1. Vulnerabilities in Cisco Products
[07/11/2014] Vulnerabilities were identified in the Cisco Unified Computing System (Managed) and Cisco IOS XE Software. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7989
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7990
2. Vulnerability in PHP (98522)
[07/11/2014] Vulnerability was identified in the PHP. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the application. This vulnerability affects versions prior to 5.2.7 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/98522
3. Vulnerability in Forma Lms (98504)
[07/11/2014] Vulnerability was identified in the Forma Lms. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects versions prior to 1.2.1 p01 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/98504
4. Vulnerability in X7 Chat (98513)
[07/11/2014] Vulnerability was identified in the X7 Chat. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects versions prior to 3.0.0 a1 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/98513
5. Vulnerabilities in BulletProof Security plugin for WordPress (98505, 98506, 98507)
[07/11/2014] Vulnerabilities were identified in the BulletProof Security plugin for WordPress. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform code injection and cross-site scripting attacks. These vulnerabilities affect version 51 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/98505
URL:xforce.iss.net/xforce/xfdb/98506
URL:xforce.iss.net/xforce/xfdb/98507
6. Security Updates in Oracle Linux (ELSA-2014-1824)
[07/11/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the php package for Oracle Linux 5. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, gain elevated privileges, execute arbitrary code and cause a denial of service condition.
URL:linux.oracle.com/errata/ELSA-2014-1824.html
7. Security Updates in Debian (DSA-3065-1, DSA-3066-1, DSA-3067-1)
[07/11/2014] Debian has released security update packages for fixing the vulnerabilities identified in the libxml-security-java, qemu and qemu-kvm packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code.
URL:www.debian.org/security/2014/dsa-3065
URL:www.debian.org/security/2014/dsa-3066
URL:www.debian.org/security/2014/dsa-3067
8. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1824-1)
[07/11/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the php package for Red Hat Enterprise Linux 5. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.
URL:rhn.redhat.com/errata/RHSA-2014-1824.html
9. Security Updates in SUSE (SUSE-SU-2014:1366-1)
[07/11/2014] SUSE has released security update packages for fixing the vulnerability identified in the wget package for SUSE Linux Enterprise Server 11. An attacker could bypass security restrictions and execute arbitrary code.
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00004.html
10. Vulnerabilities in Cisco Products (cisco-sa-20141105-rv)
[06/11/2014] Vulnerabilities were identified in the Cisco Small Business RV Series Routers and Cisco Unity Connection. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7988
URL:xforce.iss.net/xforce/xfdb/98493
URL:xforce.iss.net/xforce/xfdb/98497
URL:xforce.iss.net/xforce/xfdb/98498
URL:xforce.iss.net/xforce/xfdb/98499
11. Vulnerabilities in Symantec Endpoint Protection Manager (SYM14-015)
[06/11/2014] Vulnerabilities were identified in the Symantec Endpoint Protection Manager (SEPM). An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect versions prior to 12.1 RU5 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141105_00
12. Vulnerabilities in mod_auth_mellon (98467, 98468)
[06/11/2014] Vulnerabilities were identified in the mod_auth_mellon. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the Apache HTTP Server. These vulnerabilities affect versions 0.9.0 and 0.9.1 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/98467
URL:xforce.iss.net/xforce/xfdb/98468
13. Security Updates in Oracle Linux (ELSA-2014-1795, ELSA-2014-1801, ELSA-2014-1803, ELSA-2014-3086)
[06/11/2014] Oracle has released security update packages for fixing the vulnerabilities identified in the cups-filters, shim and mod_auth_mellon and kernel-uek packages for Oracle Linux 5, 6 and 7. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, gain elevated privileges, execute arbitrary code and cause a denial of service condition.
URL:linux.oracle.com/errata/ELSA-2014-1795.html
URL:linux.oracle.com/errata/ELSA-2014-1801.html
URL:linux.oracle.com/errata/ELSA-2014-1803.html
URL:linux.oracle.com/errata/ELSA-2014-3086.html
14. Security Updates in Gentoo Linux (GLSA 201411-01, GLSA 201411-02, GLSA 201411-03)
[06/11/2014] Gentoo has released security update packages for fixing the vulnerabilities identified in the VLC, MySQL, MariaDB and TigerVNC packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.gentoo.org/security/en/glsa/glsa-201411-01.xml
URL:www.gentoo.org/security/en/glsa/glsa-201411-02.xml
URL:www.gentoo.org/security/en/glsa/glsa-201411-03.xml
15. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1803-1)
[06/11/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the mod_auth_mellon package for Red Hat Enterprise Linux 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the Apache HTTP Server.
URL:rhn.redhat.com/errata/RHSA-2014-1803.html
16. Security Updates in SUSE (SUSE-SU-2014:1360-1, SUSE-SU-2014:1361-1)
[06/11/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the flash-player and OpenSSL packages for SUSE Linux Enterprise Server 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00002.html
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html
17. Security Updates in Ubuntu GNU/Linux (USN-2398-1)
[06/11/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the libreoffice package for versions 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2398-1/
18. Vulnerability in Linux Kernel (98434)
[05/11/2014] Vulnerability was identified in the Linux Kernel. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/98434
19. Vulnerabilities in NetBSD (SA2014-013, SA2014-014, SA2014-015)
[05/11/2014] Vulnerabilities were identified in the NetBSD. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-013.txt.asc
URL:ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-014.txt.asc
URL:ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc
URL:xforce.iss.net/xforce/xfdb/98378
20. Security Updates in Debian (DSA-3064-1)
[05/11/2014] Debian has released security update packages for fixing the vulnerabilities identified in the php5 package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2014/dsa-3064
21. Security Updates in FreeBSD (FreeBSD-SA-14:24.sshd, FreeBSD-SA-14:25.setlogin, FreeBSD-SA-14:26.ftp)
[05/11/2014] FreeBSD has released security update packages for fixing the vulnerabilities identified in the sshd, setlogin and ftp packages for multiple versions of FreeBSD. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:24.sshd.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:25.setlogin.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:26.ftp.asc
22. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1801-1)
[05/11/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the shim package for Red Hat Enterprise Linux 7. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2014-1801.html
23. Security Updates in SUSE (SUSE-SU-2014:1356-1, SUSE-SU-2014:1357-1)
[05/11/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the wpa_supplicant and openssl1 packages for SUSE Linux Enterprise Server 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code.
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00000.html
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html
24. Security Updates in Ubuntu GNU/Linux (USN-2397-1)
[05/11/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the ruby1.8, ruby1.9.1, ruby2.0 and ruby2.1 packages for versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2397-1/
25. Vulnerability in HP Color LaserJet Printers (c04483249)
[04/11/2014] Vulnerability was identified in the HP Color LaserJet Printers. An attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and crash the system. This vulnerability affects firmware versions prior to v.53.236.2 of the mentioned products. Security patches are available to resolve this vulnerability.
URL:h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04483249-1
URL:xforce.iss.net/xforce/xfdb/98422
26. Vulnerability in F5 Products (sol15722)
[04/11/2014] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device and BIG-IQ Security. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned products.
URL:support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.html
27. Vulnerability in uIP and lwIP DNS resolver (VU#210620)
[04/11/2014] Vulnerability was identified in the uIP and lwIP DNS resolver. An attacker could bypass security restrictions, execute arbitrary code and perform cache poisoning attacks. This vulnerability affects multiple versions of the mentioned product. Security patches for lwIP DNS resolver are available to resolve this vulnerability.
URL:www.kb.cert.org/vuls/id/210620
28. Vulnerability in GNU binutils (98420)
[04/11/2014] Vulnerability was identified in the GNU binutils. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects versions 2.24 and possibly other versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/98420
29. Security Updates in Debian (DSA-3062-1, DSA-3063-1)
[04/11/2014] Debian has released security update packages for fixing the vulnerabilities identified in the wget and quassel packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2014/dsa-3062
URL:www.debian.org/security/2014/dsa-3063
30. Security Updates in Red Hat Enterprise Linux (RHSA-2014:1795-1)
[04/11/2014] Red Hat has released security update packages for fixing the vulnerabilities identified in the cups-filters package for Red Hat Enterprise Linux 7. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2014-1795.html
31. Security Updates in Slackware (SSA:2014-307-01, SSA:2014-307-02, SSA:2014-307-03, SSA:2014-307-04)
[04/11/2014] Slackware has released security update packages for fixing the vulnerabilities identified in the mozilla-firefox, mariadb, php and seamonkey packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.356277
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.386696
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.403317
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.490480
32. Vulnerabilities in IBM Products (T1021439, 1684650, 1684651, 1688411, 1688840)
[03/11/2014] Vulnerabilities were identified in the IBM AIX, IBM Virtual I/O Server (VIOS), IBM WebSphere Portal, IBM Connections, IBM Notes Traveler for Android and Web Content Management. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=isg3T1021439
URL:www.ibm.com/support/docview.wss?uid=swg21684650
URL:www.ibm.com/support/docview.wss?uid=swg21684651
URL:www.ibm.com/support/docview.wss?uid=swg21688411
URL:www.ibm.com/support/docview.wss?uid=swg21688840
URL:www.ibm.com/support/docview.wss?uid=swg24034497
33. Vulnerability in Linksys Routers (VU#447516)
[03/11/2014] Vulnerability was identified in the Linksys EA series routers running the Linksys SMART WiFi firmware. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code. This vulnerability affects multiple firmware versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.kb.cert.org/vuls/id/447516
34. Security Updates in Debian (DSA-3060-1, DSA-3061-1)
[03/11/2014] Debian has released security update packages for fixing the vulnerabilities identified in the linux and icedove packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2014/dsa-3060
URL:www.debian.org/security/2014/dsa-3061
35. Security Updates in Mageia (MGASA-2014-0438, MGASA-2014-0439, MGASA-2014-0440)
[03/11/2014] Mageia has released security update packages for fixing the vulnerabilities identified in the dokuwiki, file and pulseaudio packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2014-0438.html
URL:advisories.mageia.org/MGASA-2014-0439.html
URL:advisories.mageia.org/MGASA-2014-0440.html
36. Security Updates in SUSE (SUSE-SU-2014:1339-1, SUSE-SU-2014:1342-1)
[03/11/2014] SUSE has released security update packages for fixing the vulnerabilities identified in the spacewalk-java packages for SUSE Manager Server and for SUSE Linux Enterprise Server 11. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks.
URL:lists.opensuse.org/opensuse-security-announce/2014-10/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2014-10/msg00010.html
37. Security Updates in Ubuntu GNU/Linux (USN-2396-1)
[03/11/2014] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux packages for version 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2396-1/
Source(s) of above information:
No comments:
Post a Comment