1. Vulnerability
in Cisco TelePresence MCU Software
[18/02/2015] Vulnerability was identified in the Cisco TelePresence MCU
Software. An attacker could bypass security restrictions, cause a denial of
service condition and crash the system. This vulnerability affects multiple
versions of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0621
URL:xforce.iss.net/xforce/xfdb/100936
2. Vulnerability in Image Metadata Cruncher plugin for
WordPress (100926)
[18/02/2015] Vulnerability was identified in the Image Metadata Cruncher
plugin for WordPress. An attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code and perform cross-site scripting
attacks. The affected version was not
specified.
URL:xforce.iss.net/xforce/xfdb/100926
3. Security Updates in Gentoo Linux (GLSA
201502-13)
[18/02/2015]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the chromium packages for multiple
versions of Gentoo Linux. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:security.gentoo.org/glsa/glsa-201502-13.xml
4. Security Updates in Mageia (MGASA-2015-0068,
MGASA-2015-0069, MGASA-2015-0070, MGASA-2015-0071, MGASA-2015-0072,
MGASA-2015-0073)
[18/02/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the patch, postgresql9.0, postgresql9.1, postgresql9.2, postgresql9.3, kernel,
kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox,
kmod-xtables-addons, kmod-broadcom-wl, kmod-fglrx, kmod-nvidia173,
kmod-nvidia304, kmod-nvidia-current, dbus, glibc and x11-server packages for
multiple versions of Mageia. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0068.html
URL:advisories.mageia.org/MGASA-2015-0069.html
URL:advisories.mageia.org/MGASA-2015-0070.html
URL:advisories.mageia.org/MGASA-2015-0071.html
URL:advisories.mageia.org/MGASA-2015-0072.html
URL:advisories.mageia.org/MGASA-2015-0073.html
5. Security Updates in SUSE (SUSE-SU-2015:0298-1,
SUSE-SU-2015:0304-1, SUSE-SU-2015:0306-1)
[18/02/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the clamav, java-1_7_1-ibm and java-1_6_0-ibm packages of SUSE Linux Enterprise
10, 11 and 12. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00020.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00022.html
6. Security Updates in Ubuntu GNU/Linux (USN-2500-1,
USN-2501-1, USN-2502-1)
[18/02/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the xorg-server, xorg-server-lts-trusty, xorg-server-lts-utopic, php5 and unzip
packages for version 12.04 LTS, 14.04 LTS, 14.10 of Ubuntu GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2500-1/
URL:www.ubuntu.com/usn/usn-2501-1/
URL:www.ubuntu.com/usn/usn-2502-1/
7. Vulnerabilities in Cisco
Products
[17/02/2015]
Vulnerabilities were identified in the Cisco ASR
5000 Series Software, Cisco TelePresence Management Suite (TMS) and Cisco
Adaptive Security Appliance (ASA) Software. An attacker could bypass security
restrictions, cause a denial of service condition and crash the system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0617
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0620
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8023
8. Vulnerabilities in IBM Websphere Application Server
(1695392)
[17/02/2015]
Vulnerabilities were identified in the IBM
Websphere Application Server. An attacker could bypass security restrictions,
gain elevated privileges, obtain sensitive information, execute arbitrary code,
perform cross site scripting attacks, cause a denial of service condition and
compromise the system. These vulnerabilities affect multiple versions of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21695392
URL:www.hkcert.org/my_url/en/alert/15021701
9. Vulnerability in Lexmark MarkVision Enterprise
(TE677)
[17/02/2015]
Vulnerability was identified in the Lexmark
MarkVision Enterprise. An attacker could bypass security restrictions, gain
elevated privileges, execute arbitrary code and compromise the system. This
vulnerability affects version 2.0 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:support.lexmark.com/index?page=content&id=TE677&locale=EN&userlocale=EN_US
URL:xforce.iss.net/xforce/xfdb/100913
10.
Vulnerability in UNIT4 Prosoft HRMS
(100903)
[17/02/2015]
Vulnerability was identified in the UNIT4
Prosoft HRMS. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and perform cross-site scripting attacks.
This vulnerability affects versions prior to 8.14.330.43 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/100903
11.
Security Updates in SUSE
(SUSE-SU-2015:0290-1, SUSE-SU-2015:0290-2, SUSE-SU-2015:0011-2,
SUSE-SU-2015:0259-3)
[17/02/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the krb5, bind and ntp packages of SUSE Linux Enterprise 11 and 12. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, perform
brute-force attacks, cause a denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00017.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00018.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00019.html
12.
Security Updates in Slackware
(SSA:2015-047-01, SSA:2015-047-02, SSA:2015-047-03)
[17/02/2015] Slackware has released security update packages for fixing
the vulnerabilities identified in the patch, seamonkey and sudo packages for
multiple versions of Slackware Linux. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, execute arbitrary
code, cause a denial of service condition and crash the
application.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.492777
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.503409
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.513277
13.
Vulnerabilities in F5 Products (SOL16118,
SOL16121, SOL16126, SOL16139)
[16/02/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway,
BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ
Device, BIG-IQ Security, BIG-IQ-ADC, LineRate and Traffix-SDC. An attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, cause a denial of service condition and crash the system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/100/sol16118.html
URL:support.f5.com/kb/en-us/solutions/public/16000/100/sol16121.html
URL:support.f5.com/kb/en-us/solutions/public/16000/100/sol16126.html
URL:support.f5.com/kb/en-us/solutions/public/16000/100/sol16139.html
14.
Vulnerability in Novell NetIQ Sentinel
(5200670)
[16/02/2015]
Vulnerability was identified in the Novell NetIQ
Sentinel. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. This vulnerability affects versions prior to 7.3 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:download.novell.com/Download?buildid=WA2o2ZIiUMM~
15.
Vulnerabilities in Huawei Products
(Huawei-SA-20150213-01-Smartphone, HW-408044)
[16/02/2015] Vulnerabilities were identified in multiple Huawei products.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple firmware
versions of the mentioned
products.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-414289.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-408044.htm
16.
Vulnerability in Henry Spencer regular
expressions library (VU#695940)
[16/02/2015] Vulnerability was identified in the Henry Spencer regular
expressions (regex) C library. An attacker could bypass security restrictions
and execute arbitrary code. This vulnerability affects multiple versions of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/695940
17.
Vulnerability in Linux ASLR
implementation (100900)
[16/02/2015] Vulnerability was identified in the Linux ASLR
implementation. An attacker could bypass security restrictions and execute
arbitrary code. This vulnerability affects version 3.17 of the mentioned
product.
URL:xforce.iss.net/xforce/xfdb/100900
18.
Vulnerability in Video Gallery plugin for
WordPress (100876)
[16/02/2015] Vulnerability was identified in the Video Gallery plugin for
WordPress. An attacker could bypass security restrictions, execute arbitrary
code, perform code injection attacks. This vulnerability affects the mentioned
product for WordPress 2.7. Security patches are available to resolve this
vulnerability.
URL:xforce.iss.net/xforce/xfdb/100876
19.
Security Updates in Gentoo Linux (GLSA
201502-10, GLSA 201502-11, GLSA 201502-12)
[16/02/2015] Gentoo has
released security update packages for fixing the vulnerabilities identified in
the libpng, GNU cpio, oracle jre and oracle jdk packages for multiple versions
of Gentoo Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.gentoo.org/security/en/glsa/glsa-201502-10.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-11.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-12.xml
20.
Security Updates in Mageia
(MGASA-2015-0065, MGASA-2015-0066, MGASA-2015-0067)
[16/02/2015] Mageia has released security update packages for fixing the
vulnerabilities identified in the rsync, krb5 and cups packages for multiple
versions of Mageia. Due to multiple errors, an attacker could bypass security
restrictions, execute arbitrary code, perform impersonation attacks, cause a
denial of service condition and crash the
system.
URL:advisories.mageia.org/MGASA-2015-0065.html
URL:advisories.mageia.org/MGASA-2015-0066.html
URL:advisories.mageia.org/MGASA-2015-0067.html
21.
Security Updates in SUSE
(openSUSE-SU-2015:0285-1, SUSE-SU-2015:0259-2)
[16/02/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the clamav package of openSUSE 13.1 and 13.2, and ntp package of SUSE Linux
Enterprise 11. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, perform
brute-force attacks, cause a denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00015.html
Sunday, February 22, 2015
IT Security Alerts Weekly Digest (8 Feb ~ 14 Feb 2015)
1. Vulnerabilities in F5 Products (SOL16120, SOL16122, SOL16123,
SOL16124, SOL16135, SOL16136)
[13/02/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security, LineRate, Traffix-SDC and Traffix. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/100/sol16120.html
URL:support.f5.com/kb/en-us/solutions/public/16000/100/sol16122.html
URL:support.f5.com/kb/en-us/solutions/public/16000/100/sol16123.html
URL:support.f5.com/kb/en-us/solutions/public/16000/100/sol16124.html
URL:support.f5.com/kb/en-us/solutions/public/16000/100/sol16135.html
URL:support.f5.com/kb/en-us/solutions/public/16000/100/sol16136.html
2. Vulnerability in Elasticsearch (100850)
[13/02/2015] Vulnerability was identified in the Elasticsearch. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise an affected system. This vulnerability affects versions prior to 1.3.8 or 1.4.3 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/100850
3. Vulnerabilities in multiple plugins for WordPress (100846, 100847, 100854)
[13/02/2015] Vulnerabilities were identified in the Ninja Forms plugin and Survey and Poll plugin for WordPress. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting and code injection attacks. These vulnerabilities affect multiple versions of the mentioned plugins. Security patches are available to resolve the vulnerabilities identified in the Ninja Forms plugin.
URL:xforce.iss.net/xforce/xfdb/100846
URL:xforce.iss.net/xforce/xfdb/100847
URL:xforce.iss.net/xforce/xfdb/100854
4. Vulnerability in Xen (XSA-117)
[13/02/2015] Vulnerability was identified in the Xen. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects versions 4.5 or later of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xenbits.xen.org/xsa/advisory-117.html
URL:xforce.iss.net/xforce/xfdb/100868
5. Security Updates in Mandriva (MDVSA-2015:044, MDVSA-2015:045, MDVSA-2015:046, MDVSA-2015:047, MDVSA-2015:048)
[13/02/2015] Mandriva has released security update packages for fixing the vulnerabilities identified in the perl-Gtk2, e2fsprogs, ntp, elfutils and postgresql packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A044/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A045/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A046/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A047/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A048/
6. Security Updates in SUSE (SUSE-SU-2015:0274-1)
[13/02/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the ntp packages of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00013.html
7. Security Updates in Ubuntu GNU/Linux (USN-2488-2)
[13/02/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the clamav package for version 10.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2488-2/
8. Vulnerabilities in Cisco Products (cisco-sa-20150211-csacs)
[12/02/2015] Vulnerabilities were identified in the Cisco Secure Access Control System (ACS) and Cisco Adaptive Security Appliance (ASA) Software. An attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0619
URL:xforce.iss.net/xforce/xfdb/100812
9. Vulnerabilities in Google Chrome
[12/02/2015] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise an affected system. These vulnerabilities affect versions prior to 40.0.2214.114 (Platform version: 6457.94.0) of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.hk/2015/02/stable-channel-update-for-chrome-os.html
URL:www.us-cert.gov/ncas/current-activity/2015/02/10/Google-Releases-Security-Update-Chrome-OS
10. Vulnerabilities in IBM Products (1695362, 1695474)
[12/02/2015] Vulnerabilities were identified in the IBM WebSphere Application Server, IBM SDK Java Technology Edition and IBM SDK Java 2 Technology Edition. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities and the Interim fixes for HP Platforms will be available by 03/31/2015.
URL:www-01.ibm.com/support/docview.wss?uid=swg21695362
URL:www-01.ibm.com/support/docview.wss?uid=swg21695474
11. Security Updates in Oracle Linux (ELSA-2015-0164, ELSA-2015-0165, ELSA-2015-0166)
[12/02/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel and subversion packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-0164.html
URL:linux.oracle.com/errata/ELSA-2015-0165.html
URL:linux.oracle.com/errata/ELSA-2015-0166.html
12. Security Updates in Debian (DSA-3160-1, DSA-3161-1)
[12/02/2015] Debian has released security update packages for fixing the vulnerabilities identified in the xorg-server and dbus packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information and cause a denial of service condition.
URL:www.debian.org/security/2015/dsa-3160
URL:www.debian.org/security/2015/dsa-3161
13. Security Updates in Mageia (MGASA-2015-0058, MGASA-2015-0059, MGASA-2015-0060, MGASA-2015-0061, MGASA-2015-0062, MGASA-2015-0063, MGASA-2015-0064)
[12/02/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the xdg-utils, perl-Gtk2, hivex, e2fsprogs, chromium-browser-stable, ntp and owasp-esapi-java packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2015-0058.html
URL:advisories.mageia.org/MGASA-2015-0059.html
URL:advisories.mageia.org/MGASA-2015-0060.html
URL:advisories.mageia.org/MGASA-2015-0061.html
URL:advisories.mageia.org/MGASA-2015-0062.html
URL:advisories.mageia.org/MGASA-2015-0063.html
URL:advisories.mageia.org/MGASA-2015-0064.html
14. Security Updates in SUSE (openSUSE-SU-2015:0256-1, SUSE-SU-2015:0257-1, SUSE-SU-2015:0259-1)
[12/02/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the xen package of openSUSE 13.2, and krb5 and ntp packages of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00012.html
15. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0163-1, RHSA-2015:0164-1, RHSA-2015:0165-1, RHSA-2015:0166-1)
[12/02/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the chromium-browser and subversion packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-0163.html
URL:rhn.redhat.com/errata/RHSA-2015-0164.html
URL:rhn.redhat.com/errata/RHSA-2015-0165.html
URL:rhn.redhat.com/errata/RHSA-2015-0166.html
16. Security Updates in Ubuntu GNU/Linux (USN-2499-1)
[12/02/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the postgresql-8.4, postgresql-9.1, postgresql-9.3 and postgresql-9.4 packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform code injection attacks, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2499-1/
17. Vulnerabilities in Microsoft Products (3000483, 3004361, 3029944, 3031432, 3032328, 3033857, 3034682, 3035898, 3036220)
[11/02/2015] Vulnerabilities were identified in the Microsoft Internet Explorer, Microsoft Windows, Microsoft Windows Server, Microsoft SharePoint Server, Microsoft Office, Microsoft Office Compatibility Pack, Excel Viewer, Word Viewer, Microsoft Office Web Apps and Microsoft System Center Virtual Machine Manager. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:technet.microsoft.com/library/security/ms15-feb
URL:technet.microsoft.com/library/security/MS15-009
URL:technet.microsoft.com/library/security/MS15-010
URL:technet.microsoft.com/library/security/MS15-011
URL:technet.microsoft.com/library/security/MS15-012
URL:technet.microsoft.com/library/security/MS15-013
URL:technet.microsoft.com/library/security/MS15-014
URL:technet.microsoft.com/library/security/MS15-015
URL:technet.microsoft.com/library/security/MS15-016
URL:technet.microsoft.com/library/security/MS15-017
URL:www.hkcert.org/my_url/en/alert/15021101
URL:www.hkcert.org/my_url/en/alert/15021102
URL:www.hkcert.org/my_url/en/alert/15021103
URL:www.hkcert.org/my_url/en/alert/15021104
URL:www.hkcert.org/my_url/en/alert/15021105
URL:www.hkcert.org/my_url/en/alert/15021106
URL:www.hkcert.org/my_url/en/alert/15021107
URL:www.hkcert.org/my_url/en/alert/15021108
URL:www.hkcert.org/my_url/en/alert/15021109
URL:www.us-cert.gov/ncas/current-activity/2015/02/10/Microsoft-Releases-Critical-Security-Bulletin
URL:www.us-cert.gov/ncas/current-activity/2015/02/10/Microsoft-Releases-Critical-Security-Update-Internet-Explorer
URL:xforce.iss.net/xforce/xfdb/100426
URL:xforce.iss.net/xforce/xfdb/100428
URL:xforce.iss.net/xforce/xfdb/100430
URL:xforce.iss.net/xforce/xfdb/100431
URL:xforce.iss.net/xforce/xfdb/100432
URL:xforce.iss.net/xforce/xfdb/100433
URL:xforce.iss.net/xforce/xfdb/100435
URL:xforce.iss.net/xforce/xfdb/100439
URL:xforce.iss.net/xforce/xfdb/99525
18. Information Updates on Microsoft Security Advisories (3004375, 3009008)
[11/02/2015] Microsoft has updated information on the Security Advisories for the Microsoft Windows. (A) KB3004375 was announced the availability of an update to improve Windows command-line auditing. (B) KB3009008 was announced that SSL 3.0 fallback attempts are disabled by default in Internet Explorer 11.
URL:technet.microsoft.com/en-us/library/security/3004375
URL:technet.microsoft.com/en-us/library/security/3009008
19. Vulnerability in Adobe Reader for Macintosh
[11/02/2015] Vulnerability was identified in the Adobe Reader for Macintosh. An attacker could bypass security restrictions, execute arbitrary code and compromise the system. This vulnerability affects version 11.0.10 running on Macintosh OS X of the mentioned product.
URL:www.hkcert.org/my_url/en/alert/15021110
20. Vulnerabilities in Cisco Products
[11/02/2015] Vulnerabilities were identified in the Cisco IOS Software and Cisco TelePresence. An attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0606
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0608
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0609
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0610
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0611
URL:www.hkcert.org/my_url/en/alert/15021111
21. Vulnerabilities in Asterisk (AST-2015-001, AST-2015-002)
[11/02/2015] Vulnerabilities were identified in the Asterisk. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:downloads.asterisk.org/pub/security/AST-2015-001.html
URL:downloads.asterisk.org/pub/security/AST-2015-002.html
22. Vulnerabilities in moodle (MDL-48980, MDL-48990)
[11/02/2015] Vulnerabilities were identified in the moodle. An attacker could bypass security restrictions and obtain sensitive information. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:moodle.org/security/
URL:moodle.org/mod/forum/discuss.php?d=279956#p1202839
23. Security Updates in Debian (DSA-3159-1)
[11/02/2015] Debian has released security update packages for fixing the vulnerabilities identified in the ruby1.8 package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3159
24. Security Updates in Mandriva (MDVSA-2015:039, MDVSA-2015:040, MDVSA-2015:041, MDVSA-2015:042, MDVSA-2015:043)
[11/02/2015] Mandriva has released security update packages for fixing the vulnerabilities identified in the glibc, zarafa, cabextract, clamav and otrs packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A039/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A040/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A041/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A042/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A043/
25. Security Updates in Ubuntu GNU/Linux (USN-2495-1, USN-2498-1)
[11/02/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the oxide-qt and krb5 packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2495-1/
URL:www.ubuntu.com/usn/usn-2498-1/
26. Vulnerability in Apache Tomcat
[10/02/2015] Vulnerability was identified in the Apache Tomcat. An attacker could bypass security restrictions, execute arbitrary code and compromise the system. This vulnerability affects versions prior to 6.0.43, 7.0.55 or 8.0.9 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tomcat.apache.org/security-6.html
URL:tomcat.apache.org/security-7.html
URL:tomcat.apache.org/security-8.html
URL:xforce.iss.net/xforce/xfdb/100751
27. Vulnerabilities in Cisco Products
[10/02/2015] Vulnerabilities were identified in the Cisco Prime Infrastructure, Cisco Prime Security Manager and Cisco IOS Software. An attacker could bypass security restrictions, execute arbitrary code, perform cross-frame scripting, cross-site request forgery and cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2147
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2152
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2153
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3365
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0592
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0593
URL:xforce.iss.net/xforce/xfdb/100746
URL:xforce.iss.net/xforce/xfdb/100747
URL:xforce.iss.net/xforce/xfdb/100755
URL:xforce.iss.net/xforce/xfdb/100756
28. Vulnerabilities in Ektron Content Management System (VU#377644)
[10/02/2015] Vulnerabilities were identified in Ektron Content Management System. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.kb.cert.org/vuls/id/377644
29. Vulnerability in LG On-Screen Phone (100733)
[10/02/2015] Vulnerability was identified in the LG On-Screen Phone. An attacker could bypass security restrictions and compromise the system. This vulnerability affects firmware versions prior to 4.3.010 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/100733
30. Vulnerability in eFront (100735)
[10/02/2015] Vulnerability was identified in the eFront. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects versions prior to 3.6.15.3 - build 18022 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/100735
31. Security Updates in Debian (DSA-3157-1, DSA-3158-1)
[10/02/2015] Debian has released security update packages for fixing the vulnerabilities identified in the ruby1.9.1 and unrtf packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3157
URL:www.debian.org/security/2015/dsa-3158
32. Security Updates in Mageia (MGASA-2015-0055, MGASA-2015-0056, MGASA-2015-0057)
[10/02/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the polarssl, clamav and moodle packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2015-0055.html
URL:advisories.mageia.org/MGASA-2015-0056.html
URL:advisories.mageia.org/MGASA-2015-0057.html
33. Security Updates in Ubuntu GNU/Linux (USN-2496-1, USN-2497-1)
[10/02/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the binutils and ntp packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2496-1/
URL:www.ubuntu.com/usn/usn-2497-1/
34. Vulnerabilities in Apple OS X (HT202681)
[09/02/2015] Vulnerabilities were identified in the Flash Player plug-in for Apple OS X. An attacker could bypass security restrictions, execute arbitrary code and compromise the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-us/HT202681
URL:prod.lists.apple.com/archives/security-announce/2015/Feb/msg00000.html
35. Vulnerabilities in Cisco Products
[09/02/2015] Vulnerabilities were identified in the Cisco Adaptive Security Appliance (ASA) Software and Cisco Email Security Appliance (ESA). An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5557
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0605
URL:xforce.iss.net/xforce/xfdb/100694
36. Vulnerability in Juniper ScreenOS (JSA10624)
[09/02/2015] Vulnerability was identified in the firewalls of Juniper ScreenOS. An attacker could cause a denial of service condition and crash the system. This vulnerability affects versions prior to 6.3.0r17 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:kb.juniper.net/index?page=content&id=JSA10624
37. Vulnerabilities in Novell ZENworks Configuration Management (5200561)
[09/02/2015] Vulnerabilities were identified in Novell ZENworks Configuration Management. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform code injection attacks, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=yh9N1NeIQX0~
38. Vulnerability in libfcgi (100696)
[09/02/2015] Vulnerability was identified in the libfcgi. An attacker cause a denial of service condition. This vulnerability affects versions prior to 2.4.0-8.3 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/100696
39. Security Updates in Debian (DSA-3155-1)
[09/02/2015] Debian has released security update packages for fixing the vulnerabilities identified in the postgresql-9.1 package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform code injection attacks, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3155
40. Security Updates in Gentoo Linux (GLSA 201502-01, GLSA 201502-02, GLSA 201502-03, GLSA 201502-04, GLSA 201502-05, GLSA 201502-06, GLSA 201502-07, GLSA 201502-08, GLSA 201502-09)
[09/02/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the mpg123, adobe-flash, bind, mediawiki, tcpdump, nginx, libevent, libav and antiword packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.gentoo.org/security/en/glsa/glsa-201502-01.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-02.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-03.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-04.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-05.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-06.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-07.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-08.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-09.xml
41. Security Updates in Mandriva (MDVSA-2015:033, MDVSA-2015:034, MDVSA-2015:035, MDVSA-2015:036, MDVSA-2015:037)
[09/02/2015] Mandriva has released security update packages for fixing the vulnerabilities identified in the java-1.7.0-openjdk, jasper, libvirt, python-django and vorbis-tools packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform code injection attacks, cause a denial of service condition and compromise the system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A033/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A034/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A035/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A036/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A037/
42. Security Updates in Mageia (MGASA-2015-0054)
[09/02/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the flash-player-plugin package for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0054.html
43. Security Updates in SUSE (openSUSE-SU-2015:0226-1, SUSE-SU-2015:0236-1, openSUSE-SU-2015:0237-1, openSUSE-SU-2015:0238-1, SUSE-SU-2015:0239-1)
[09/02/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the xen and flash-player packages of openSUSE 13.1 and 13.2, openSUSE Evergreen 11.4, and flash-player, flash-player-gnome and flash-player-kde4 packages of SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html
44. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0140-1)
[09/02/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the Adobe Flash Player package for Red Hat Enterprise 5 and 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-0140.html
Source(s) of above information:
[13/02/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security, LineRate, Traffix-SDC and Traffix. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/100/sol16120.html
URL:support.f5.com/kb/en-us/solutions/public/16000/100/sol16122.html
URL:support.f5.com/kb/en-us/solutions/public/16000/100/sol16123.html
URL:support.f5.com/kb/en-us/solutions/public/16000/100/sol16124.html
URL:support.f5.com/kb/en-us/solutions/public/16000/100/sol16135.html
URL:support.f5.com/kb/en-us/solutions/public/16000/100/sol16136.html
2. Vulnerability in Elasticsearch (100850)
[13/02/2015] Vulnerability was identified in the Elasticsearch. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise an affected system. This vulnerability affects versions prior to 1.3.8 or 1.4.3 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/100850
3. Vulnerabilities in multiple plugins for WordPress (100846, 100847, 100854)
[13/02/2015] Vulnerabilities were identified in the Ninja Forms plugin and Survey and Poll plugin for WordPress. An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting and code injection attacks. These vulnerabilities affect multiple versions of the mentioned plugins. Security patches are available to resolve the vulnerabilities identified in the Ninja Forms plugin.
URL:xforce.iss.net/xforce/xfdb/100846
URL:xforce.iss.net/xforce/xfdb/100847
URL:xforce.iss.net/xforce/xfdb/100854
4. Vulnerability in Xen (XSA-117)
[13/02/2015] Vulnerability was identified in the Xen. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects versions 4.5 or later of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xenbits.xen.org/xsa/advisory-117.html
URL:xforce.iss.net/xforce/xfdb/100868
5. Security Updates in Mandriva (MDVSA-2015:044, MDVSA-2015:045, MDVSA-2015:046, MDVSA-2015:047, MDVSA-2015:048)
[13/02/2015] Mandriva has released security update packages for fixing the vulnerabilities identified in the perl-Gtk2, e2fsprogs, ntp, elfutils and postgresql packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A044/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A045/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A046/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A047/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A048/
6. Security Updates in SUSE (SUSE-SU-2015:0274-1)
[13/02/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the ntp packages of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00013.html
7. Security Updates in Ubuntu GNU/Linux (USN-2488-2)
[13/02/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the clamav package for version 10.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2488-2/
8. Vulnerabilities in Cisco Products (cisco-sa-20150211-csacs)
[12/02/2015] Vulnerabilities were identified in the Cisco Secure Access Control System (ACS) and Cisco Adaptive Security Appliance (ASA) Software. An attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0619
URL:xforce.iss.net/xforce/xfdb/100812
9. Vulnerabilities in Google Chrome
[12/02/2015] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise an affected system. These vulnerabilities affect versions prior to 40.0.2214.114 (Platform version: 6457.94.0) of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.hk/2015/02/stable-channel-update-for-chrome-os.html
URL:www.us-cert.gov/ncas/current-activity/2015/02/10/Google-Releases-Security-Update-Chrome-OS
10. Vulnerabilities in IBM Products (1695362, 1695474)
[12/02/2015] Vulnerabilities were identified in the IBM WebSphere Application Server, IBM SDK Java Technology Edition and IBM SDK Java 2 Technology Edition. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities and the Interim fixes for HP Platforms will be available by 03/31/2015.
URL:www-01.ibm.com/support/docview.wss?uid=swg21695362
URL:www-01.ibm.com/support/docview.wss?uid=swg21695474
11. Security Updates in Oracle Linux (ELSA-2015-0164, ELSA-2015-0165, ELSA-2015-0166)
[12/02/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel and subversion packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-0164.html
URL:linux.oracle.com/errata/ELSA-2015-0165.html
URL:linux.oracle.com/errata/ELSA-2015-0166.html
12. Security Updates in Debian (DSA-3160-1, DSA-3161-1)
[12/02/2015] Debian has released security update packages for fixing the vulnerabilities identified in the xorg-server and dbus packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information and cause a denial of service condition.
URL:www.debian.org/security/2015/dsa-3160
URL:www.debian.org/security/2015/dsa-3161
13. Security Updates in Mageia (MGASA-2015-0058, MGASA-2015-0059, MGASA-2015-0060, MGASA-2015-0061, MGASA-2015-0062, MGASA-2015-0063, MGASA-2015-0064)
[12/02/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the xdg-utils, perl-Gtk2, hivex, e2fsprogs, chromium-browser-stable, ntp and owasp-esapi-java packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2015-0058.html
URL:advisories.mageia.org/MGASA-2015-0059.html
URL:advisories.mageia.org/MGASA-2015-0060.html
URL:advisories.mageia.org/MGASA-2015-0061.html
URL:advisories.mageia.org/MGASA-2015-0062.html
URL:advisories.mageia.org/MGASA-2015-0063.html
URL:advisories.mageia.org/MGASA-2015-0064.html
14. Security Updates in SUSE (openSUSE-SU-2015:0256-1, SUSE-SU-2015:0257-1, SUSE-SU-2015:0259-1)
[12/02/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the xen package of openSUSE 13.2, and krb5 and ntp packages of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00012.html
15. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0163-1, RHSA-2015:0164-1, RHSA-2015:0165-1, RHSA-2015:0166-1)
[12/02/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the chromium-browser and subversion packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-0163.html
URL:rhn.redhat.com/errata/RHSA-2015-0164.html
URL:rhn.redhat.com/errata/RHSA-2015-0165.html
URL:rhn.redhat.com/errata/RHSA-2015-0166.html
16. Security Updates in Ubuntu GNU/Linux (USN-2499-1)
[12/02/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the postgresql-8.4, postgresql-9.1, postgresql-9.3 and postgresql-9.4 packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform code injection attacks, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2499-1/
17. Vulnerabilities in Microsoft Products (3000483, 3004361, 3029944, 3031432, 3032328, 3033857, 3034682, 3035898, 3036220)
[11/02/2015] Vulnerabilities were identified in the Microsoft Internet Explorer, Microsoft Windows, Microsoft Windows Server, Microsoft SharePoint Server, Microsoft Office, Microsoft Office Compatibility Pack, Excel Viewer, Word Viewer, Microsoft Office Web Apps and Microsoft System Center Virtual Machine Manager. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:technet.microsoft.com/library/security/ms15-feb
URL:technet.microsoft.com/library/security/MS15-009
URL:technet.microsoft.com/library/security/MS15-010
URL:technet.microsoft.com/library/security/MS15-011
URL:technet.microsoft.com/library/security/MS15-012
URL:technet.microsoft.com/library/security/MS15-013
URL:technet.microsoft.com/library/security/MS15-014
URL:technet.microsoft.com/library/security/MS15-015
URL:technet.microsoft.com/library/security/MS15-016
URL:technet.microsoft.com/library/security/MS15-017
URL:www.hkcert.org/my_url/en/alert/15021101
URL:www.hkcert.org/my_url/en/alert/15021102
URL:www.hkcert.org/my_url/en/alert/15021103
URL:www.hkcert.org/my_url/en/alert/15021104
URL:www.hkcert.org/my_url/en/alert/15021105
URL:www.hkcert.org/my_url/en/alert/15021106
URL:www.hkcert.org/my_url/en/alert/15021107
URL:www.hkcert.org/my_url/en/alert/15021108
URL:www.hkcert.org/my_url/en/alert/15021109
URL:www.us-cert.gov/ncas/current-activity/2015/02/10/Microsoft-Releases-Critical-Security-Bulletin
URL:www.us-cert.gov/ncas/current-activity/2015/02/10/Microsoft-Releases-Critical-Security-Update-Internet-Explorer
URL:xforce.iss.net/xforce/xfdb/100426
URL:xforce.iss.net/xforce/xfdb/100428
URL:xforce.iss.net/xforce/xfdb/100430
URL:xforce.iss.net/xforce/xfdb/100431
URL:xforce.iss.net/xforce/xfdb/100432
URL:xforce.iss.net/xforce/xfdb/100433
URL:xforce.iss.net/xforce/xfdb/100435
URL:xforce.iss.net/xforce/xfdb/100439
URL:xforce.iss.net/xforce/xfdb/99525
18. Information Updates on Microsoft Security Advisories (3004375, 3009008)
[11/02/2015] Microsoft has updated information on the Security Advisories for the Microsoft Windows. (A) KB3004375 was announced the availability of an update to improve Windows command-line auditing. (B) KB3009008 was announced that SSL 3.0 fallback attempts are disabled by default in Internet Explorer 11.
URL:technet.microsoft.com/en-us/library/security/3004375
URL:technet.microsoft.com/en-us/library/security/3009008
19. Vulnerability in Adobe Reader for Macintosh
[11/02/2015] Vulnerability was identified in the Adobe Reader for Macintosh. An attacker could bypass security restrictions, execute arbitrary code and compromise the system. This vulnerability affects version 11.0.10 running on Macintosh OS X of the mentioned product.
URL:www.hkcert.org/my_url/en/alert/15021110
20. Vulnerabilities in Cisco Products
[11/02/2015] Vulnerabilities were identified in the Cisco IOS Software and Cisco TelePresence. An attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0606
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0608
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0609
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0610
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0611
URL:www.hkcert.org/my_url/en/alert/15021111
21. Vulnerabilities in Asterisk (AST-2015-001, AST-2015-002)
[11/02/2015] Vulnerabilities were identified in the Asterisk. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:downloads.asterisk.org/pub/security/AST-2015-001.html
URL:downloads.asterisk.org/pub/security/AST-2015-002.html
22. Vulnerabilities in moodle (MDL-48980, MDL-48990)
[11/02/2015] Vulnerabilities were identified in the moodle. An attacker could bypass security restrictions and obtain sensitive information. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:moodle.org/security/
URL:moodle.org/mod/forum/discuss.php?d=279956#p1202839
23. Security Updates in Debian (DSA-3159-1)
[11/02/2015] Debian has released security update packages for fixing the vulnerabilities identified in the ruby1.8 package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3159
24. Security Updates in Mandriva (MDVSA-2015:039, MDVSA-2015:040, MDVSA-2015:041, MDVSA-2015:042, MDVSA-2015:043)
[11/02/2015] Mandriva has released security update packages for fixing the vulnerabilities identified in the glibc, zarafa, cabextract, clamav and otrs packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A039/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A040/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A041/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A042/
URL:www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2015%3A043/
25. Security Updates in Ubuntu GNU/Linux (USN-2495-1, USN-2498-1)
[11/02/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the oxide-qt and krb5 packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2495-1/
URL:www.ubuntu.com/usn/usn-2498-1/
26. Vulnerability in Apache Tomcat
[10/02/2015] Vulnerability was identified in the Apache Tomcat. An attacker could bypass security restrictions, execute arbitrary code and compromise the system. This vulnerability affects versions prior to 6.0.43, 7.0.55 or 8.0.9 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tomcat.apache.org/security-6.html
URL:tomcat.apache.org/security-7.html
URL:tomcat.apache.org/security-8.html
URL:xforce.iss.net/xforce/xfdb/100751
27. Vulnerabilities in Cisco Products
[10/02/2015] Vulnerabilities were identified in the Cisco Prime Infrastructure, Cisco Prime Security Manager and Cisco IOS Software. An attacker could bypass security restrictions, execute arbitrary code, perform cross-frame scripting, cross-site request forgery and cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2147
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2152
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2153
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3365
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0592
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0593
URL:xforce.iss.net/xforce/xfdb/100746
URL:xforce.iss.net/xforce/xfdb/100747
URL:xforce.iss.net/xforce/xfdb/100755
URL:xforce.iss.net/xforce/xfdb/100756
28. Vulnerabilities in Ektron Content Management System (VU#377644)
[10/02/2015] Vulnerabilities were identified in Ektron Content Management System. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges and execute arbitrary code. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.kb.cert.org/vuls/id/377644
29. Vulnerability in LG On-Screen Phone (100733)
[10/02/2015] Vulnerability was identified in the LG On-Screen Phone. An attacker could bypass security restrictions and compromise the system. This vulnerability affects firmware versions prior to 4.3.010 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/100733
30. Vulnerability in eFront (100735)
[10/02/2015] Vulnerability was identified in the eFront. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects versions prior to 3.6.15.3 - build 18022 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/100735
31. Security Updates in Debian (DSA-3157-1, DSA-3158-1)
[10/02/2015] Debian has released security update packages for fixing the vulnerabilities identified in the ruby1.9.1 and unrtf packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3157
URL:www.debian.org/security/2015/dsa-3158
32. Security Updates in Mageia (MGASA-2015-0055, MGASA-2015-0056, MGASA-2015-0057)
[10/02/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the polarssl, clamav and moodle packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2015-0055.html
URL:advisories.mageia.org/MGASA-2015-0056.html
URL:advisories.mageia.org/MGASA-2015-0057.html
33. Security Updates in Ubuntu GNU/Linux (USN-2496-1, USN-2497-1)
[10/02/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the binutils and ntp packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2496-1/
URL:www.ubuntu.com/usn/usn-2497-1/
34. Vulnerabilities in Apple OS X (HT202681)
[09/02/2015] Vulnerabilities were identified in the Flash Player plug-in for Apple OS X. An attacker could bypass security restrictions, execute arbitrary code and compromise the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-us/HT202681
URL:prod.lists.apple.com/archives/security-announce/2015/Feb/msg00000.html
35. Vulnerabilities in Cisco Products
[09/02/2015] Vulnerabilities were identified in the Cisco Adaptive Security Appliance (ASA) Software and Cisco Email Security Appliance (ESA). An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5557
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0605
URL:xforce.iss.net/xforce/xfdb/100694
36. Vulnerability in Juniper ScreenOS (JSA10624)
[09/02/2015] Vulnerability was identified in the firewalls of Juniper ScreenOS. An attacker could cause a denial of service condition and crash the system. This vulnerability affects versions prior to 6.3.0r17 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:kb.juniper.net/index?page=content&id=JSA10624
37. Vulnerabilities in Novell ZENworks Configuration Management (5200561)
[09/02/2015] Vulnerabilities were identified in Novell ZENworks Configuration Management. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform code injection attacks, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=yh9N1NeIQX0~
38. Vulnerability in libfcgi (100696)
[09/02/2015] Vulnerability was identified in the libfcgi. An attacker cause a denial of service condition. This vulnerability affects versions prior to 2.4.0-8.3 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/100696
39. Security Updates in Debian (DSA-3155-1)
[09/02/2015] Debian has released security update packages for fixing the vulnerabilities identified in the postgresql-9.1 package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform code injection attacks, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3155
40. Security Updates in Gentoo Linux (GLSA 201502-01, GLSA 201502-02, GLSA 201502-03, GLSA 201502-04, GLSA 201502-05, GLSA 201502-06, GLSA 201502-07, GLSA 201502-08, GLSA 201502-09)
[09/02/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the mpg123, adobe-flash, bind, mediawiki, tcpdump, nginx, libevent, libav and antiword packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.gentoo.org/security/en/glsa/glsa-201502-01.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-02.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-03.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-04.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-05.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-06.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-07.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-08.xml
URL:www.gentoo.org/security/en/glsa/glsa-201502-09.xml
41. Security Updates in Mandriva (MDVSA-2015:033, MDVSA-2015:034, MDVSA-2015:035, MDVSA-2015:036, MDVSA-2015:037)
[09/02/2015] Mandriva has released security update packages for fixing the vulnerabilities identified in the java-1.7.0-openjdk, jasper, libvirt, python-django and vorbis-tools packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform code injection attacks, cause a denial of service condition and compromise the system.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A033/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A034/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A035/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A036/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A037/
42. Security Updates in Mageia (MGASA-2015-0054)
[09/02/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the flash-player-plugin package for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0054.html
43. Security Updates in SUSE (openSUSE-SU-2015:0226-1, SUSE-SU-2015:0236-1, openSUSE-SU-2015:0237-1, openSUSE-SU-2015:0238-1, SUSE-SU-2015:0239-1)
[09/02/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the xen and flash-player packages of openSUSE 13.1 and 13.2, openSUSE Evergreen 11.4, and flash-player, flash-player-gnome and flash-player-kde4 packages of SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html
44. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0140-1)
[09/02/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the Adobe Flash Player package for Red Hat Enterprise 5 and 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-0140.html
Source(s) of above information:
Monday, February 9, 2015
IT Security Alerts Weekly Digest (1 Feb ~ 7 Feb 2015)
1. Vulnerabilities in OpenH264 plugin for Mozilla Firefox (MFSA
2015-10)
[06/02/2015] Vulnerabilities were identified in the OpenH264 plugin for Mozilla Firefox. An attacker could bypass security restriction, execute arbitrary code, cause a denial of service condition and crash the application. These vulnerabilities affect versions prior to 1.3 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-10/
2. Vulnerabilities in Adobe Flash Player (APSB15-04)
[06/02/2015] Vulnerabilities were identified in the Adobe Flash Player. An attacker could bypass security restrictions, execute arbitrary code and compromise the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:helpx.adobe.com/security/products/flash-player/apsb15-04.html
URL:technet.microsoft.com/library/security/2755801.aspx
URL:www.hkcert.org/my_url/en/alert/15020601
URL:www.us-cert.gov/ncas/current-activity/2015/02/05/Adobe-Releases-Security-Updates-Flash-Player
3. Vulnerabilities in Google Chrome
[06/02/2015] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise an affected system. These vulnerabilities affect versions prior to 40.0.2214.111 of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.hk/2015/02/stable-channel-update.html
URL:www.us-cert.gov/ncas/current-activity/2015/02/05/Google-Releases-Security-Updates-Chrome
4. Vulnerability in Topline Systems Opportunity Form (VU#669156)
[06/02/2015] Vulnerability was identified in the Topline Systems Opportunity Form. An attacker could obtain sensitive information, execute arbitrary code and compromise the system. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.kb.cert.org/vuls/id/669156
5. Vulnerabilities in Ektron Content Management System (VU#377644)
[06/02/2015] Vulnerabilities were identified in the Ektron Content Management System (CMS). An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and perform code injection attacks. These vulnerabilities affect multiple versions of the mentioned product.
URL:www.kb.cert.org/vuls/id/377644
6. Vulnerability in Fork CMS (100668)
[06/02/2015] Vulnerability was identified in the Fork CMS. An attacker could perform code injection attacks. This vulnerability affects versions prior to 3.8.6 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/100668
7. Vulnerabilities in Multiple modules for Drupal (DRUPAL-SA-CONTRIB-2015-034, DRUPAL-SA-CONTRIB-2015-035, DRUPAL-SA-CONTRIB-2015-036, DRUPAL-SA-CONTRIB-2015-037, DRUPAL-SA-CONTRIB-2015-038)
[06/02/2015] Vulnerabilities were identified in the Commerce WeDeal, Ajax Timeline, Public Download Count, Path Breadcrumbs and Facebook Album Fetcher modules for Drupal. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise an affected system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities except those in Facebook Album Fetcher.
URL:www.drupal.org/security/contrib
URL:xforce.iss.net/xforce/xfdb/100653
URL:xforce.iss.net/xforce/xfdb/100654
URL:xforce.iss.net/xforce/xfdb/100655
URL:xforce.iss.net/xforce/xfdb/100656
8. Security Updates in Debian (DSA-3154-1)
[06/02/2015] Debian has released security update packages for fixing the vulnerabilities identified in the ntp package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3154
9. Security Updates in Mandriva (MDVSA-2015:028, MDVSA-2015:029, MDVSA-2015:030, MDVSA-2015:031, MDVSA-2015:032)
[06/02/2015] Mandriva has released security update packages for fixing the vulnerabilities identified in the aircrack-ng, binutils, bugzilla, busybox and php packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A028/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A029/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A030/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A031/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A032/
10. Security Updates in Mageia (MGASA-2015-0049, MGASA-2015-0050, MGASA-2015-0051, MGASA-2015-0052, MGASA-2015-0053)
[06/02/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the zarafa, hexchat, vorbis-tools, cabextract and vlc packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform spoofing attacks, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2015-0049.html
URL:advisories.mageia.org/MGASA-2015-0050.html
URL:advisories.mageia.org/MGASA-2015-0051.html
URL:advisories.mageia.org/MGASA-2015-0052.html
URL:advisories.mageia.org/MGASA-2015-0053.html
11. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0126-1, RHSA-2015:0133-1, RHSA-2015:0134-1, RHSA-2015:0135-1, RHSA-2015:0136-1)
[06/02/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the rhev-hypervisor6 package for Red Hat Enterprise Virtualization 3, java-1.7.1-ibm, java-1.7.0-ibm, java-1.6.0-ibm and java-1.5.0-ibm packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-0126.html
URL:rhn.redhat.com/errata/RHSA-2015-0133.html
URL:rhn.redhat.com/errata/RHSA-2015-0134.html
URL:rhn.redhat.com/errata/RHSA-2015-0135.html
URL:rhn.redhat.com/errata/RHSA-2015-0136.html
12. Information Updates on Security Bulletin for Adobe Flash Player (APSA15-02)
[05/02/2015] Adobe has updated information on the Security Bulletin for the Adobe Flash Player. APSA15-02 was updated to include the security patches delivered via auto-update.
URL:helpx.adobe.com/security/products/flash-player/apsa15-02.html
13. Vulnerability in Cisco WebEx Meetings Server (cisco-sa-20150204-wbx)
[05/02/2015] Vulnerability was identified in the Cisco WebEx Meetings Server. An attacker could bypass security restrictions, execute arbitrary code and perform code injection attacks. This vulnerability affects versions 1.0, 1.1 and 1.5 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx
14. Vulnerability in HP SiteScope (c04539443)
[05/02/2015] Vulnerability was identified in the HP SiteScope. An attacker could gain elevated privileges. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04539443
URL:xforce.iss.net/xforce/xfdb/100642
15. Vulnerability in Huawei products (HW_413100)
[05/02/2015] Vulnerability was identified in multiple Huawei products. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple firmware versions of the mentioned products.
URL:www.huawei.com/ilink/en/security/psirt/security-bulletins/security-notices/HW_413100
16. Vulnerabilities in Network Time Protocol daemon (VU#852879)
[05/02/2015] Vulnerabilities were identified in the Network Time Protocol daemon (ntpd). An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges and execute arbitrary code. These vulnerabilities affect versions prior to 4.2.8p1 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.kb.cert.org/vuls/id/852879
17. Vulnerability in Pragyan CMS (100634)
[05/02/2015] Vulnerability was identified in the Pragyan CMS. An attacker could perform code injection attacks. This vulnerability affects version 3 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/100634
18. Vulnerability in My Little Forum (100616)
[05/02/2015] Vulnerability was identified in the My Little Forum. An attacker could perform cross-site scripting attacks and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/100616
19. Security Updates in Debian (DSA-3153-1)
[05/02/2015] Debian has released security update packages for fixing the vulnerabilities identified in the krb5 package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3153
20. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0115-1, RHSA-2015:0116-1, RHSA-2015:0117-1, RHSA-2015:0118-1)
[05/02/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the kernel, mysql55-mysql, mariadb55-mariadb and mariadb packages for Red Hat Software Collections 1, and Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-0115.html
URL:rhn.redhat.com/errata/RHSA-2015-0116.html
URL:rhn.redhat.com/errata/RHSA-2015-0117.html
URL:rhn.redhat.com/errata/RHSA-2015-0118.html
21. Security Updates in Ubuntu GNU/Linux (USN-2469-2, USN-2494-1)
[05/02/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the python-django and file packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting and spoofing attacks, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2469-2/
URL:www.ubuntu.com/usn/usn-2494-1/
22. Vulnerabilities in Cisco Unified IP Phone 9900 Series
[04/02/2015] Vulnerabilities were identified in the Cisco Unified IP Phone 9900 Series. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0600
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0601
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0602
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0603
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0604
23. Vulnerability in BELLBRIDGE SIPhone Enterprise PBX (100582)
[04/02/2015] Vulnerability was identified in the BELLBRIDGE SIPhone Enterprise PBX. An attacker could perform code injection attacks. The affected version was not specified.
URL:xforce.iss.net/xforce/xfdb/100582
24. Vulnerabilities in VLC multimedia player and streamer
[04/02/2015] Vulnerabilities were identified in the VLC multimedia player and streamer. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 2.0.3-5+deb7u2 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.hkcert.org/my_url/en/alert/15020401
25. Vulnerability in UniPDF (100577)
[04/02/2015] Vulnerability was identified in the UniPDF. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects version 1.1 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/100577
26. Vulnerability in NPDS Revolution (100584)
[04/02/2015] Vulnerability was identified in the NPDS Revolution. An attacker could perform code injection attacks. This vulnerability affects version 13 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/100584
27. Vulnerability in SnipSnap (100585)
[04/02/2015] Vulnerability was identified in the SnipSnap. An attacker could perform cross-site scripting attacks and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/100585
28. Vulnerability in Sefrengo CMS (100586)
[04/02/2015] Vulnerability was identified in the Sefrengo CMS. An attacker could perform code injection attacks. This vulnerability affects versions prior to 1.6.2 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/100586
29. Vulnerabilities in multiple plugins for WordPress (100583, 100587)
[04/02/2015] Vulnerabilities were identified in the Banner Effect Header plugin and Quasar Theme plugin for WordPress. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve the vulnerability identified in Banner Effect Header plugin.
URL:xforce.iss.net/xforce/xfdb/100583
URL:xforce.iss.net/xforce/xfdb/100587
30. Security Updates in Oracle Linux (ELSA-2015-0118)
[04/02/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the mariadb package for Oracle Linux 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-0118.html
31. Security Updates in Debian (DSA-3151-1, DSA-3152-1)
[04/02/2015] Debian has released security update packages for fixing the vulnerabilities identified in the python-django and unzip packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3151
URL:www.debian.org/security/2015/dsa-3152
32. Security Updates in Ubuntu GNU/Linux (USN-2489-1, USN-2490-1, USN-2491-1, USN-2492-1, USN-2493-1)
[04/02/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the unzip, linux, linux-ec2 and linux-ti-omap4 packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2489-1/
URL:www.ubuntu.com/usn/usn-2490-1/
URL:www.ubuntu.com/usn/usn-2491-1/
URL:www.ubuntu.com/usn/usn-2492-1/
URL:www.ubuntu.com/usn/usn-2493-1/
33. Vulnerability in Adobe Flash Player (APSA15-02)
[03/02/2015] Vulnerability was identified in the Adobe Flash Player. An attacker could bypass security restrictions, execute arbitrary code and compromise the system. This vulnerability affects multiple firmware versions of the mentioned product. Security patches will be released during the week of February 2 to resolve this vulnerability.
URL:helpx.adobe.com/security/products/flash-player/apsa15-02.html
URL:www.hkcert.org/my_url/en/alert/15020301
34. Vulnerability in Microsoft Internet Explorer
[03/02/2015] Vulnerability was identified in the Microsoft Internet Explorer. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects versions 11 of the mentioned product.
URL:www.hkcert.org/my_url/en/alert/15020302
35. Vulnerabilities in Cisco Products
[03/02/2015] Vulnerabilities were identified in the Cisco AnyConnect Secure Mobility Client, Cisco HostScan Engine and Cisco Unified Computing System (Standalone). An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting and cross-frame scripting attacks. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8021
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0599
36. Vulnerabilities in SerVision HVG Video Gateway (VU#522460)
[03/02/2015] Vulnerabilities were identified in the SerVision HVG Video Gateway. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. These vulnerabilities affect firmware versions prior to 2.2.26a100 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.kb.cert.org/vuls/id/522460
37. Vulnerabilities in ManageEngine Products (100550, 100551, 100554, 100555)
[03/02/2015] Vulnerabilities were identified in the ManageEngine Firewall Analyzer, ManageEngine OpManager, ManageEngine Applications Manager and ManageEngine IT360. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform cross-site scripting and code injection attacks. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities except those in ManageEngine Firewall Analyzer.
URL:xforce.iss.net/xforce/xfdb/100550
URL:xforce.iss.net/xforce/xfdb/100551
URL:xforce.iss.net/xforce/xfdb/100554
URL:xforce.iss.net/xforce/xfdb/100555
38. Vulnerabilities in ClamAV
[03/02/2015] Vulnerabilities were identified in the ClamAV. An attacker could bypass security restrictions and execute arbitrary code. These vulnerabilities affect versions prior to 0.98.6 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.clamav.net/download.html
URL:www.hkcert.org/my_url/en/alert/15020201
39. Security Updates in Debian (DSA-3149-1, DSA-3150-1)
[03/02/2015] Debian has released security update packages for fixing the vulnerabilities identified in the condor and vlc packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3149
URL:www.debian.org/security/2015/dsa-3150
40. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0112-1, RHSA-2015:0113-1)
[03/02/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the libyaml package in Red Hat Software Collections 1 for Red Hat Enterprise Linux 6, libvncserver package for Red Hat Enterprise Linux 6.5 Extended Update Support. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-0112.html
URL:rhn.redhat.com/errata/RHSA-2015-0113.html
41. Security Updates in SUSE (openSUSE-SU-2015:0184-1, openSUSE-SU-2015:0190-1, openSUSE-SU-2015:0192-1)
[03/02/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the glibc, java-1_7_0-openjdk and seamonkey packages of openSUSE 12.3, 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00000.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html
42. Security Updates in Ubuntu GNU/Linux (USN-2488-1)
[03/02/2015] Ubuntu has released security update packages for fixing the vulnerability identified in the clamav package for versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2488-1/
43. Vulnerability in Cisco NX-OS Software
[02/02/2015] Vulnerability was identified in the Cisco NX-OS Software. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple firmware versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8013
44. Vulnerability in Novell Products (5200119, 5200161, 5200201, 5200203)
[02/02/2015] Vulnerability was identified in the Novell iPrint Appliance and Novell Filr. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:download.novell.com/Download?buildid=8H9GyBHH1xY~
URL:download.novell.com/Download?buildid=DLee7umfbL4~
URL:download.novell.com/Download?buildid=G84Y8dbzWwU~
URL:download.novell.com/Download?buildid=RyrISxl25cI~
45. Security Updates in Debian (DSA-3144-1, DSA-3145-1, DSA-3146-1, DSA-3147-1)
[02/02/2015] Debian has released security update packages for fixing the vulnerabilities identified in the openjdk-7, privoxy, requests and openjdk-6 packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3144
URL:www.debian.org/security/2015/dsa-3145
URL:www.debian.org/security/2015/dsa-3146
URL:www.debian.org/security/2015/dsa-3147
46. Security Updates in FreeBSD (FreeBSD-SA-15:02.kmem, FreeBSD-SA-15:03.sctp)
[02/02/2015] FreeBSD has released security update packages for fixing the vulnerabilities identified in the sctp package for multiple versions of FreeBSD. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:02.kmem.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:03.sctp.asc
47. Security Updates in Mageia (MGASA-2015-0044, MGASA-2015-0046, MGASA-2015-0047, MGASA-2015-0048)
[02/02/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the kdebase4-runtime, libvirt, icu and bugzilla packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2015-0044.html
URL:advisories.mageia.org/MGASA-2015-0046.html
URL:advisories.mageia.org/MGASA-2015-0047.html
URL:advisories.mageia.org/MGASA-2015-0048.html
48. Security Updates in SUSE (SUSE-SU-2015:0178-1, SUSE-SU-2015:0180-1)
[02/02/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the kernel and Mozilla Firefox packages of SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html
[06/02/2015] Vulnerabilities were identified in the OpenH264 plugin for Mozilla Firefox. An attacker could bypass security restriction, execute arbitrary code, cause a denial of service condition and crash the application. These vulnerabilities affect versions prior to 1.3 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-10/
2. Vulnerabilities in Adobe Flash Player (APSB15-04)
[06/02/2015] Vulnerabilities were identified in the Adobe Flash Player. An attacker could bypass security restrictions, execute arbitrary code and compromise the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:helpx.adobe.com/security/products/flash-player/apsb15-04.html
URL:technet.microsoft.com/library/security/2755801.aspx
URL:www.hkcert.org/my_url/en/alert/15020601
URL:www.us-cert.gov/ncas/current-activity/2015/02/05/Adobe-Releases-Security-Updates-Flash-Player
3. Vulnerabilities in Google Chrome
[06/02/2015] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise an affected system. These vulnerabilities affect versions prior to 40.0.2214.111 of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.hk/2015/02/stable-channel-update.html
URL:www.us-cert.gov/ncas/current-activity/2015/02/05/Google-Releases-Security-Updates-Chrome
4. Vulnerability in Topline Systems Opportunity Form (VU#669156)
[06/02/2015] Vulnerability was identified in the Topline Systems Opportunity Form. An attacker could obtain sensitive information, execute arbitrary code and compromise the system. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.kb.cert.org/vuls/id/669156
5. Vulnerabilities in Ektron Content Management System (VU#377644)
[06/02/2015] Vulnerabilities were identified in the Ektron Content Management System (CMS). An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and perform code injection attacks. These vulnerabilities affect multiple versions of the mentioned product.
URL:www.kb.cert.org/vuls/id/377644
6. Vulnerability in Fork CMS (100668)
[06/02/2015] Vulnerability was identified in the Fork CMS. An attacker could perform code injection attacks. This vulnerability affects versions prior to 3.8.6 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/100668
7. Vulnerabilities in Multiple modules for Drupal (DRUPAL-SA-CONTRIB-2015-034, DRUPAL-SA-CONTRIB-2015-035, DRUPAL-SA-CONTRIB-2015-036, DRUPAL-SA-CONTRIB-2015-037, DRUPAL-SA-CONTRIB-2015-038)
[06/02/2015] Vulnerabilities were identified in the Commerce WeDeal, Ajax Timeline, Public Download Count, Path Breadcrumbs and Facebook Album Fetcher modules for Drupal. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise an affected system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities except those in Facebook Album Fetcher.
URL:www.drupal.org/security/contrib
URL:xforce.iss.net/xforce/xfdb/100653
URL:xforce.iss.net/xforce/xfdb/100654
URL:xforce.iss.net/xforce/xfdb/100655
URL:xforce.iss.net/xforce/xfdb/100656
8. Security Updates in Debian (DSA-3154-1)
[06/02/2015] Debian has released security update packages for fixing the vulnerabilities identified in the ntp package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3154
9. Security Updates in Mandriva (MDVSA-2015:028, MDVSA-2015:029, MDVSA-2015:030, MDVSA-2015:031, MDVSA-2015:032)
[06/02/2015] Mandriva has released security update packages for fixing the vulnerabilities identified in the aircrack-ng, binutils, bugzilla, busybox and php packages for version MBS1 of Mandriva GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the application.
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A028/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A029/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A030/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A031/
URL:www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015%3A032/
10. Security Updates in Mageia (MGASA-2015-0049, MGASA-2015-0050, MGASA-2015-0051, MGASA-2015-0052, MGASA-2015-0053)
[06/02/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the zarafa, hexchat, vorbis-tools, cabextract and vlc packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform spoofing attacks, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2015-0049.html
URL:advisories.mageia.org/MGASA-2015-0050.html
URL:advisories.mageia.org/MGASA-2015-0051.html
URL:advisories.mageia.org/MGASA-2015-0052.html
URL:advisories.mageia.org/MGASA-2015-0053.html
11. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0126-1, RHSA-2015:0133-1, RHSA-2015:0134-1, RHSA-2015:0135-1, RHSA-2015:0136-1)
[06/02/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the rhev-hypervisor6 package for Red Hat Enterprise Virtualization 3, java-1.7.1-ibm, java-1.7.0-ibm, java-1.6.0-ibm and java-1.5.0-ibm packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-0126.html
URL:rhn.redhat.com/errata/RHSA-2015-0133.html
URL:rhn.redhat.com/errata/RHSA-2015-0134.html
URL:rhn.redhat.com/errata/RHSA-2015-0135.html
URL:rhn.redhat.com/errata/RHSA-2015-0136.html
12. Information Updates on Security Bulletin for Adobe Flash Player (APSA15-02)
[05/02/2015] Adobe has updated information on the Security Bulletin for the Adobe Flash Player. APSA15-02 was updated to include the security patches delivered via auto-update.
URL:helpx.adobe.com/security/products/flash-player/apsa15-02.html
13. Vulnerability in Cisco WebEx Meetings Server (cisco-sa-20150204-wbx)
[05/02/2015] Vulnerability was identified in the Cisco WebEx Meetings Server. An attacker could bypass security restrictions, execute arbitrary code and perform code injection attacks. This vulnerability affects versions 1.0, 1.1 and 1.5 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx
14. Vulnerability in HP SiteScope (c04539443)
[05/02/2015] Vulnerability was identified in the HP SiteScope. An attacker could gain elevated privileges. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04539443
URL:xforce.iss.net/xforce/xfdb/100642
15. Vulnerability in Huawei products (HW_413100)
[05/02/2015] Vulnerability was identified in multiple Huawei products. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple firmware versions of the mentioned products.
URL:www.huawei.com/ilink/en/security/psirt/security-bulletins/security-notices/HW_413100
16. Vulnerabilities in Network Time Protocol daemon (VU#852879)
[05/02/2015] Vulnerabilities were identified in the Network Time Protocol daemon (ntpd). An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges and execute arbitrary code. These vulnerabilities affect versions prior to 4.2.8p1 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.kb.cert.org/vuls/id/852879
17. Vulnerability in Pragyan CMS (100634)
[05/02/2015] Vulnerability was identified in the Pragyan CMS. An attacker could perform code injection attacks. This vulnerability affects version 3 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/100634
18. Vulnerability in My Little Forum (100616)
[05/02/2015] Vulnerability was identified in the My Little Forum. An attacker could perform cross-site scripting attacks and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/100616
19. Security Updates in Debian (DSA-3153-1)
[05/02/2015] Debian has released security update packages for fixing the vulnerabilities identified in the krb5 package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3153
20. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0115-1, RHSA-2015:0116-1, RHSA-2015:0117-1, RHSA-2015:0118-1)
[05/02/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the kernel, mysql55-mysql, mariadb55-mariadb and mariadb packages for Red Hat Software Collections 1, and Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-0115.html
URL:rhn.redhat.com/errata/RHSA-2015-0116.html
URL:rhn.redhat.com/errata/RHSA-2015-0117.html
URL:rhn.redhat.com/errata/RHSA-2015-0118.html
21. Security Updates in Ubuntu GNU/Linux (USN-2469-2, USN-2494-1)
[05/02/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the python-django and file packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting and spoofing attacks, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2469-2/
URL:www.ubuntu.com/usn/usn-2494-1/
22. Vulnerabilities in Cisco Unified IP Phone 9900 Series
[04/02/2015] Vulnerabilities were identified in the Cisco Unified IP Phone 9900 Series. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0600
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0601
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0602
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0603
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0604
23. Vulnerability in BELLBRIDGE SIPhone Enterprise PBX (100582)
[04/02/2015] Vulnerability was identified in the BELLBRIDGE SIPhone Enterprise PBX. An attacker could perform code injection attacks. The affected version was not specified.
URL:xforce.iss.net/xforce/xfdb/100582
24. Vulnerabilities in VLC multimedia player and streamer
[04/02/2015] Vulnerabilities were identified in the VLC multimedia player and streamer. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 2.0.3-5+deb7u2 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.hkcert.org/my_url/en/alert/15020401
25. Vulnerability in UniPDF (100577)
[04/02/2015] Vulnerability was identified in the UniPDF. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects version 1.1 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/100577
26. Vulnerability in NPDS Revolution (100584)
[04/02/2015] Vulnerability was identified in the NPDS Revolution. An attacker could perform code injection attacks. This vulnerability affects version 13 of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/100584
27. Vulnerability in SnipSnap (100585)
[04/02/2015] Vulnerability was identified in the SnipSnap. An attacker could perform cross-site scripting attacks and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product.
URL:xforce.iss.net/xforce/xfdb/100585
28. Vulnerability in Sefrengo CMS (100586)
[04/02/2015] Vulnerability was identified in the Sefrengo CMS. An attacker could perform code injection attacks. This vulnerability affects versions prior to 1.6.2 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:xforce.iss.net/xforce/xfdb/100586
29. Vulnerabilities in multiple plugins for WordPress (100583, 100587)
[04/02/2015] Vulnerabilities were identified in the Banner Effect Header plugin and Quasar Theme plugin for WordPress. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve the vulnerability identified in Banner Effect Header plugin.
URL:xforce.iss.net/xforce/xfdb/100583
URL:xforce.iss.net/xforce/xfdb/100587
30. Security Updates in Oracle Linux (ELSA-2015-0118)
[04/02/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the mariadb package for Oracle Linux 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-0118.html
31. Security Updates in Debian (DSA-3151-1, DSA-3152-1)
[04/02/2015] Debian has released security update packages for fixing the vulnerabilities identified in the python-django and unzip packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3151
URL:www.debian.org/security/2015/dsa-3152
32. Security Updates in Ubuntu GNU/Linux (USN-2489-1, USN-2490-1, USN-2491-1, USN-2492-1, USN-2493-1)
[04/02/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the unzip, linux, linux-ec2 and linux-ti-omap4 packages for versions 10.04 LTS, 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2489-1/
URL:www.ubuntu.com/usn/usn-2490-1/
URL:www.ubuntu.com/usn/usn-2491-1/
URL:www.ubuntu.com/usn/usn-2492-1/
URL:www.ubuntu.com/usn/usn-2493-1/
33. Vulnerability in Adobe Flash Player (APSA15-02)
[03/02/2015] Vulnerability was identified in the Adobe Flash Player. An attacker could bypass security restrictions, execute arbitrary code and compromise the system. This vulnerability affects multiple firmware versions of the mentioned product. Security patches will be released during the week of February 2 to resolve this vulnerability.
URL:helpx.adobe.com/security/products/flash-player/apsa15-02.html
URL:www.hkcert.org/my_url/en/alert/15020301
34. Vulnerability in Microsoft Internet Explorer
[03/02/2015] Vulnerability was identified in the Microsoft Internet Explorer. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects versions 11 of the mentioned product.
URL:www.hkcert.org/my_url/en/alert/15020302
35. Vulnerabilities in Cisco Products
[03/02/2015] Vulnerabilities were identified in the Cisco AnyConnect Secure Mobility Client, Cisco HostScan Engine and Cisco Unified Computing System (Standalone). An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting and cross-frame scripting attacks. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8021
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0599
36. Vulnerabilities in SerVision HVG Video Gateway (VU#522460)
[03/02/2015] Vulnerabilities were identified in the SerVision HVG Video Gateway. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. These vulnerabilities affect firmware versions prior to 2.2.26a100 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.kb.cert.org/vuls/id/522460
37. Vulnerabilities in ManageEngine Products (100550, 100551, 100554, 100555)
[03/02/2015] Vulnerabilities were identified in the ManageEngine Firewall Analyzer, ManageEngine OpManager, ManageEngine Applications Manager and ManageEngine IT360. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform cross-site scripting and code injection attacks. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities except those in ManageEngine Firewall Analyzer.
URL:xforce.iss.net/xforce/xfdb/100550
URL:xforce.iss.net/xforce/xfdb/100551
URL:xforce.iss.net/xforce/xfdb/100554
URL:xforce.iss.net/xforce/xfdb/100555
38. Vulnerabilities in ClamAV
[03/02/2015] Vulnerabilities were identified in the ClamAV. An attacker could bypass security restrictions and execute arbitrary code. These vulnerabilities affect versions prior to 0.98.6 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.clamav.net/download.html
URL:www.hkcert.org/my_url/en/alert/15020201
39. Security Updates in Debian (DSA-3149-1, DSA-3150-1)
[03/02/2015] Debian has released security update packages for fixing the vulnerabilities identified in the condor and vlc packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3149
URL:www.debian.org/security/2015/dsa-3150
40. Security Updates in Red Hat Enterprise Linux (RHSA-2015:0112-1, RHSA-2015:0113-1)
[03/02/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the libyaml package in Red Hat Software Collections 1 for Red Hat Enterprise Linux 6, libvncserver package for Red Hat Enterprise Linux 6.5 Extended Update Support. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-0112.html
URL:rhn.redhat.com/errata/RHSA-2015-0113.html
41. Security Updates in SUSE (openSUSE-SU-2015:0184-1, openSUSE-SU-2015:0190-1, openSUSE-SU-2015:0192-1)
[03/02/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the glibc, java-1_7_0-openjdk and seamonkey packages of openSUSE 12.3, 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00000.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html
URL:lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html
42. Security Updates in Ubuntu GNU/Linux (USN-2488-1)
[03/02/2015] Ubuntu has released security update packages for fixing the vulnerability identified in the clamav package for versions 12.04 LTS, 14.04 LTS and 14.10 of Ubuntu GNU/Linux. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2488-1/
43. Vulnerability in Cisco NX-OS Software
[02/02/2015] Vulnerability was identified in the Cisco NX-OS Software. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple firmware versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8013
44. Vulnerability in Novell Products (5200119, 5200161, 5200201, 5200203)
[02/02/2015] Vulnerability was identified in the Novell iPrint Appliance and Novell Filr. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:download.novell.com/Download?buildid=8H9GyBHH1xY~
URL:download.novell.com/Download?buildid=DLee7umfbL4~
URL:download.novell.com/Download?buildid=G84Y8dbzWwU~
URL:download.novell.com/Download?buildid=RyrISxl25cI~
45. Security Updates in Debian (DSA-3144-1, DSA-3145-1, DSA-3146-1, DSA-3147-1)
[02/02/2015] Debian has released security update packages for fixing the vulnerabilities identified in the openjdk-7, privoxy, requests and openjdk-6 packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3144
URL:www.debian.org/security/2015/dsa-3145
URL:www.debian.org/security/2015/dsa-3146
URL:www.debian.org/security/2015/dsa-3147
46. Security Updates in FreeBSD (FreeBSD-SA-15:02.kmem, FreeBSD-SA-15:03.sctp)
[02/02/2015] FreeBSD has released security update packages for fixing the vulnerabilities identified in the sctp package for multiple versions of FreeBSD. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:02.kmem.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:03.sctp.asc
47. Security Updates in Mageia (MGASA-2015-0044, MGASA-2015-0046, MGASA-2015-0047, MGASA-2015-0048)
[02/02/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the kdebase4-runtime, libvirt, icu and bugzilla packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:advisories.mageia.org/MGASA-2015-0044.html
URL:advisories.mageia.org/MGASA-2015-0046.html
URL:advisories.mageia.org/MGASA-2015-0047.html
URL:advisories.mageia.org/MGASA-2015-0048.html
48. Security Updates in SUSE (SUSE-SU-2015:0178-1, SUSE-SU-2015:0180-1)
[02/02/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the kernel and Mozilla Firefox packages of SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html
URL:lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html
Subscribe to:
Posts (Atom)