1. Vulnerability
in IBM Products (1691815)
[05/12/2014] Vulnerability was identified in the IBM WebSphere ILOG
JRules, IBM WebSphere Operational Decision Management and IBM Operational
Decision Manager. An attacker could bypass security restrictions and obtain
sensitive information. This vulnerability affects multiple versions of the
mentioned products. Security patches are available to resolve this
vulnerability.
URL:www-01.ibm.com/support/docview.wss?uid=swg21691815
URL:xforce.iss.net/xforce/xfdb/96211
2. Vulnerabilities in Novell Products (5195931, 5195932,
5195934, 5195990, 5195991, 5196010)
[05/12/2014] Vulnerabilities were identified in the Novell GroupWise,
Novell Filr and Novell Filr Desktop. An attacker could bypass security
restrictions, obtain sensitive information and execute arbitrary code. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=GuVaYIx6DDo~
URL:download.novell.com/Download?buildid=gV_oiDtqRV0~
URL:download.novell.com/Download?buildid=lHQCbRDbSMI~
URL:download.novell.com/Download?buildid=Tlic28DXD3o~
URL:download.novell.com/Download?buildid=vPrLP1Ai9zY~
URL:download.novell.com/Download?buildid=zhVqTr2nsdg~
3. Vulnerability in Prolink Router
(99093)
[05/12/2014]
Vulnerability was identified in the Prolink
PRN2001 Router. An attacker could bypass security restrictions, cause a denial
of service condition and crash the system. This vulnerability affects firmware
version 1.2 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/99093
4. Vulnerability in MantisBT
(99128)
[05/12/2014]
Vulnerability was identified in the MantisBT. An
attacker could bypass security restrictions, execute arbitrary code and perform
phishing attacks. This vulnerability affects versions prior to 1.2.18 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/99128
5. Vulnerability in GNU cpio
(99130)
[05/12/2014]
Vulnerability was identified in the GNU cpio. An
attacker could bypass security restrictions, gain elevated privileges, cause a
denial of service condition and crash the application. This vulnerability
affects version 2.10 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/99130
6. Vulnerability in JasPer
(99125)
[05/12/2014]
Vulnerability was identified in the JasPer. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the application. This vulnerability affects version 1.900.1 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/99125
7. Vulnerability in QEMU
(99126)
[05/12/2014]
Vulnerability was identified in the QEMU. An
attacker could bypass security restrictions and gain elevated privileges. This
vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/99126
8. Vulnerability in UnRTF
(99097)
[05/12/2014]
Vulnerability was identified in the UnRTF. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the application. The affected version was
not
specified.
URL:xforce.iss.net/xforce/xfdb/99097
9. Security Updates in Oracle Linux (ELSA-2014-3095,
ELSA-2014-3096)
[05/12/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the docker and kernel packages for Oracle Linux 6 and 7. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2014-3095.html
URL:linux.oracle.com/errata/ELSA-2014-3096.html
10.
Security Updates in Debian (DSA-3087-1,
DSA-3088-1, DSA-3089-1, DSA-3090-1)
[05/12/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the qemu, qemu-kvm, jasper and iceweasel packages for multiple versions of
Debian GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, gain elevated privileges, obtain sensitive information, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2014/dsa-3087
URL:www.debian.org/security/2014/dsa-3088
URL:www.debian.org/security/2014/dsa-3089
URL:www.debian.org/security/2014/dsa-3090
11.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1959-1)
[05/12/2014] Red Hat
has released security update packages for fixing the vulnerability identified in
the kernel package for Red Hat Enterprise Linux 5. An attacker could bypass
security restrictions, gain elevated privileges and execute arbitrary code on
the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1959.html
12.
Security Updates in Ubuntu GNU/Linux
(USN-2431-2, USN-2433-1)
[05/12/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the maas and tcpdump packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and
14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass
security restrictions, gain elevated privileges, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
application.
URL:www.ubuntu.com/usn/usn-2431-2/
URL:www.ubuntu.com/usn/usn-2433-1/
13.
Vulnerabilities in Apple Safari
(HT6596)
[04/12/2014]
Vulnerabilities were identified in the Apple
Safari. An attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the application. These
vulnerabilities affect multiple versions of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:support.apple.com/en-us/HT6596
URL:prod.lists.apple.com/archives/security-announce/2014/Dec/msg00000.html
URL:www.hkcert.org/my_url/en/alert/14120401
14.
Vulnerability in Cisco Unified Computing
System
[04/12/2014]
Vulnerability was identified in the Cisco
Unified Computing System (Management software). An attacker could bypass
security restrictions and obtain sensitive information. This vulnerability
affects multiple versions of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8009
15.
Vulnerability in IBM Endpoint Manager
Mobile Device Management (1691701)
[04/12/2014] Vulnerability was identified in the IBM Endpoint Manager
Mobile Device Management. An attacker could perform cross-site scripting attacks
and execute arbitrary code on the system. This vulnerability affects versions
prior to 9.0.60100 of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:ibm.com/support/docview.wss?uid=swg21691701
16.
Vulnerabilities in EMC Products (99085,
99086)
[04/12/2014]
Vulnerabilities were identified in the EMC
Documentum Content Server and EMC RSA Adaptive Authentication. An attacker could
bypass security restrictions, gain elevated privileges and execute arbitrary
code on the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/99085
URL:xforce.iss.net/xforce/xfdb/99086
17.
Vulnerability in Prolink Router
(99091)
[04/12/2014]
Vulnerability was identified in the Prolink
PRN2001 Router. An attacker could perform cross-site scripting attacks. This
vulnerability affects firmware version 1.2 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/99091
18.
Vulnerability in Portable OpenSSH
(99090)
[04/12/2014]
Vulnerability was identified in the Portable
OpenSSH. An attacker could bypass security restrictions and gain elevated
privileges. This vulnerability affects version 5.8p1 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/99090
19.
Vulnerability in OpenVPN
(99090)
[04/12/2014]
Vulnerability was identified in the OpenVPN. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the application. This vulnerability affects versions prior to 2.3.6 of
the mentioned product. Security patches are available to resolve this
vulnerability.
URL:community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
URL:www.hkcert.org/my_url/en/alert/14120302
20.
Security Updates in Oracle Linux
(ELSA-2014-1919, ELSA-2014-1924, ELSA-2014-1948,
ELSA-2014-1956)
[04/12/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the firefox, thunderbird, nss, nss-util, and nss-softokn and wpa_supplicant
packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:linux.oracle.com/errata/ELSA-2014-1919.html
URL:linux.oracle.com/errata/ELSA-2014-1924.html
URL:linux.oracle.com/errata/ELSA-2014-1948.html
URL:linux.oracle.com/errata/ELSA-2014-1956.html
21.
Security Updates in Debian (DSA-3085-1,
DSA-3086-1)
[04/12/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the wordpress and tcpdump packages for multiple versions of Debian GNU/Linux.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, perform cross-site scripting and
cross-site request forgery attacks, cause a denial of service condition and
crash the
system.
URL:www.debian.org/security/2014/dsa-3085
URL:www.debian.org/security/2014/dsa-3086
22.
Security Updates in Mageia
(MGASA-2014-0504, MGASA-2014-0505, MGASA-2014-0506,
MGASA-2014-0507)
[04/12/2014] Mageia has
released security update packages for fixing the vulnerabilities identified in
the sddm, libxcb, libreoffice, mediawiki, rootcerts, nss, firefox, firefox-l10n,
thunderbird and thunderbird-l10n packages for multiple versions of Mageia. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:advisories.mageia.org/MGASA-2014-0504.html
URL:advisories.mageia.org/MGASA-2014-0505.html
URL:advisories.mageia.org/MGASA-2014-0506.html
URL:advisories.mageia.org/MGASA-2014-0507.html
23.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1955-1, RHSA-2014:1956-1)
[04/12/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the wget and wpa_supplicant packages for Red Hat Enterprise Linux 6.5 and 7.
Due to multiple errors, an attacker could bypass security restrictions and
execute arbitrary
code.
URL:rhn.redhat.com/errata/RHSA-2014-1955.html
URL:rhn.redhat.com/errata/RHSA-2014-1956.html
24.
Security Updates in Slackware
(SSA:2014-337-01)
[04/12/2014] Slackware
has released security update packages for fixing the vulnerabilities identified
in the mozilla-thunderbird package for multiple versions of Slackware Linux. Due
to multiple errors, an attacker could bypass security restrictions, gain
elevated privileges, obtain sensitive information, execute arbitrary code, cause
a denial of service condition and crash the
application.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.359859
25.
Security Updates in SUSE
(SUSE-SU-2014:1549-1)
[04/12/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the java-1_7_1-ibm package of SUSE Linux Enterprise 12. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
application.
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html
26.
Security Updates in Ubuntu GNU/Linux
(USN-2428-1, USN-2431-1, USN-2432-1)
[04/12/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the thunderbird, mod-wsgi, eglibc and glibc packages for versions 10.04 LTS,
12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an
attacker could bypass security restrictions, gain elevated privileges, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
application.
URL:www.ubuntu.com/usn/usn-2428-1/
URL:www.ubuntu.com/usn/usn-2431-1/
URL:www.ubuntu.com/usn/usn-2432-1/
27.
Vulnerabilities in Mozilla Firefox (MFSA
2014-91)
[03/12/2014]
Vulnerabilities were identified in Mozilla
Firefox. An attacker could bypass security restrictions and obtain sensitive
information. These vulnerabilities affect versions prior to 34 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2014-91/
28.
Vulnerabilities in Huawei Smartphone
(Huawei-SA-20141202-P2)
[03/12/2014] Vulnerabilities were identified in the Huawei P2 Smartphone.
An attacker could bypass security restrictions, gain elevated privileges,
execute arbitrary code and compromise a vulnerable system. These vulnerabilities
affect firmware versions prior to V100R001C00B043 of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-401529.htm
29.
Vulnerability in Antiword
(99030)
[03/12/2014]
Vulnerability was identified in the Antiword. An
attacker could bypass security restrictions and execute arbitrary code on the
system. This vulnerability affects version 0.37 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/99030
30.
Vulnerabilities in MantisBT (99031,
99037, 99038, 99039, 99040, 99041)
[03/12/2014] Vulnerabilities were identified in the MantisBT. An attacker
could bypass security restrictions, execute arbitrary code and perform
cross-site scripting attacks. These vulnerabilities affect versions prior to
1.2.18 of the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/99031
URL:xforce.iss.net/xforce/xfdb/99037
URL:xforce.iss.net/xforce/xfdb/99038
URL:xforce.iss.net/xforce/xfdb/99039
URL:xforce.iss.net/xforce/xfdb/99040
URL:xforce.iss.net/xforce/xfdb/99041
31.
Security Updates in Debian
(DSA-3084-1)
[03/12/2014] Debian has
released security update packages for fixing the vulnerability identified in the
openvpn package for multiple versions of Debian GNU/Linux. An attacker could
bypass security restrictions, cause a denial of service condition and crash the
application.
URL:www.debian.org/security/2014/dsa-3084
32.
Security Updates in Red Hat Enterprise
Linux (RHSA-2014:1919-1, RHSA-2014:1924-1,
RHSA-2014:1948-1)
[03/12/2014] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the firefox, thunderbird, nss, nss-util, and nss-softokn packages for Red Hat
Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2014-1919.html
URL:rhn.redhat.com/errata/RHSA-2014-1924.html
URL:rhn.redhat.com/errata/RHSA-2014-1948.html
33.
Security Updates in SUSE
(SUSE-SU-2014:1526-2, SUSE-SU-2014:1545-1)
[03/12/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the java-1_6_0-ibm and flash-player packages of SUSE Linux Enterprise 11. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
application.
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00000.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00001.html
34.
Security Updates in Ubuntu GNU/Linux
(USN-2424-1, USN-2430-1)
[03/12/2014] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the firefox and openvpn packages for versions 12.04 LTS, 14.04 LTS and 14.10 of
Ubuntu GNU/Linux. An attacker could bypass security restrictions, gain elevated
privileges, obtain sensitive information, execute arbitrary code, cause a denial
of service condition and crash the
application.
URL:www.ubuntu.com/usn/usn-2424-1/
URL:www.ubuntu.com/usn/usn-2430-1/
35.
Vulnerabilities in Mozilla Products (MFSA
2014-83, MFSA 2014-84, MFSA 2014-85, MFSA 2014-86, MFSA 2014-87, MFSA 2014-88,
MFSA 2014-89, MFSA 2014-90)
[02/12/2014] Vulnerabilities were identified in Mozilla Firefox and
Thunderbird. An attacker could bypass security restrictions, execute arbitrary
code, obtain sensitive information, cause a denial of service condition and
crash the application. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2014-83/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2014-84/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2014-85/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2014-86/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2014-87/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2014-88/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2014-89/
URL:www.mozilla.org/zh-TW/security/advisories/mfsa2014-90/
36.
Vulnerability in Cisco Unified Computing
System
[02/12/2014]
Vulnerability was identified in the Cisco
Unified Computing System (Standalone). An attacker could bypass security
restrictions and gain elevated privileges. This vulnerability affects multiple
versions of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8003
URL:xforce.iss.net/xforce/xfdb/99015
37.
Vulnerability in Enalean Tuleap
(99017)
[02/12/2014]
Vulnerability was identified in the Enalean
Tuleap. An attacker could bypass security restrictions and execute arbitrary PHP
code on the system. This vulnerability affects version 7.6-4 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/99017
38.
Vulnerability in Yokogawa FAST/TOOLS
(99018)
[02/12/2014]
Vulnerability was identified in the Yokogawa
FAST/TOOLS. An attacker could bypass security restrictions, obtain sensitive
information and cause a denial of service condition. This vulnerability affects
versions prior to R10.01 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/99018
39.
Vulnerability in MantisBT
(99016)
[02/12/2014]
Vulnerability was identified in the MantisBT. An
attacker could bypass security restrictions and execute arbitrary PHP code on
the system. This vulnerability affects versions prior to 1.2.18 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/99016
40.
Security Updates in Mageia
(MGASA-2014-0501, MGASA-2014-0502, MGASA-2014-0503)
[02/12/2014] Mageia has released security update packages for fixing the
vulnerabilities identified in the gnome-shell, gnome-settings-daemon, teeworlds
and tcpdump packages for multiple versions of Mageia. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:advisories.mageia.org/MGASA-2014-0501.html
URL:advisories.mageia.org/MGASA-2014-0502.html
URL:advisories.mageia.org/MGASA-2014-0503.html
41.
Security Updates in Ubuntu GNU/Linux
(USN-2429-1)
[02/12/2014] Ubuntu has
released security update packages for fixing the vulnerability identified in the
ppp package for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu
GNU/Linux. An attacker could bypass security restrictions and gain elevated
privileges.
URL:www.ubuntu.com/usn/usn-2429-1/
42.
Vulnerability in Undertow
(99003)
[01/12/2014]
Vulnerability was identified in the Undertow. An
attacker could bypass security restrictions and traverse directories on the
system. This vulnerability affects versions prior to 1.0.17.Final, 1.2.0.Beta3
and 1.1.0.CR5 of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/99003
43.
Security Updates in Debian (DSA-3079-1,
DSA-3080-1, DSA-3081-1, DSA-3082-1, DSA-3083-1)
[01/12/2014] Debian has released security update packages for fixing the
vulnerabilities identified in the ppp, openjdk-7, libvncserver, flac and mutt
packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an
attacker could bypass security restrictions, gain elevated privileges, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and compromise the
system.
URL:www.debian.org/security/2014/dsa-3079
URL:www.debian.org/security/2014/dsa-3080
URL:www.debian.org/security/2014/dsa-3081
URL:www.debian.org/security/2014/dsa-3082
URL:www.debian.org/security/2014/dsa-3083
44.
Security Updates in Gentoo Linux (GLSA
201411-11)
[01/12/2014]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the squid package for multiple versions
of Gentoo Linux. Due to multiple errors, an attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:www.gentoo.org/security/en/glsa/glsa-201411-11.xml
45.
Security Updates in Mageia
(MGASA-2014-0499, MGASA-2014-0500)
[01/12/2014] Mageia has
released security update packages for fixing the vulnerabilities identified in
the flac and geary packages for multiple versions of Mageia. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, perform man-in-the-middle attacks, cause a
denial of service condition and crash the
system.
URL:advisories.mageia.org/MGASA-2014-0499.html
URL:advisories.mageia.org/MGASA-2014-0500.html
46.
Security Updates in Mandriva
(MDVSA-2014:234, MDVSA-2014:235, MDVSA-2014:236,
MDVSA-2014:237)
[01/12/2014] Mandriva
has released security update packages for fixing the vulnerabilities identified
in the libksba, perl-Plack, file and perl-Mojolicious packages for version MBS1
of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, execute arbitrary code, perform code injection attacks, cause a
denial of service condition and crash the
application.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A234/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A235/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A236/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014%3A237/
47.
Security Updates in SUSE
(SUSE-SU-2014:1526-1)
[01/12/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the java-1_7_0-ibm package of SUSE Linux Enterprise 11. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
application.
URL:lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html
Source(s)
of above information:
No comments:
Post a Comment