1. Vulnerabilities in IBM Products (1692551, 1692733,
1693142)
[24/12/2014]
Vulnerabilities were identified in the IBM Notes
and Domino. An attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary code. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21692551
URL:www-01.ibm.com/support/docview.wss?uid=swg21692733
URL:www-01.ibm.com/support/docview.wss?uid=swg21693142
2. Vulnerabilities in Novell Identity Manager (5197650,
5197651, 5197654, 5197655)
[24/12/2014] Vulnerabilities were identified in the Novell Identity
Manager. An attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary code. These vulnerabilities affect multiple
versions of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:download.novell.com/Download?buildid=BIcWI30ek-Y~
URL:download.novell.com/Download?buildid=CN5WxfiN2Ek~
URL:download.novell.com/Download?buildid=FeB0mK1i9NU~
URL:download.novell.com/Download?buildid=X7DYbkPceZk~
3. Vulnerability in F5 BIG-IP LTM
(SOL15931)
[24/12/2014]
Vulnerability was identified in the BIG-IP LTM.
An attacker could bypass security restrictions, cause a denial of service
condition and crash the application. This vulnerability affects multiple
versions of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/15000/900/sol15931.html
4. Vulnerabilities in VDG Sense (99331, 99332, 99333,
99334)
[24/12/2014]
Vulnerabilities were identified in the VDG
Sense. An attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary code. These vulnerabilities affect version
2.3.13 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/99331
URL:xforce.iss.net/xforce/xfdb/99332
URL:xforce.iss.net/xforce/xfdb/99333
URL:xforce.iss.net/xforce/xfdb/99334
5. Vulnerability in TWiki
(99341)
[24/12/2014]
Vulnerability was identified in the TWiki. An
attacker could bypass security restrictions, execute arbitrary code and perform
cross-site scripting attacks. This vulnerability affects versions 6.0.0 and
6.0.1 of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/99341
6. Vulnerability in UnZip
(ocert-2014-011)
[24/12/2014] Vulnerability was identified in the UnZip. An attacker could
bypass security restrictions, cause a denial of service condition, execute
arbitrary code and compromise the system. This vulnerability affects version 6.0
and prior of the mentioned
product.
URL:www.ocert.org/advisories/ocert-2014-011.html
URL:www.us-cert.gov/ncas/current-activity/2014/12/22/oCERT-Releases-Advisory-Unpatched-UnZip-Vulnerability
7. Security Updates in Debian (DSA-3110-1,
DSA-3112-1)
[24/12/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the mediawiki and sox packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2014/dsa-3110
URL:www.debian.org/security/2014/dsa-3112
8. Security Updates in FreeBSD
(FreeBSD-SA-14:31.ntp)
[24/12/2014] FreeBSD
has released security update packages for fixing the vulnerabilities identified
in the ntp package for multiple versions of FreeBSD. An attacker could bypass
security restrictions, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-14:31.ntp.asc
9. Security Updates in Mageia (MGASA-2014-0544,
MGASA-2014-0545, MGASA-2014-0546)
[24/12/2014] Mageia has
released security update packages for fixing the vulnerabilities identified in
the libjpeg, subversion and git packages for multiple versions of Mageia. Due to
multiple errors, an attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:advisories.mageia.org/MGASA-2014-0544.html
URL:advisories.mageia.org/MGASA-2014-0545.html
URL:advisories.mageia.org/MGASA-2014-0546.html
10.
Security Updates in SUSE
(SUSE-SU-2014:1690-1, SUSE-SU-2014:1693-1, SUSE-SU-2014:1694-1,
SUSE-SU-2014:1695-1)
[24/12/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the ntp, kernel and openvpn packages of SUSE Linux Enterprise 11 and 12. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
application.
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00026.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00027.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00028.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00029.html
11.
Vulnerabilities in Apple OS X NTP
(HT6601)
[23/12/2014]
Vulnerabilities was identified in the Apple OS X
NTP. An attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the application. These
vulnerabilities affect multiple versions of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:support.apple.com/en-us/HT6601
12.
Vulnerabilities in Cisco Products
(cisco-sa-20141222-ntpd)
[23/12/2014] Vulnerabilities were identified in multiple Cisco products
incorporated ntpd package and Cisco Identity Services Engine Software. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and crash the application. These vulnerabilities affect multiple firmware
versions of the mentioned
products.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8015
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8017
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8018
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8026
13.
Vulnerability in F5 Products
(SOL15927)
[23/12/2014]
Vulnerability was identified in the BIG-IP LTM
and BIG-IP GTM. An attacker could bypass security restrictions, cause a denial
of service condition and crash the application. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/15000/900/sol15927.html
14.
Vulnerability in Allegro RomPager
Firmware
[23/12/2014]
Vulnerability was identified in multiple
broadband routers employing the Allegro RomPager firmware. An attacker could
bypass security restrictions, gain elevated privileges, execute arbitrary code
and compromise the system. This vulnerability affects firmware versions prior to
4.34 of the mentioned
product.
URL:www.hkcert.org/my_url/en/alert/14122202
URL:www.kb.cert.org/vuls/id/561444
URL:www.us-cert.gov/ncas/current-activity/2014/12/20/Misfortune-Cookie-Broadband-Router-Vulnerability
15.
Security Updates in Debian (DSA-3107-1,
DSA-3108-1)
[23/12/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the subversion and ntp packages for multiple versions of Debian GNU/Linux. Due
to multiple errors, an attacker could bypass security restrictions, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and crash the
system.
URL:www.debian.org/security/2014/dsa-3107
URL:www.debian.org/security/2014/dsa-3108
16.
Security Updates in Gentoo Linux (GLSA
201412-32, GLSA 201412-33)
[23/12/2014] Gentoo has
released security update packages for fixing the vulnerabilities identified in
the sendmail and pdns-recursor packages for multiple versions of Gentoo Linux.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:www.gentoo.org/security/en/glsa/glsa-201412-32.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-33.xml
17.
Security Updates in Mageia
(MGASA-2014-0530, MGASA-2014-0531, MGASA-2014-0532, MGASA-2014-0533,
MGASA-2014-0534, MGASA-2014-0535, MGASA-2014-0536, MGASA-2014-0537,
MGASA-2014-0538, MGASA-2014-0539, MGASA-2014-0540, MGASA-2014-0541,
MGASA-2014-0542, MGASA-2014-0543)
[23/12/2014] Mageia has
released security update packages for fixing the vulnerabilities identified in
the c-icap, claws-mail, x11-server, unrtf, pcre, pwgen, krb5, file, nail,
jasper, dokuwiki, ntp, php, php-apc and znc packages for multiple versions of
Mageia. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2014-0530.html
URL:advisories.mageia.org/MGASA-2014-0531.html
URL:advisories.mageia.org/MGASA-2014-0532.html
URL:advisories.mageia.org/MGASA-2014-0533.html
URL:advisories.mageia.org/MGASA-2014-0534.html
URL:advisories.mageia.org/MGASA-2014-0535.html
URL:advisories.mageia.org/MGASA-2014-0536.html
URL:advisories.mageia.org/MGASA-2014-0537.html
URL:advisories.mageia.org/MGASA-2014-0538.html
URL:advisories.mageia.org/MGASA-2014-0539.html
URL:advisories.mageia.org/MGASA-2014-0540.html
URL:advisories.mageia.org/MGASA-2014-0541.html
URL:advisories.mageia.org/MGASA-2014-0542.html
URL:advisories.mageia.org/MGASA-2014-0543.html
18.
Security Updates in SUSE
(openSUSE-SU-2014:1680-1, SUSE-SU-2014:1686-1)
[23/12/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the ntp package of SUSE Linux Enterprise 11 and openSUSE Evergreen 11.4. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
application.
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00024.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00025.html
19.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:2028-1, RHSA-2014:2029-1, RHSA-2014:2030-1,
RHSA-2014:2031-1)
[23/12/2014] Red Hat
has released security update packages for fixing the vulnerability identified in
the kernel package for Red Hat Enterprise Linux 5 and 6. An attacker could
bypass security restrictions and gain elevated
privileges.
URL:rhn.redhat.com/errata/RHSA-2014-2028.html
URL:rhn.redhat.com/errata/RHSA-2014-2029.html
URL:rhn.redhat.com/errata/RHSA-2014-2030.html
URL:rhn.redhat.com/errata/RHSA-2014-2031.html
20.
Security Updates in Ubuntu GNU/Linux
(USN-2449-1)
[23/12/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the ntp packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of
Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2449-1/
21. Vulnerabilities in Cisco
Products
[22/12/2014]
Vulnerabilities were identified in the Cisco
Adaptive Security Appliance (ASA) Software, Cisco Prime Infrastructure and Cisco
Enterprise Content Delivery System (ECDS). An attacker could bypass security
restrictions, traverse directories and obtain sensitive information. These
vulnerabilities affect multiple firmware versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3410
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8007
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8019
22.
Vulnerability in Symantec Deployment
Solution (SYM14-017)
[22/12/2014] Vulnerability was identified in the Symantec Deployment
Solution. An attacker could bypass security restrictions, gain elevated
privileges and execute arbitrary code. This vulnerability affects versions 6.9
and prior of the mentioned product to Windows XP (SP3) or Windows Server 2003
(SP2).
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141219_00
23.
Vulnerabilities in Huawei Home Gateway
(Huawei-SA-20141219- RomPager)
[22/12/2014] Vulnerabilities were identified in Huawei Home Gateway HG530
employing the Allegro RomPager firmware. An attacker could bypass security
restrictions, gain elevated privileges, execute arbitrary code and compromise
the system. These vulnerabilities affect firmware versions prior to
V100R001C10B025 of the mentioned product. Security patches are available to
resolve these
vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm
24.
Vulnerability in AppsGeyser
(VU#1680209)
[22/12/2014] Vulnerability was identified in multiple AppsGeyser generated
Android applications. An attacker could bypass security restrictions, obtain
sensitive information and execute arbitrary code. This vulnerability affects
multiple versions of the mentioned application generated by
AppsGeyser.
URL:www.kb.cert.org/vuls/id/1680209
25.
Vulnerabilities in Network Time
Protocol
[22/12/2014]
Vulnerabilities were identified in Network Time
Protocol(NTP). An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges and execute arbitrary code. These
vulnerabilities affect versions prior to 4.2.8 of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:support.ntp.org/bin/view/Main/SecurityNotice
URL:www.kb.cert.org/vuls/id/852879
URL:www.us-cert.gov/ncas/current-activity/2014/12/19/Vulnerabilities-Identified-Network-Time-Protocol-Daemon
26.
Vulnerability in WordPress Download
Manager
[22/12/2014]
Vulnerability was identified in the WordPress
Download Manager. An attacker could bypass security restrictions and execute
arbitrary PHP code. This vulnerability affects versions prior to 2.7.5 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:www.hkcert.org/my_url/en/alert/14121901
27.
Security Updates in Oracle Products
(ELSA-2014-2023, ELSA-2014-2024, ELSA-2014-2025,
ELSA-2014-3106)
[22/12/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the glibc, ntp and Unbreakable Enterprise kernel packages for Oracle Linux 5, 6
and 7. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2014-2023.html
URL:linux.oracle.com/errata/ELSA-2014-2024.html
URL:linux.oracle.com/errata/ELSA-2014-2025.html
URL:linux.oracle.com/errata/ELSA-2014-3106.html
28.
Security Updates in Debian (DSA-3106-1,
DSA-3109-1)
[22/12/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the jasper and firebird2.5 packages for multiple versions of Debian GNU/Linux.
Due to multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2014/dsa-3106
URL:www.debian.org/security/2014/dsa-3109
29.
Security Updates in SUSE
(openSUSE-SU-2014:1669-1, openSUSE-SU-2014:1670-1, openSUSE-SU-2014:1677-1,
openSUSE-SU-2014:1678-1, openSUSE-SU-2014:1679-1)
[22/12/2014] SUSE has released security update packages for fixing the
vulnerabilities identified in the Linux Kernel, ntp and clamav packages of
openSUSE 12.3, 13.1 and 13.2, and openSUSE Evergreen 11.4. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00019.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00021.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00022.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00023.html
30.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:2024-1, RHSA-2014:2025-1)
[22/12/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the ntp package for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple
errors, an attacker could bypass security restrictions, gain elevated
privileges, obtain sensitive information and execute arbitrary
code.
URL:rhn.redhat.com/errata/RHSA-2014-2024.html
URL:rhn.redhat.com/errata/RHSA-2014-2025.html
31.
Security Updates in Ubuntu GNU/Linux
(USN-2447-2, USN-2448-2)
[22/12/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the linux-lts-utopic and linux packages for versions 14.04 LTS and 14.10 of
Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, cause a denial of service condition
and crash the
system.
URL:www.ubuntu.com/usn/usn-2447-2/
URL:www.ubuntu.com/usn/usn-2448-2/
No comments:
Post a Comment