1. Vulnerabilities in Cisco Products
[19/06/2015] Vulnerabilities were identified in the Cisco IOS XR Software
and Cisco WebEx Meeting Center. An attacker could bypass security restrictions,
obtain sensitive information, cause a denial of service condition and crash the
system. These vulnerabilities affect multiple firmware versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39402
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39420
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103928
2. Vulnerability in IBM Domino Web Server
(1959908)
[19/06/2015]
Vulnerability was identified in the IBM Domino
Web Server. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and perform cross-site scripting attacks.
This vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:www.ibm.com/support/docview.wss?uid=swg21959908
3. Vulnerabilities in Drupal Core
(SA-CORE-2015-002)
[19/06/2015] Vulnerabilities were identified in the Drupal Core. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the system. These vulnerabilities affect versions prior to 6.36
or 7.38 of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:www.drupal.org/SA-CORE-2015-002
URL:www.us-cert.gov/ncas/current-activity/2015/06/18/Drupal-Releases-Security-Updates
4. Vulnerabilities in PHP
[19/06/2015] Vulnerabilities were identified in the PHP. An attacker could
bypass security restrictions, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the system. These
vulnerabilities affect versions prior to 5.4.42, 5.5.26 or 5.6.10 of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www.php.net/ChangeLog-5.php#5.4.42
URL:www.php.net/ChangeLog-5.php#5.5.26
URL:www.php.net/ChangeLog-5.php#5.6.10
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103925
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103926
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103927
5. Security Updates in Debian
(DSA-3290-1)
[19/06/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the linux package for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3290
6. Security Updates in SUSE (SUSE-SU-2015:1085-1,
SUSE-SU-2015:1086-1)
[19/06/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the IBM Java 1.5.0 and IBM Java 1.6.0 packages of SUSE Linux Enterprise 10 and
11. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html
7. Information Updates on Microsoft Bulletins (2976627,
3057134)
[18/06/2015]
Microsoft has updated information on the
Security Bulletins for Microsoft Internet Explorer and Microsoft .NET Framework.
(a) MS15-048 corrected bulletin replacement for the 3035488 update for .NET
Framework 2.0 on all affected editions of Windows Server 2003 Service Pack 2.
(b) MS14-051 replaced CVE number CVE-2014-4078 with CVE number
CVE-2014-8985.
URL:technet.microsoft.com/en-us/library/security/MS15-048
URL:technet.microsoft.com/en-us/library/security/MS14-051
8. Vulnerability in Cisco IOS
XR
[18/06/2015] Vulnerability was identified in the Cisco IOS XR
Software. An attacker could bypass security restrictions, cause a denial of
service condition and crash the system. This vulnerability affects multiple
firmware versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39383
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103918
9. Vulnerabilities in Symantec Endpoint Protection
(SYM15-005)
[18/06/2015] Vulnerabilities were identified in the Symantec Endpoint
Protection Manager and Client. An attacker could bypass security restrictions,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the system. These vulnerabilities affect versions prior
to 12.1 RU6 of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20150617_00
10.
Vulnerability in QEMU
(103911)
[18/06/2015]
Vulnerability was identified in the QEMU. An
attacker could bypass security restrictions, obtain sensitive information and
execute arbitrary code. The affected version was not
specified.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103911
11.
Security Updates in Oracle Linux
(ELSA-2015-1123)
[18/06/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the cups package for Oracle Linux 6 and 7. Due to multiple errors, an attacker
could bypass security restrictions, execute arbitrary code, cause a denial of
service condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-1123.html
12.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1123-1)
[18/06/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the cups package for Red Hat Enterprise Linux 6 and 7. Due to multiple
errors, an attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1123.html
13.
Vulnerabilities in Adobe Products
(APSB15-12, APSB15-13)
[17/06/2015] Vulnerabilities were identified in the Adobe Photoshop CC and
Adobe Bridge CC for Windows and Macintosh. An attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and compromise the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:helpx.adobe.com/security/products/photoshop/apsb15-12.html
URL:helpx.adobe.com/security/products/bridge/apsb15-13.html
URL:www.us-cert.gov/ncas/current-activity/2015/06/16/Adobe-Releases-Security-Updates-Multiple-Products
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103875
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103876
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103877
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103878
14.
Vulnerabilities in Cisco
Products
[17/06/2015]
Vulnerabilities were identified in the Cisco
Prime Collaboration Manager, Cisco Adaptive Security Appliance and Cisco Cloud
Portal Appliance. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code and
perform man-in-the-middle attacks. These vulnerabilities affect multiple
firmware versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39365
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39366
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39380
15.
Vulnerabilities in IBM WebSphere Commerce
(1883573, 1959387, 1959388)
[17/06/2015] Vulnerabilities were identified in the IBM WebSphere
Commerce. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges and execute arbitrary code. These
vulnerabilities affect multiple versions of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:www.hkcert.org/my_url/en/alert/15061601
URL:www.ibm.com/support/docview.wss?uid=swg21883573
URL:www.ibm.com/support/docview.wss?uid=swg21959387
URL:www.ibm.com/support/docview.wss?uid=swg21959388
16.
Vulnerability in EMC Unified
Infrastructure Manager/Provisioning (103881)
[17/06/2015] Vulnerability was identified in the EMC Unified
Infrastructure Manager/Provisioning (UIM/P). An attacker could bypass security
restrictions, execute arbitrary code and compromise the system. This
vulnerability affects version 4.1 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103881
17.
Vulnerability in Pearson ProctorCache
(VU#626420)
[17/06/2015] Vulnerability was identified in the Pearson ProctorCache. An
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code and compromise the system. This vulnerability affects
versions prior to 2015.1.17 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/626420
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103874
18.
Vulnerability in Vesta Control Panel
(VU#842780)
[17/06/2015] Vulnerability was identified in the Vesta Control Panel. An
attacker could bypass security restrictions and gain elevated privileges. This
vulnerability affects versions prior to 0.9.8-14 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/842780
19.
Vulnerability in Samsung Galaxy S phones
(VU#155412)
[17/06/2015] Vulnerability was identified in the Samsung Galaxy S phones.
An attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code and perform man-in-the-middle attacks. This vulnerability
affects firmware versions of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/155412
20.
Security Updates in SUSE
(SUSE-SU-2015:1071-1, SUSE-SU-2015:1073-1)
[17/06/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Linux Kernel and java-1_7_0-ibmr packages of SUSE Linux Enterprise 12. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00012.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html
21.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1120-1)
[17/06/2015] Red Hat
has released security update packages for fixing the vulnerability identified in
the kernel packages for Red Hat Enterprise Linux 5. An attacker could bypass
security restrictions, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1120.html
22.
Security Updates in Ubuntu GNU/Linux
(USN-2648-1, USN-2649-1, USN-2650-1)
[17/06/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the aptdaemon, devscripts, wpa and wpasupplicant packages for versions 12.04
LTS, 14.04 LTS, 14.10 and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:www.ubuntu.com/usn/usn-2648-1/
URL:www.ubuntu.com/usn/usn-2649-1/
URL:www.ubuntu.com/usn/usn-2650-1/
23.
Vulnerabilities in Cisco
Products
[16/06/2015]
Vulnerabilities were identified in the Cisco UCS
Central Software and Cisco Virtualization Experience Client 6215 devices. An
attacker could bypass security restrictions, gain elevated privileges, execute
arbitrary code and compromise the system. These vulnerabilities affect multiple
firmware versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39324
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39347
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103847
24.
Vulnerabilities in F5 ARX
(SOL16743)
[16/06/2015]
Vulnerability was identified in the F5 ARX. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. This vulnerability affects versions 6.0.0 - 6.4.0 of the
mentioned
product.
URL:support.f5.com/kb/en-us/solutions/public/16000/700/sol16743.html
25.
Vulnerability in Huawei E5756s
(Huawei-SA-20150615-01-E5756s)
[16/06/2015] Vulnerability was identified in the Huawei E5756s. An
attacker could bypass security restrictions, obtain sensitive information and
execute arbitrary code. This vulnerability affects firmware versions prior to
V200R002B146D23SP00C00 of the mentioned product. Security patches are available
to resolve this
vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-441178.htm
26.
Vulnerability in Retrospect Backup Client
(VU#101500)
[16/06/2015] Vulnerability was identified in the Retrospect Backup Client.
An attacker could bypass security restrictions and obtain sensitive information.
This vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/101500
27.
Vulnerability in OpenBSD
(103848)
[16/06/2015]
Vulnerability was identified in the OpenBSD. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. This vulnerability affects version 5.6 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103848
28.
Vulnerability in OpenStack Cinder and
Nova (103849)
[16/06/2015] Vulnerability was identified in the OpenStack Cinder and
Nova. An attacker could bypass security restrictions and obtain sensitive
information. This vulnerability affects version 2014.1.3 and 2014.2.1 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103849
29.
Vulnerability in PuTTY
(103850)
[16/06/2015]
Vulnerability was identified in the PuTTY. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. This vulnerability affects version 0.64 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103850
30.
Security Updates in Oracle Linux
(ELSA-2015-1115)
[16/06/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the openssl package for Oracle Linux 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-1115.html
31.
Security Updates in Debian
(DSA-3289-1)
[16/06/2015] Debian has
released security update packages for fixing the vulnerability identified in the
p7zip package for multiple versions of Debian GNU/Linux. An attacker could
bypass security restriction, obtain sensitive information and execute arbitrary
code.
URL:www.debian.org/security/2015/dsa-3289
32.
Security Updates in Ubuntu GNU/Linux
(USN-2640-1, USN-2641-1, USN-2642-1, USN-2643-1, USN-2644-1, USN-2645-1,
USN-2646-1, USN-2647-1)
[16/06/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the linux, linux-ti-omap4, linux-lts-trusty, linux-lts-utopic and
linux-lts-vivid packages for versions 12.04 LTS, 14.04 LTS, 14.10 and 15.04 of
Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2640-1/
URL:www.ubuntu.com/usn/usn-2641-1/
URL:www.ubuntu.com/usn/usn-2642-1/
URL:www.ubuntu.com/usn/usn-2643-1/
URL:www.ubuntu.com/usn/usn-2644-1/
URL:www.ubuntu.com/usn/usn-2645-1/
URL:www.ubuntu.com/usn/usn-2646-1/
URL:www.ubuntu.com/usn/usn-2647-1/
33.
Vulnerabilities in Cisco
Products
[15/06/2015]
Vulnerabilities were identified in the Cisco
Email Security Appliance and Cisco IOS Software. An attacker could bypass
security restrictions, gain elevated privileges, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple firmware
versions of the mentioned products. Security patches are available to resolve
these vulnerabilities identified in the Cisco IOS
Software.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39339
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39343
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103826
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103827
34.
Vulnerabilities in Novell Products
(5212230)
[15/06/2015]
Vulnerabilities were identified in the Novell
Messenger and Novell ZENworks Mobile Management. An attacker could bypass
security restrictions, execute arbitrary code, perform cross-site scripting
attacks, cause a denial of service condition and crash the system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these vulnerabilities identified in the Novell
Messenger.
URL:download.novell.com/Download?buildid=o8Y11QiTuc4~
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103823
35.
Vulnerabilities in D-Link DSP-W110
(103808, 103809, 103810)
[15/06/2015] Vulnerabilities were identified in the D-Link DSP-W110. An
attacker could bypass security restrictions, gain elevated privileges, execute
arbitrary code and compromise the system. These vulnerabilities affect firmware
version (Rev A) - v1.05b01 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103808
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103809
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103810
36.
Security Updates in Debian (DSA-3284-1,
DSA-3285-1, DSA-3286-1, DSA-3287-1, DSA-3288-1)
[15/06/2015] Debian has released security update packages for fixing the
vulnerabilities identified in the qemu, qemu-kvm, xen, openssl and libav
packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an
attacker could bypass security restriction, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:www.debian.org/security/2015/dsa-3284
URL:www.debian.org/security/2015/dsa-3285
URL:www.debian.org/security/2015/dsa-3286
URL:www.debian.org/security/2015/dsa-3287
URL:www.debian.org/security/2015/dsa-3288
37.
Security Updates in FreeBSD
(FreeBSD-SA-15:10.openssl)
[15/06/2015] FreeBSD
has released security update packages for fixing the vulnerabilities identified
in the openssl packages for multiple versions of FreeBSD Linux. Due to multiple
errors, an attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:10.openssl.asc
38.
Security Updates in SUSE
(openSUSE-SU-2015:1056-1, openSUSE-SU-2015:1061-1)
[15/06/2015] SUSE has released security update packages for fixing the
vulnerability identified in the cups and Adobe Flash Player packages of openSUSE
13.1, 13.2 and Evergreen 11.4. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00011.html
No comments:
Post a Comment