in the Drupal. An attacker
could bypass security restrictions, execute arbitrary code, cause a denial of
service condition and crash the application. These vulnerabilities affect
versions prior to 6.34 for Drupal core 6.x and versions prior to 7.34 for Drupal
core 7.x of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:www.drupal.org/SA-CORE-2014-006
URL:www.us-cert.gov/ncas/current-activity/2014/11/20/Drupal-Releases-Security-Advisory
5. Vulnerability in GNU C Library
(98852)
[21/11/2014]
Vulnerability was identified in the GNU C
Library (glibc). An attacker could bypass security restrictions and execute
arbitrary code on the system. This vulnerability affects multiple versions of
the mentioned product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/98852
6. Vulnerability in Icecast
(98850)
[21/11/2014]
Vulnerability was identified in the Icecast. An
attacker could bypass security restrictions and obtain sensitive information.
This vulnerability affects versions prior to 2.4.1 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/98850
7. Vulnerability in Lsyncd
(98806)
[21/11/2014]
Vulnerability was identified in the Lsyncd. An
attacker could bypass security restrictions and execute arbitrary code on the
system. This vulnerability affects version 2.0.7-3 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/98806
8. Vulnerability in Paid Memberships Pro plugin for
WordPress (98805)
[21/11/2014] Vulnerability was identified in the Paid Memberships Pro
plugin for WordPress. An attacker could bypass security restrictions, obtain
sensitive information and execute arbitrary code on the system. This
vulnerability affects versions prior to 1.7.15 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/98805
9. Vulnerability in Xen
(XSA-113)
[21/11/2014]
Vulnerability was identified in the Xen. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the application. This vulnerability affects multiple versions of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:xenbits.xen.org/xsa/advisory-113.html
URL:xforce.iss.net/xforce/xfdb/98853
10.
Security Updates in Oracle Products
(ELSA-2014-1885, ELSA-2014-3092, ELSA-2014-3093,
ELSA-2014-3094)
[21/11/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the Kerberos and NSS packages for Oracle Solaris 8, 9, 10 and 11.2, libxml2 and
bash packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_4345_numeric_errors
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_nss
URL:linux.oracle.com/errata/ELSA-2014-1885.html
URL:linux.oracle.com/errata/ELSA-2014-3092.html
URL:linux.oracle.com/errata/ELSA-2014-3093.html
URL:linux.oracle.com/errata/ELSA-2014-3094.html
11.
Security Updates in Debian
(DSA-3075-1)
[21/11/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the drupal7 package for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the
application.
URL:www.debian.org/security/2014/dsa-3075
12.
Security Updates in Mandriva
(MDVSA-2014:216, MDVSA-2014:217)
[21/11/2014] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the php-ZendFramework and clamav packages for version MBS1 of Mandriva
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
application.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A216/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A217/
13.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1880-1, RHSA-2014:1881-1, RHSA-2014:1882-1,
RHSA-2014:1885-1)
[21/11/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the java-1.5.0-ibm, java-1.7.0-ibm, java-1.7.1-ibm and libxml2 packages for
Red Hat Enterprise Linux 5 , 6 and 7 Supplementary. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
application.
URL:rhn.redhat.com/errata/RHSA-2014-1880.html
URL:rhn.redhat.com/errata/RHSA-2014-1881.html
URL:rhn.redhat.com/errata/RHSA-2014-1882.html
URL:rhn.redhat.com/errata/RHSA-2014-1885.html
14.
Security Updates in Ubuntu GNU/Linux
(USN-2412-1, USN-2413-1)
[21/11/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the ruby1.8, ruby1.9.1, ruby2.0, ruby2.1 and apparmor packages for versions
12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an
attacker could bypass security restrictions, cause a denial of service condition
and crash the
application.
URL:www.ubuntu.com/usn/usn-2412-1/
URL:www.ubuntu.com/usn/usn-2413-1/
15.
Vulnerabilities in Apple OS X (HT204017,
HT6591)
[20/11/2014]
Vulnerabilities were identified in the Apple OS
X Yosemite. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code and cause a denial
of service condition. These vulnerabilities affect versions prior to v10.10.1 of
the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:support.apple.com/en-us/HT204017
URL:support.apple.com/en-us/HT6591
16.
Vulnerability in KNOX component of
Samsung Galaxy firmware (98780)
[20/11/2014] Vulnerability was identified in KNOX component of Samsung
Galaxy firmware. An attacker could bypass security restrictions, gain elevated
privileges and execute arbitrary code. This vulnerability affects Samsung Galaxy
Ace 4, Samsung Galaxy Note 3, Samsung Galaxy S4 and Samsung Galaxy
S5.
URL:xforce.iss.net/xforce/xfdb/98780
17. Vulnerabilities in Google
Products
[20/11/2014]
Vulnerabilities were identified in the Google
Android and Google Chrome. An attacker could bypass security restrictions, gain
elevated privileges, execute arbitrary code and compromise an affected system.
These vulnerabilities affect multiple versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:googlechromereleases.blogspot.hk/2014/11/stable-channel-update_18.html
URL:www.hkcert.org/my_url/en/alert/14112001
URL:www.us-cert.gov/ncas/current-activity/2014/11/19/Google-Releases-Security-Update-Chrome
URL:xforce.iss.net/xforce/xfdb/98790
URL:xforce.iss.net/xforce/xfdb/98801
18.
Security Updates in Debian
(DSA-3073-1)
[20/11/2014] Debian has
released security update packages for fixing the vulnerability identified in the
php5 package for multiple versions of Debian GNU/Linux. An attacker could bypass
security restrictions, cause a denial of service condition and crash the
application.
URL:www.debian.org/security/2014/dsa-3074
19.
Security Updates in Mandriva
(MDVSA-2014:215)
[20/11/2014] Mandriva
has released security update packages for fixing the vulnerability identified in
the gnutls package for version MBS1 of Mandriva GNU/Linux. An attacker could
bypass security restrictions, execute arbitrary code, cause a denial of service
condition and crash the
application.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A215/
20.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1876-1, RHSA-2014:1877-1)
[20/11/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the java-1.6.0-ibm and java-1.7.0-ibm packages for Red Hat Enterprise Linux 5
and 6 Supplementary. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and crash the
application.
URL:rhn.redhat.com/errata/RHSA-2014-1876.html
URL:rhn.redhat.com/errata/RHSA-2014-1877.html
21.
Security Updates in SUSE
(SUSE-SU-2014:1458-1)
[20/11/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the MozillaFirefox package of SUSE Linux Enterprise 11. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00017.html
22.
Security Updates in Ubuntu GNU/Linux
(USN-2410-1)
[20/11/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the oxide-qt package for versions 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due
to multiple errors, an attacker could bypass security restrictions, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and crash the
application.
URL:www.ubuntu.com/usn/usn-2410-1/
23.
Vulnerability in Microsoft Windows
(3011780)
[19/11/2014]
Vulnerability was identified in the Microsoft
Windows. An attacker could bypass security restrictions, gain elevated
privileges and execute arbitrary code. This vulnerability affects multiple
versions of the mentioned product. Security patches and updates are available to
resolve this
vulnerability.
URL:technet.microsoft.com/library/security/MS14-068
URL:www.hkcert.org/my_url/en/alert/14111901
URL:www.kb.cert.org/vuls/id/213119
URL:www.us-cert.gov/ncas/current-activity/2014/11/18/Microsoft-Releases-Patch-MS14-068-Vulnerability
URL:xforce.iss.net/xforce/xfdb/98380
24.
Vulnerabilities in Cisco
Products
[19/11/2014]
Vulnerabilities were identified in the Cisco
Unified Computing System (Management software) and Cisco Unified Communications
Manager IM and Presence Service. An attacker could bypass security restrictions,
gain elevated privileges and perform cross-site request forgery attacks. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7996
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8000
URL:xforce.iss.net/xforce/xfdb/98769
25.
Vulnerabilities in Check Point Security
Gateway (sk100431, sk100505, sk98935)
[19/11/2014] Vulnerabilities were identified in the Check Point Security
Gateway. An attacker could bypass security restrictions, cause a denial of
service condition and crash the system. These vulnerabilities affect multiple
versions of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100431
URL:supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100505
URL:supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98935
URL:xforce.iss.net/xforce/xfdb/98761
URL:xforce.iss.net/xforce/xfdb/98762
URL:xforce.iss.net/xforce/xfdb/98763
26.
Security Updates in Oracle Linux
(ELSA-2014-1870, ELSA-2014-1873)
[19/11/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the libXfont and libvirt packages for Oracle Linux 6 and 7. An attacker could
bypass security restrictions, execute arbitrary code and cause a denial of
service
condition.
URL:linux.oracle.com/errata/ELSA-2014-1870.html
URL:linux.oracle.com/errata/ELSA-2014-1873.html
27.
Security Updates in Mandriva
(MDVSA-2014:213, MDVSA-2014:214)
[19/11/2014] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the curl and dbus packages for version MBS1 of Mandriva GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
application.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A213/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A214/
28.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1670-2, RHSA-2014:1870-1, RHSA-2014:1872-1,
RHSA-2014:1873-1)
[19/11/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the qemu-kvm-rhev, libXfont, kernel and libvirt packages for Red Hat
Enterprise Linux 6, 6.4 Extended Update Support and 7. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and crash the
application.
URL:rhn.redhat.com/errata/RHSA-2014-1670.html
URL:rhn.redhat.com/errata/RHSA-2014-1870.html
URL:rhn.redhat.com/errata/RHSA-2014-1872.html
URL:rhn.redhat.com/errata/RHSA-2014-1873.html
29.
Security Updates in SUSE
(openSUSE-SU-2014:1444-1)
[19/11/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the flash-player package of openSUSE 12.3, 13.1 and 13.2. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00016.html
30.
Security Updates in Ubuntu GNU/Linux
(USN-2411-1)
[19/11/2014] Ubuntu has
released security update packages for fixing the vulnerability identified in the
mountall package for version 14.10 of Ubuntu GNU/Linux. An attacker could bypass
security restrictions and obtain sensitive
information.
URL:www.ubuntu.com/usn/usn-2411-1/
31.
Vulnerabilities in Apple Products
(HT6572, HT6590, HT6592)
[18/11/2014] Vulnerabilities were identified in the Apple OS X Yosemite
v10.10.1, Apple iOS 8.1.1 and Apple TV 7.0.2. An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code and cause a denial of service condition. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:support.apple.com/en-us/HT6572
URL:support.apple.com/en-us/HT6590
URL:support.apple.com/en-us/HT6592
URL:www.hkcert.org/my_url/en/alert/14111802
URL:www.us-cert.gov/ncas/current-activity/2014/11/17/Apple-Releases-Security-Updates-iOS-OS-X-Yosemite-and-Apple-TV
32.
Vulnerability in Cisco IOS
Software
[18/11/2014]
Vulnerability was identified in the Cisco IOS
Software. An attacker could bypass security restrictions and obtain sensitive
information. This vulnerability affects multiple firmware versions of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7992
URL:www.hkcert.org/my_url/en/alert/14111801
33.
Vulnerabilities in IBM Security Identity
Manager (1689779)
[18/11/2014] Vulnerabilities were identified in the IBM Security Identity
Manager. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and perform cross-site scripting attacks.
These vulnerabilities affect version 6.0 of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21689779
URL:xforce.iss.net/xforce/xfdb/95943
URL:xforce.iss.net/xforce/xfdb/95944
URL:xforce.iss.net/xforce/xfdb/95961
URL:xforce.iss.net/xforce/xfdb/96150
URL:xforce.iss.net/xforce/xfdb/96179
34.
Vulnerabilities in Moodle (MSA-14-0045,
MSA-14-0046, MSA-14-0047, MSA-14-0048, MSA-14-0049)
[18/11/2014] Vulnerabilities were identified in the Moodle. An attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, and perform cross-site request forgery and
cross-site scripting attacks. These vulnerabilities affect multiple versions of
the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:moodle.org/security/
URL:xforce.iss.net/xforce/xfdb/98707
URL:xforce.iss.net/xforce/xfdb/98708
URL:xforce.iss.net/xforce/xfdb/98709
URL:xforce.iss.net/xforce/xfdb/98710
URL:xforce.iss.net/xforce/xfdb/98711
35.
Security Updates in Oracle Linux
(ELSA-2014-1859, ELSA-2014-1861, ELSA-2014-1866)
[18/11/2014] Oracle has released security update packages for fixing the
vulnerabilities identified in the mysql55-mysql, mariadb and tzdata packages for
Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, execute arbitrary code,
gain elevated privileges, execute arbitrary code and cause a denial of service
condition.
URL:linux.oracle.com/errata/ELSA-2014-1859.html
URL:linux.oracle.com/errata/ELSA-2014-1861.html
URL:linux.oracle.com/errata/ELEA-2014-1866.html
36.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1859-1, RHSA-2014:1860-1, RHSA-2014:1861-1, RHSA-2014:1862-1,
RHSA-2014:1863-1, RHSA-2014:1865-1)
[18/11/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the mysql55-mysql and mariadb packages for Red Hat Enterprise Linux 5 and 7,
mysql55-mysql and mariadb55-mariadb packages for Red Hat Software Collections 1,
Subscription Asset Manager package for Red Hat Enterprise Linux 6, and bash
Shift_JIS package for Red Hat Enterprise Linux 5.9 Extended Update Support. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
application.
URL:rhn.redhat.com/errata/RHSA-2014-1859.html
URL:rhn.redhat.com/errata/RHSA-2014-1860.html
URL:rhn.redhat.com/errata/RHSA-2014-1861.html
URL:rhn.redhat.com/errata/RHSA-2014-1862.html
URL:rhn.redhat.com/errata/RHSA-2014-1863.html
URL:rhn.redhat.com/errata/RHSA-2014-1865.html
37.
Security Updates in SUSE
(SUSE-SU-2014:1442-1)
[18/11/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the flash-player package of SUSE Linux Enterprise 11. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00015.html
38.
Vulnerabilities in Cisco
Product
[17/11/2014]
Vulnerabilities were identified in the Cisco IOS
Software running Aironet Access Points. An attacker could bypass security
restrictions, cause a denial of service condition and crash the system. These
vulnerabilities affect multiple firmware versions of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7997
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7998
URL:xforce.iss.net/xforce/xfdb/98691
URL:xforce.iss.net/xforce/xfdb/98692
39.
Vulnerabilities in Novell Products
(5195475, 5195490, 5195491, 5195492)
[17/11/2014] Vulnerabilities were identified in the Novell Messenger,
Novell Identity Manager, NetIQ Identity Manager Roles Based Provisioning Module
and Novell Designer for Identity Manager. An attacker could bypass security
restrictions, obtain sensitive information and execute arbitrary code. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=66t5njTLVmk~
URL:download.novell.com/Download?buildid=I2DgXp6pwVY~
URL:download.novell.com/Download?buildid=NjOScYlrw_E~
URL:download.novell.com/Download?buildid=sJ4Wcd1G7Bo~
40.
Vulnerability in Huawei Honor Cube
Wireless Router (Huawei-SA-20141114-01-WS860s)
[17/11/2014] Vulnerability was identified in the Huawei Honor Cube
Wireless Router. An attacker could obtain sensitive information, tamper files on
the device and compromise the device. This vulnerability affects versions
V100R001C02B219 and prior of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-396206.htm
41.
Vulnerabilities in multiple components
for Joomla! (98663, 98667)
[17/11/2014] Vulnerabilities were identified in the HD FLV Player and
com_eventbooking components for Joomla!. An attacker could bypass security
restrictions, execute arbitrary code, and perform cross-site scripting and code
injection attacks. These vulnerabilities affects multiple versions of the
mentioned
products.
URL:xforce.iss.net/xforce/xfdb/98663
URL:xforce.iss.net/xforce/xfdb/98667
42.
Vulnerabilities in Direct Web Remoting
(98686, 98687)
[17/11/2014] Vulnerabilities were identified in the Direct Web Remoting.
An attacker could bypass security restrictions, execute arbitrary code, obtain
sensitive information and perform cross-site scripting attacks. These
vulnerabilities affects multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/98686
URL:xforce.iss.net/xforce/xfdb/98687
43.
Vulnerabilities in GoGits Gogs (98693,
98694, 98695)
[17/11/2014] Vulnerabilities were identified in the GoGits Gogs. An
attacker could bypass security restrictions, execute arbitrary code, obtain
sensitive information, and perform cross-site scripting and code injection
attacks. These vulnerabilities affects multiple versions of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/98693
URL:xforce.iss.net/xforce/xfdb/98694
URL:xforce.iss.net/xforce/xfdb/98695
44.
Vulnerability in Linux Kernel
(98690)
[17/11/2014]
Vulnerability was identified in the Linux
Kernel. An attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the system. This vulnerability
affects multiple versions of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/98690
45.
Security Updates in Debian
(DSA-3073-1)
[17/11/2014] Debian has
released security update packages for fixing the vulnerability identified in the
libgcrypt11 package for multiple versions of Debian GNU/Linux. An attacker could
bypass security restrictions and obtain sensitive
information.
URL:www.debian.org/security/2014/dsa-3073
46.
Security Updates in Gentoo Linux (GLSA
201411-05)
[17/11/2014]
Gentoo has released security update packages for
fixing the vulnerability identified in the wget package for multiple versions of
Gentoo Linux. An attacker could execute arbitrary
code.
URL:www.gentoo.org/security/en/glsa/glsa-201411-05.xml
47.
Security Updates in Mageia
(MGASA-2014-0441, MGASA-2014-0442, MGASA-2014-0443, MGASA-2014-0444,
MGASA-2014-0445, MGASA-2014-0446, MGASA-2014-0447, MGASA-2014-0448,
MGASA-2014-0449, MGASA-2014-0450, MGASA-2014-0451, MGASA-2014-0452,
MGASA-2014-0453, MGASA-2014-0454, MGASA-2014-0455, MGASA-2014-0456,
MGASA-2014-0457, MGASA-2014-0458, MGASA-2014-0459)
[17/11/2014] Mageia has released security update packages for fixing the
vulnerabilities identified in the php, php-timezonedb, apt, ruby, curl,
kdebase4-workspace, libreoffice, flash-player-plugin, claws-mail, getmail,
kernel-linus, kernel-tmb, kernel, kernel-userspace-headers, kmod-xtables-addons,
rpm-mageia-setup, kmod-broadcom-wl, kmod-fglrx, kmod-nvidia173, kmod-nvidia304,
kmod-nvidia-current, kernel-vserver, util-vserver, kernel-linus, dbus and gnutls
packages for multiple versions of Mageia. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:advisories.mageia.org/MGASA-2014-0441.html
URL:advisories.mageia.org/MGASA-2014-0442.html
URL:advisories.mageia.org/MGASA-2014-0443.html
URL:advisories.mageia.org/MGASA-2014-0444.html
URL:advisories.mageia.org/MGASA-2014-0445.html
URL:advisories.mageia.org/MGASA-2014-0446.html
URL:advisories.mageia.org/MGASA-2014-0447.html
URL:advisories.mageia.org/MGASA-2014-0448.html
URL:advisories.mageia.org/MGASA-2014-0449.html
URL:advisories.mageia.org/MGASA-2014-0450.html
URL:advisories.mageia.org/MGASA-2014-0451.html
URL:advisories.mageia.org/MGASA-2014-0452.html
URL:advisories.mageia.org/MGASA-2014-0453.html
URL:advisories.mageia.org/MGASA-2014-0454.html
URL:advisories.mageia.org/MGASA-2014-0455.html
URL:advisories.mageia.org/MGASA-2014-0456.html
URL:advisories.mageia.org/MGASA-2014-0457.html
URL:advisories.mageia.org/MGASA-2014-0458.html
URL:advisories.mageia.org/MGASA-2014-0459.html
48.
Security Updates in Slackware
(SSA:2014-320-01)
[17/11/2014] Slackware
has released security update packages for fixing the vulnerabilities identified
in the mozilla-thunderbird package for version 14.1 of Slackware Linux. Due to
multiple errors, an attacker could bypass security restrictions, gain elevated
privileges, obtain sensitive information, execute arbitrary code, cause a denial
of service condition and crash the
application.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.314855
Source(s)
of above information:
No comments:
Post a Comment