1. Vulnerability
in IBM Product (1680334)
[14/11/2014] Vulnerability was identified in the IBM Java Certificate
Management System of the IBM SDK, Java Technology Edition. An attacker could
perform brute-force attacks. This vulnerability affects multiple versions of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:www-304.ibm.com/support/docview.wss?uid=swg21680334
URL:xforce.iss.net/xforce/xfdb/93756
2. Vulnerabilities in Lantronix xPrintServer (98644,
98645)
[14/11/2014]
Vulnerabilities were identified in the Lantronix
xPrintServer. An attacker could execute arbitrary code, perform cross-site
request forgery and web cache poisoning attacks. The affected version was not
specified.
URL:xforce.iss.net/xforce/xfdb/98644
URL:xforce.iss.net/xforce/xfdb/98645
3. Vulnerability in Citrix Products
(CTX200254)
[14/11/2014] Vulnerability was identified in the Citrix NetScaler
Application Delivery Controller and NetScaler Gateway. An attacker could gain
elevated privileges. This vulnerability affects multiple versions of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:support.citrix.com/article/CTX200254
URL:xforce.iss.net/xforce/xfdb/98661
4. Vulnerability in Webform Component Roles module for
Drupal (SA-CONTRIB-2014-108)
[14/11/2014] Vulnerability was identified in the Webform Component Roles
module for Drupal. An attacker could bypass security restrictions. This
vulnerability affects versions 6.x and 7.x of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:www.drupal.org/node/2373973
URL:xforce.iss.net/xforce/xfdb/98646
5. Vulnerabilities in Linux
Kernel
[14/11/2014]
Vulnerabilities were identified in the Linux
Kernel. An attacker could cause a denial of service condition and crash the
system. The affected version was not specified. Security patches are available
to resolve these
vulnerabilities.
URL:git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fc3a9157d314
URL:lkml.org/lkml/2014/11/12/584
URL:xforce.iss.net/xforce/xfdb/98658
URL:xforce.iss.net/xforce/xfdb/98660
6. Security Updates in SUSE (SUSE-SU-2014:1422-1,
SUSE-SU-2014:1423-1)
[14/11/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the java-1_7_0-openjdk package of SUSE Linux Enterprise Server 12 and SUSE Linux
Enterprise Desktop 12, and flash-player package of SUSE Linux Enterprise
Workstation Extension 12 and SUSE Linux Enterprise Desktop 12. Due to multiple
errors, an attacker could compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00013.html
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00014.html
7. Security Updates in Red Hat Enterprise Linux
(RHSA-2014:1852-1)
[14/11/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the Adobe Flash Player package for Red Hat Enterprise Linux 5 and 6
Supplementary. Due to multiple errors, an attacker could execute arbitrary code,
crash the system and obtain sensitive
information.
URL:rhn.redhat.com/errata/RHSA-2014-1852.html
8. Security Updates in Ubuntu GNU/Linux
(USN-2409-1)
[14/11/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the qemu and qemu-kvm packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and
14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could cause a
denial of service condition, gain elevated privileges, execute arbitrary code
and obtain sensitive
information.
URL:www.ubuntu.com/usn/usn-2409-1/
9. Security Updates in Oracle Linux (ELSA-2014-1826,
ELSA-2014-1827, ELSA-2014-1843, ELSA-2014-1846, ELSA-2014-3087, ELSA-2014-3088,
ELSA-2014-3089)
[14/11/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the libvncserver, kdenetwork, gnutls and kernel packages for Oracle Linux 5, 6
and 7. Due to multiple errors, an attacker could cause buffer overflow, execute
arbitrary code, crash the system and gain elevated
privileges.
URL:linux.oracle.com/errata/ELSA-2014-1826.html
URL:linux.oracle.com/errata/ELSA-2014-1827.html
URL:linux.oracle.com/errata/ELSA-2014-1843.html
URL:linux.oracle.com/errata/ELSA-2014-1846.html
URL:linux.oracle.com/errata/ELSA-2014-3087.html
URL:linux.oracle.com/errata/ELSA-2014-3088.html
URL:linux.oracle.com/errata/ELSA-2014-3089.html
10.
Vulnerabilities in Juniper Products
(JSA10657, JSA10658, JSA10659, JSA10660, JSA10661)
[13/11/2014] Vulnerabilities were identified in the Juniper Secure
Analytics, Juniper Security Threat Response Manager, Juniper CTPView, Juniper
Junos Space, CTPOS and Juniper Network and Security Manager. An attacker could
perform remote arbitrary code execution, gain elevated privileges, cause a
buffer overflow, cause a denial of service condition, bypass security
restrictions, obtain sensitive information, perform cross-site scripting attacks
and perform clickjacking attacks. These vulnerabilities affect multiple versions
of the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10657&cat=SIRT_1&actp=LIST
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10658&cat=SIRT_1&actp=LIST
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10659&cat=SIRT_1&actp=LIST
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10660&cat=SIRT_1&actp=LIST
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10661&cat=SIRT_1&actp=LIST
11.
Vulnerability in Google
Chrome
[13/11/2014]
Vulnerability was identified in the Google
Chrome. An attacker could compromise an affected system. This vulnerability
affects versions prior to 38.0.2125.122 of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:googlechromereleases.blogspot.hk/2014/11/stable-channel-update.html
URL:www.us-cert.gov/ncas/current-activity/2014/11/11/Google-Releases-Security-Update-Chrome
12.
Vulnerabilities in SAP Governance
(98637)
[13/11/2014]
Vulnerabilities were identified in the SAP
Governance. An attacker could bypass security restrictions and gain elevated
privileges. The affected version was not specified. Security patches are
available to resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/98637
13.
Vulnerability in CorelDRAW X7
(98641)
[13/11/2014]
Vulnerability was identified in the CorelDRAW
X7. An attacker could execute arbitrary code. This vulnerability affects
versions 15.0.0.486 and 17.1.0.572 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/98641
14.
Vulnerability in Freedesktop
systemd-resolved (98642)
[13/11/2014] Vulnerability was identified in the Freedesktop
systemd-resolved. An attacker could perform DNS cache poisoning attacks. The
affected version was not specified. Security patches are available to resolve
this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/98642
15.
Vulnerabilities in phpMemcachedAdmin
(98638, 98639)
[13/11/2014] Vulnerabilities were identified in the phpMemcachedAdmin. An
attacker could execute arbitrary code and perform cross-site scripting attacks.
These vulnerabilities affect versions 1.2.2 and prior of the mentioned
products.
URL:xforce.iss.net/xforce/xfdb/98638
URL:xforce.iss.net/xforce/xfdb/98639
16.
Security Updates in SUSE
(SUSE-SU-2014:1366-2, SUSE-SU-2014:1387-2, SUSE-SU-2014:1408-1,
SUSE-SU-2014:1409-1)
[13/11/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the wget package for SUSE Linux Enterprise Server 10 and 11, and OpenSSL package
for SLE Client Tools 10, SUSE Studio Onsite 1.3 and SUSE Manager 1.7 for SUSE
Linux Enterprise Server 11. Due to multiple errors, an attacker could execute
arbitrary code, obtain sensitive information, bypass security restrictions and
cause a denial of service
condition.
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00012.html
17.
Security Updates in Debian (DSA-3071-1,
DSA-3072-1)
[13/11/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the nss and file packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could execute arbitrary code, cause a denial of
service condition and crash the
system.
URL:www.debian.org/security/2014/dsa-3071
URL:www.debian.org/security/2014/dsa-3072
18.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1846-1)
[13/11/2014] Red Hat
has released security update packages for fixing the vulnerability identified in
the gnutls package for Red Hat Enterprise Linux 7. An attacker could execute
arbitrary code and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1846.html
19.
Vulnerabilities in Microsoft Products
(2982998, 2989935, 2992611, 2992719, 2993958, 3000431, 3002885, 3003057,
3003381, 3003743, 3005210, 3005607, 3009710, 3011443)
[12/11/2014] Vulnerabilities were identified in the Microsoft Windows,
Internet Explorer, Microsoft Office, Microsoft .NET Framework, Microsoft Active
Directory Federation Services, Microsoft Internet Information Services and
Microsoft SharePoint Server. An attacker could perform remote arbitrary code
execution, bypass security restrictions, gain elevated privileges, obtain
sensitive information and cause a denial of service condition. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:technet.microsoft.com/en-us/library/security/ms14-nov
URL:technet.microsoft.com/library/security/MS14-064
URL:technet.microsoft.com/library/security/MS14-065
URL:technet.microsoft.com/library/security/MS14-066
URL:technet.microsoft.com/library/security/MS14-067
URL:technet.microsoft.com/library/security/MS14-069
URL:technet.microsoft.com/library/security/MS14-070
URL:technet.microsoft.com/library/security/MS14-071
URL:technet.microsoft.com/library/security/MS14-072
URL:technet.microsoft.com/library/security/MS14-073
URL:technet.microsoft.com/library/security/MS14-074
URL:technet.microsoft.com/library/security/MS14-076
URL:technet.microsoft.com/library/security/MS14-077
URL:technet.microsoft.com/library/security/MS14-078
URL:technet.microsoft.com/library/security/MS14-079
URL:www.us-cert.gov/ncas/current-activity/2014/11/11/Microsoft-Releases-November-2014-Security-Bulletin
URL:xforce.iss.net/xforce/xfdb/96759
URL:xforce.iss.net/xforce/xfdb/98346
URL:xforce.iss.net/xforce/xfdb/98348
URL:xforce.iss.net/xforce/xfdb/98349
URL:www.hkcert.org/my_url/en/alert/14111201
URL:www.hkcert.org/my_url/en/alert/14111202
URL:www.hkcert.org/my_url/en/alert/14111203
URL:www.hkcert.org/my_url/en/alert/14111204
URL:www.hkcert.org/my_url/en/alert/14111205
URL:www.hkcert.org/my_url/en/alert/14111206
URL:www.hkcert.org/my_url/en/alert/14111207
URL:www.hkcert.org/my_url/en/alert/14111208
URL:www.hkcert.org/my_url/en/alert/14111209
URL:www.hkcert.org/my_url/en/alert/14111210
URL:www.hkcert.org/my_url/en/alert/14111211
URL:www.hkcert.org/my_url/en/alert/14111212
URL:www.hkcert.org/my_url/en/alert/14111213
URL:www.hkcert.org/my_url/en/alert/14111214
20.
Information Updates on Microsoft Security
Advisory (3010060)
[12/11/2014] Microsoft
has updated information on the Advisory for the Microsoft Windows. KB3010060 was
updated to reflect publication of security
bulletin.
URL:technet.microsoft.com/library/security/3010060.aspx
21.
Vulnerabilities in Adobe Flash Player
(APSB14-24)
[12/11/2014] Vulnerabilities were identified in the Adobe Flash Player. An
attacker could executive arbitrary code, obtain sensitive information and gain
elevated privileges. These vulnerabilities affect multiple versions of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:helpx.adobe.com/security/products/flash-player/apsb14-24.html
URL:www.hkcert.org/my_url/en/alert/14111215
URL:www.us-cert.gov/ncas/current-activity/2014/11/11/Adobe-Releases-Security-Updates-Flash-Player
URL:technet.microsoft.com/en-us/library/security/2755801
22.
Vulnerabilities in IBM Product
(1688283)
[12/11/2014]
Vulnerabilities were identified in the IBM SDK,
Java Technology Edition. An attacker could gain elevated privileges, obtain
sensitive information, cause a denial of service condition and compromise a
user's system. These vulnerabilities affect multiple versions of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21688283
URL:www.hkcert.org/my_url/en/alert/14111216
23.
Vulnerability in IP.Board
(98593)
[12/11/2014]
Vulnerability was identified in the IP.Board. An
attacker could perform code injection attacks. This vulnerability affects
versions 3.4.7 and prior of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/98593
24.
Vulnerability in Anchor CMS
(98598)
[12/11/2014]
Vulnerability was identified in the Anchor CMS.
An attacker could perform cross-site scripting, cache poisoning and session
hijacking attacks. This vulnerability affects versions 0.9.2 and prior of the
mentioned
product.
URL:xforce.iss.net/xforce/xfdb/98598
25.
Vulnerability in D-Bus
(98576)
[12/11/2014]
Vulnerability was identified in the D-Bus. An
attacker could cause a denial of service condition. This vulnerability affects
versions prior to 1.3.0 of the mentioned product. Security patches are available
to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/98576
26.
Vulnerability in GnuTLS
(98606)
[12/11/2014]
Vulnerability was identified in the GnuTLS. An
attacker could execute arbitrary code and crash the application. This
vulnerability affects versions 3.0 and 3.1 of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/98606
27.
Security Updates in SUSE
(SUSE-SU-2014:1394-1)
[12/11/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the spacewalk-branding package for SUSE Manager 1.7 for SUSE Linux Enterprise
Server 11
SP2.
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00008.html
28.
Security Updates in Ubuntu GNU/Linux
(USN-2402-1, USN-2403-1, USN-2404-1, USN-2405-1, USN-2406-1, USN-2407-1,
USN-2408-1)
[12/11/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the kde-workspace, gnutls28, libvirt, cinder, keystone, nova and neutron
packages for versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to
multiple errors, an attacker could gain elevated privileges, cause a denial of
service condition, crash the system, execute arbitrary code, bypass security
restrictions and obtain sensitive
information.
URL:www.ubuntu.com/usn/usn-2402-1/
URL:www.ubuntu.com/usn/usn-2403-1/
URL:www.ubuntu.com/usn/usn-2404-1/
URL:www.ubuntu.com/usn/usn-2405-1/
URL:www.ubuntu.com/usn/usn-2406-1/
URL:www.ubuntu.com/usn/usn-2407-1/
URL:www.ubuntu.com/usn/usn-2408-1/
29.
Vulnerability in Cisco Unified
Communications Manager
[11/11/2014] Vulnerability was identified in the Cisco Unified
Communications Manager. An attacker could perform spoofing attacks. This
vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7991
30.
Vulnerabilities in Novell ZENworks
Configuration Management
[11/11/2014] Vulnerabilities were identified in the Novell ZENworks
Configuration Management. An attacker could obtain sensitive information. These
vulnerabilities affect versions 11 SP3, 11.2.4 and 11.3.1 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=zxTIqXxmcxk~
URL:download.novell.com/Download?buildid=Povsml5Ljxg~
URL:download.novell.com/Download?buildid=-rPCjAsWa_g~
31.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1833-1, RHSA-2014:1834-1)
[11/11/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the packages for Red Hat JBoss Enterprise Web Platform 5.2.0 for Red Hat
Enterprise Linux 4, 5 and 6. Due to multiple errors, an attacker could perform
spoofing
attacks.
URL:rhn.redhat.com/errata/RHSA-2014-1833.html
URL:rhn.redhat.com/errata/RHSA-2014-1834.html
32.
Security Updates in SUSE
(SUSE-SU-2014:1385-1, SUSE-SU-2014:1386-1,
SUSE-SU-2014:1387-1)
[11/11/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Mozilla Firefox and OpenSSL packages for SUSE Linux Enterprise Server 10 and
11. Due to multiple errors, an attacker could obtain sensitive
information.
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00006.html
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00007.html
33.
Security Updates in Ubuntu GNU/Linux
(USN-2399-1, USN-2400-1, USN-2401-1)
[11/11/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the curl, libreoffice and konversation packages for versions 10.04 LTS, 12.04
LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an
attacker could obtain sensitive information and crash the
system.
URL:www.ubuntu.com/usn/usn-2399-1/
URL:www.ubuntu.com/usn/usn-2400-1/
URL:www.ubuntu.com/usn/usn-2401-1/
34.
Vulnerabilities in IBM Products (1450666,
1681623, 1681631, 1684812, 1688051, 1688095, 1689396)
[10/11/2014] Vulnerabilities were identified in the IBM DB2 and IBM
WebSphere Application Server Community Edition. An attacker could bypass
security restrictions, obtain sensitive information, execute arbitrary code,
perform code injection attacks, cause a denial of service condition and crash
the system. These vulnerabilities affect multiple versions of mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21450666
URL:www.ibm.com/support/docview.wss?uid=swg21681623
URL:www.ibm.com/support/docview.wss?uid=swg21681631
URL:www.ibm.com/support/docview.wss?uid=swg21684812
URL:www.ibm.com/support/docview.wss?uid=swg21688051
URL:www.ibm.com/support/docview.wss?uid=swg21688095
URL:www.ibm.com/support/docview.wss?uid=swg21689396
35.
Vulnerability in GNU Binutils
(98555)
[10/11/2014]
Vulnerability was identified in the GNU
Binutils. An attacker could bypass security restrictions, cause a denial of
service condition and crash the system. This vulnerability affects versions 2.24
and possibly other versions of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/98555
36.
Vulnerability in Linux Kernel
(98557)
[10/11/2014]
Vulnerability was identified in the Linux
Kernel. An attacker could bypass security restrictions, cause a denial of
service condition and crash the system. This vulnerability affects multiple
versions of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/98557
37.
Vulnerability in VideoWhisper module for
Drupal (98533)
[10/11/2014] Vulnerability was identified in the VideoWhisper module for
Drupal. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and perform cross-site scripting attacks.
This vulnerability affects version 7 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/98533
38.
Security Updates in Oracle
Solaris
[10/11/2014]
Oracle has released security update packages for
fixing the vulnerabilities identified in the Zip, Gzip, X.Org, Perl 5.6,
FreeType Font Engine, libtiff, Bash, PNG and Samba packages for Oracle Solaris
10, 11.1 and 11.2. An attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:blogs.oracle.com/sunsecurity/entry/cve_2004_1010_buffer_overflow
URL:blogs.oracle.com/sunsecurity/entry/cve_2009_2624_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2011_0465_improper_input
URL:blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1
URL:blogs.oracle.com/sunsecurity/entry/cve_2011_3439_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2012_3401_denial_of
URL:blogs.oracle.com/sunsecurity/entry/cve_2012_3410_stack_based
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_libpng1
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_x_org1
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_x_org2
39.
Security Updates in Debian (DSA-3068-1,
DSA-3069-1, DSA-3070-1)
[10/11/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the konversation, curl and kfreebsd-9 packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and crash the
application.
URL:www.debian.org/security/2014/dsa-3068
URL:www.debian.org/security/2014/dsa-3069
URL:www.debian.org/security/2014/dsa-3070
40.
Security Updates in Gentoo Linux (GLSA
201411-04)
[10/11/2014]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the PHP package for multiple versions
of Gentoo Linux. Due to multiple errors, an attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:www.gentoo.org/security/en/glsa/glsa-201411-04.xml
No comments:
Post a Comment