Security Alerts
1. Vulnerability in Easy File Sharing Web Server
(99532)
[02/01/2015]
Vulnerability was identified in the Easy File
Sharing Web Server. An attacker could bypass security restrictions, execute
arbitrary code and perform cross-site scripting attacks. This vulnerability
affects version 6.8 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/99532
2. Vulnerability in Maxthon Browser
(99533)
[02/01/2015]
Vulnerability was identified in the Maxthon
Browser. An attacker could bypass security restrictions, execute arbitrary code
and perform spoofing attacks. This vulnerability affects version 4 of the
mentioned
product.
URL:xforce.iss.net/xforce/xfdb/99533
3. Vulnerability in Frontend Uploader plugin for
WordPress (99546)
[02/01/2015] Vulnerability was identified in the Frontend Uploader plugin
for WordPress. An attacker could bypass security restrictions, execute arbitrary
code and perform cross-site scripting attacks. This vulnerability affects
version 0.9.2 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/99546
4. Security Updates in Oracle
Solaris
[02/01/2015]
Oracle has released security update packages for
fixing the vulnerabilities identified in the NTP V4 package for Oracle Solaris
10, 11.1 and 11.2. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ntp
5. Security Updates in Gentoo Linux (GLSA
201412-53)
[02/01/2015]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the mit-krb5 package for multiple
versions of Gentoo Linux. Due to multiple errors, an attacker could bypass
security restrictions, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:www.gentoo.org/security/en/glsa/glsa-201412-53.xml
6. Security Updates in Mageia (MGASA-2014-0547,
MGASA-2014-0548, MGASA-2014-0549, MGASA-2014-0550, MGASA-2014-0551,
MGASA-2014-0552, MGASA-2014-0553, MGASA-2014-0554, MGASA-2014-0555,
MGASA-2014-0556, MGASA-2014-0557, MGASA-2014-0558, MGASA-2014-0559,
MGASA-2014-0560, MGASA-2014-0561, MGASA-2014-0562)
[02/01/2015] Mageia has released security update packages for fixing the
vulnerabilities identified in the resteasy, smack, axis, apache-poi,
not-yet-commons-ssl, wss4j, erlang, xlockmore, mediawiki, castor, cxf,
xml-security, couchdb, plasma-nm, sox and unzip packages for multiple versions
of Mageia. Due to multiple errors, an attacker could bypass security
restrictions, gain elevated privileges, obtain sensitive information, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:advisories.mageia.org/MGASA-2014-0547.html
URL:advisories.mageia.org/MGASA-2014-0548.html
URL:advisories.mageia.org/MGASA-2014-0549.html
URL:advisories.mageia.org/MGASA-2014-0550.html
URL:advisories.mageia.org/MGASA-2014-0551.html
URL:advisories.mageia.org/MGASA-2014-0552.html
URL:advisories.mageia.org/MGASA-2014-0553.html
URL:advisories.mageia.org/MGASA-2014-0554.html
URL:advisories.mageia.org/MGASA-2014-0555.html
URL:advisories.mageia.org/MGASA-2014-0556.html
URL:advisories.mageia.org/MGASA-2014-0557.html
URL:advisories.mageia.org/MGASA-2014-0558.html
URL:advisories.mageia.org/MGASA-2014-0559.html
URL:advisories.mageia.org/MGASA-2014-0560.html
URL:advisories.mageia.org/MGASA-2014-0561.html
URL:advisories.mageia.org/MGASA-2014-0562.html
7. Security Updates in SUSE
(openSUSE-SU-2014:1735-1)
[02/01/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the kernel package for Evergreen 11.4 of openSUSE. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
application.
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00035.html
8. Security Updates in Oracle Linux
(ELSA-2014-3110)
[31/12/2014] Oracle has
released security update packages for fixing the vulnerabilities identified in
the docker package for Oracle Linux 6 and 7. Due to multiple errors, an attacker
could perform path traversal attacks and gain elevated
privileges.
URL:linux.oracle.com/errata/ELSA-2014-3110.html
9. Vulnerabilities in multiple plugins for WordPress
(99444, 99445, 99447, 99449, 99452)
[30/12/2014] Vulnerabilities were identified in the Wonder Foundry
Ultimatum Theme, themeskingdom Medicate Theme, ThemeFusion Avada Theme,
Cuckootap Theme and Lote27 Theme plugins for WordPress. An attacker could
perform directory traversal attacks. These vulnerabilities affect multiple
versions of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/99444
URL:xforce.iss.net/xforce/xfdb/99445
URL:xforce.iss.net/xforce/xfdb/99447
URL:xforce.iss.net/xforce/xfdb/99449
URL:xforce.iss.net/xforce/xfdb/99452
10.
Security Updates in Debian (DSA-3114-1,
DSA-3115-1)
[30/12/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the mime-support and pyyaml packages for multiple versions of Debian GNU/Linux.
Due to multiple errors, an attacker could execute arbitrary code and cause the
application to
crash.
URL:www.debian.org/security/2014/dsa-3114
URL:www.debian.org/security/2014/dsa-3115
11.
Vulnerabilities in BlackBerry Devices
(KB36557)
[29/12/2014]
Vulnerabilities were identified in multiple
Qualcomm-based BlackBerry OS Devices. An attacker could bypass security
restrictions and obtain sensitive information. These vulnerabilities affect OS
versions 7.1 and prior of the mentioned
products.
URL:www.blackberry.com/btsc/KB36557
12.
Vulnerabilities in Huawei Products
(Huawei-SA-20141224-01-WPSPIN, Huawei-SA-20141224-01-Tecal,
Huawei-SA-20141224-01-HMM, Huawei-SA-20141224-02-HMM,
Huawei-SA-20141224-01-USG)
[29/12/2014] Vulnerabilities were identified in multiple Huawei Products.
An attacker could perform brute-force attacks, obtain sensitive information,
execute arbitrary code, perform cross-site scripting forgery attacks and gain
escalated privilege. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-408091.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-408100.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-408102.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-408117.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-408118.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-408141.htm
13.
Vulnerability in miniBB
(99351)
[29/12/2014]
Vulnerability was identified in the miniBB. An
attacker could perform code injection attacks. These vulnerabilities affect
versions prior to 3.1.1 of the mentioned product. Security patches are available
to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/99351
14.
Vulnerabilities in Installatron GQ File
Manager (99365, 99366)
[29/12/2014] Vulnerabilities were identified in the Installatron GQ File
Manager. An attacker could perform cross-site scripting and code injection
attacks. These vulnerabilities affect version 0.2.5 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/99365
URL:xforce.iss.net/xforce/xfdb/99366
15.
Vulnerabilities in IPCop (99396, 99397,
99398)
[29/12/2014]
Vulnerabilities were identified in the IPCop. An
attacker could execute arbitrary code, perform cross-site scripting attacks and
web cache poisoning attacks. These vulnerabilities affect versions 2.1.4 and
prior of the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:xforce.iss.net/xforce/xfdb/99396
URL:xforce.iss.net/xforce/xfdb/99397
URL:xforce.iss.net/xforce/xfdb/99398
16.
Vulnerability in SmoothWall
(99404)
[29/12/2014]
Vulnerability was identified in the SmoothWall.
An attacker could perform cross-site scripting attacks. This vulnerability
affects version 3.1 and prior of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/99404
17.
Vulnerability in SoX
(99410)
[29/12/2014]
Vulnerability was identified in the SoX. An
attacker could overflow a buffer and execute arbitrary code. This vulnerability
affects version 14.4.1 of the mentioned product. Security patches are available
to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/99410
18.
Security Updates in Debian
(DSA-3113-1)
[29/12/2014] Debian has
released security update packages for fixing the vulnerabilities identified in
the unzip package for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could cause a buffer overflow and execute arbitrary
code.
URL:www.debian.org/security/2014/dsa-3113
19.
Security Updates in SUSE
(SUSE-SU-2014:1686-2, SUSE-SU-2014:1686-3, SUSE-SU-2014:1693-2,
SUSE-SU-2014:1697-1, SUSE-SU-2014:1698-1)
[29/12/2014] SUSE has
released security update packages for fixing the vulnerabilities identified in
the popt, xntp, Linux Kernel and ntp packages of SUSE Linux Enterprise Server 10
and 11. Due to multiple errors, an attacker could cause a buffer overflow,
execute arbitrary code, crash the system, cause a denial of service condition
and obtain sensitive
information.
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00030.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00031.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00032.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00033.html
URL:lists.opensuse.org/opensuse-security-announce/2014-12/msg00034.html
20.
Security Updates in Gentoo Linux (GLSA
201412-34, GLSA 201412-35, GLSA 201412-36, GLSA 201412-37, GLSA 201412-38, GLSA
201412-39, GLSA 201412-40, GLSA 201412-41, GLSA 201412-42, GLSA 201412-43, GLSA
201412-44, GLSA 201412-45, GLSA 201412-46, GLSA 201412-47, GLSA 201412-48, GLSA
201412-49, GLSA 201412-50, GLSA 201412-51, GLSA
201412-52)
[29/12/2014]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the ntp, rsyslog, libvirt, qemu,
icecast, openssl, flac, openvpn, xen, mupdf, policycoreutils, facter, lcms,
torque, file, fish, getmail, asterisk and wireshark packages for multiple
versions of Gentoo Linux. Due to multiple errors, an attacker could execute
arbitrary code, cause a denial of service condition, obtain sensitive
information, gain escalated privilege and bypass security
restrictions.
URL:www.gentoo.org/security/en/glsa/glsa-201412-34.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-35.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-36.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-37.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-38.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-39.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-40.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-41.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-42.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-43.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-44.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-45.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-46.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-47.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-48.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-49.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-50.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-51.xml
URL:www.gentoo.org/security/en/glsa/glsa-201412-52.xml
No comments:
Post a Comment