1. Vulnerabilities in Cisco Products
[05/06/2015] Vulnerabilities were identified in the Cisco Edge 340 devices
and Cisco TelePresence SX20. An attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code
and compromise the system. These vulnerabilities affect multiple firmware
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39187
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39210
2. Vulnerability in McAfee ePolicy Orchestrator
(VU#264092)
[05/06/2015] Vulnerability was identified in the McAfee ePolicy
Orchestrator. An attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary code. This vulnerability affects versions
prior to 4.6.9 and prior to 5.1.2 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/264092
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103610
3. Vulnerability in HP WebInspect
(c04695307)
[05/06/2015] Vulnerability was identified in the HP WebInspect. An
attacker could bypass security restrictions and execute arbitrary code. This
vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04695307
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103611
4. Vulnerabilities in Drupal (SA-CONTRIB-2015-116,
SA-CONTRIB-2015-117)
[05/06/2015] Vulnerabilities were identified in the Novalnet Payment
Module for Drupal. An attacker could bypass security restrictions, execute
arbitrary code and perform code injection attacks. These vulnerabilities affect
multiple versions of the mentioned
product.
URL:www.drupal.org/node/2499787
URL:www.drupal.org/node/2499791
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103597
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103598
5. Vulnerabilities in Linux Kernel (103615, 103616,
103617)
[05/06/2015]
Vulnerabilities were identified in the Linux
Kernel. An attacker could bypass security restrictions, cause a denial of
service condition and crash the system. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103615
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103616
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103617
6. Vulnerability in OpenSSL
(103609)
[05/06/2015]
Vulnerability was identified in the OpenSSL. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. The affected version was not
specified. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103609
7. Vulnerabilities in PHP (103612,
103613)
[05/06/2015]
Vulnerabilities were identified in the PHP. An
attacker could bypass security restrictions and execute arbitrary code. These
vulnerabilities affect version 5.6 of the mentioned products. Security patches
are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103612
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103613
8. Vulnerability in ResourceSpace
(103599)
[05/06/2015]
Vulnerability was identified in the
ResourceSpace. An attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary code. This vulnerability affects versions
prior to 7.2.6727 of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103599
9. Security Updates in Oracle Linux
(ELSA-2015-1072)
[05/06/2015] Oracle has
released security update packages for fixing the vulnerability identified in the
openssl package for Oracle Linux 6 and 7. An attacker could bypass security
restrictions and obtain sensitive
information.
URL:linux.oracle.com/errata/ELSA-2015-1072.html
10.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1052-1, RHSA-2015:1053-1,
RHSA-2015:1064-1)
[05/06/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the thermostat1, php55 and python27 packages for Red Hat Software Collections
1 for RHEL 6 and 7. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1052.html
URL:rhn.redhat.com/errata/RHSA-2015-1053.html
URL:rhn.redhat.com/errata/RHSA-2015-1064.html
11.
Vulnerabilities in Cisco
Products
[04/06/2015]
Vulnerabilities were identified in the Cisco
Unified Email Interaction Manager, Cisco Unified Web Interaction Manager, Cisco
Unified MeetingPlace, Cisco FireSIGHT Management and Cisco ONS 15454 System. An
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, perform cross-site scripting and code injection attacks,
cause a denial of service condition and crash the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39013
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39163
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39171
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39172
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103580
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103591
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103592
12.
Vulnerability in Eliacom Enhanced SQL
Portal (103567)
[04/06/2015] Vulnerability was identified in the Eliacom Enhanced SQL
Portal. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and perform cross-site scripting attacks.
This vulnerability affects version 5.0.7961 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103567
13.
Vulnerabilities in Linux Kernel (103581,
103584, 103593)
[04/06/2015] Vulnerabilities were identified in the Linux Kernel. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, cause a denial of service condition and crash the system.
These vulnerabilities affect multiple versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103581
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103584
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103593
14.
Vulnerability in Perl Compatible Regular
Expressions (103582)
[04/06/2015] Vulnerability was identified in the Perl Compatible Regular
Expressions. An attacker could bypass security restrictions, execute arbitrary
code, cause a denial of service condition and crash the system. This
vulnerability affects multiple versions of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103582
15.
Security Updates in Oracle Linux
(ELSA-2015-1042-1)
[04/06/2015] Oracle has
released security update packages for fixing the vulnerability identified in the
kernel package for Oracle Linux 5. An attacker could bypass security
restrictions, gain elevated privileges, cause a denial of service condition and
crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-1042-1.html
16.
Security Updates in Debian
(DSA-3278-1)
[04/06/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the libapache-mod-jk package for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions and obtain
sensitive
information.
URL:www.debian.org/security/2015/dsa-3278
17.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1043-1, RHSA-2015:1044-1)
[04/06/2015] Red Hat
has released security update packages for fixing the vulnerability identified in
the virtio-win package for Red Hat Enterprise Linux 6 and 7. An attacker could
bypass security restrictions, cause a denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1043.html
URL:rhn.redhat.com/errata/RHSA-2015-1044.html
18.
Security Updates in Ubuntu GNU/Linux
(USN-2626-1, USN-2627-1)
[04/06/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the qt4-x11, qtbase-opensource-src and t1utils packages for versions 12.04 LTS,
14.04 LTS, 14.10 and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an
attacker could bypass security restrictions, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2626-1/
URL:www.ubuntu.com/usn/usn-2627-1/
19.
Vulnerabilities in Cisco
Products
[03/06/2015]
Vulnerabilities were identified in the Cisco
Adaptive Security Appliance, Cisco AnyConnect Secure Mobility Client and Cisco
Unified MeetingPlace. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, perform
cross-site scripting and code injection attacks, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple firmware
versions of the mentioned products. Security patches are available to resolve
these vulnerabilities identified in the Cisco Adaptive Security Appliance and
Cisco AnyConnect Secure Mobility
Client.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39157
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39158
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39161
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39162
20.
Vulnerabilities in
PHP
[03/06/2015] Vulnerabilities were identified in the PHP. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. These vulnerabilities affect
versions prior to 5.4.41, 5.5.25 or 5.6.9 of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:www.hkcert.org/my_url/en/alert/15060201
21.
Vulnerabilities in Xen (XSA-128, XSA-129,
XSA-130, XSA-131)
[03/06/2015] Vulnerabilities were identified in the Xen. An attacker could
bypass security restrictions, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and crash the system. These vulnerabilities
affect multiple firmware versions of the mentioned products. Security patches
are available to resolve these
vulnerabilities.
URL:xenbits.xen.org/xsa/advisory-128.html
URL:xenbits.xen.org/xsa/advisory-129.html
URL:xenbits.xen.org/xsa/advisory-130.html
URL:xenbits.xen.org/xsa/advisory-131.html
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103543
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103544
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103545
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103546
22.
Vulnerability in Digital Zoom Studio
ZoomSounds plugin for WordPress (103538)
[03/06/2015] Vulnerability was identified in the Digital Zoom Studio
ZoomSounds plugin for WordPress. An attacker could bypass security restrictions,
execute arbitrary code and perform code injection attacks. This vulnerability
affects version 2.0 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103538
23.
Security Updates in Oracle Linux
(ELSA-2015-1042)
[03/06/2015] Oracle has
released security update packages for fixing the vulnerability identified in the
kernel package for Oracle Linux 5. An attacker could bypass security
restrictions, gain elevated privileges, cause a denial of service condition and
crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-1042.html
24.
Security Updates in Debian
(DSA-3277-1)
[03/06/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the wireshark package for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, cause a denial of
service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3277
25.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1042-1)
[03/06/2015] Red Hat
has released security update packages for fixing the vulnerability identified in
the kernel package for Red Hat Enterprise Linux 5. An attacker could bypass
security restrictions, gain elevated privileges, cause a denial of service
condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1042.html
26.
Security Updates in SUSE
(openSUSE-SU-2015:0983-1)
[03/06/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the xen packages of openSUSE 13.1. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, execute arbitrary
code, cause a denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html
27.
Security Updates in Ubuntu GNU/Linux
(USN-2625-1)
[03/06/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the apache2 package for versions 12.04 LTS of Ubuntu GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:www.ubuntu.com/usn/usn-2625-1/
28. Vulnerabilities in Cisco
Products
[02/06/2015]
Vulnerabilities were identified in multiple
Cisco products. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, perform
cross-site scripting and code injection attacks, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple firmware
versions of the mentioned
products.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38863
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38938
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38943
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38944
URL:tools.cisco.com/security/center/viewAlert.x?alertId=38945
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39013
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39130
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39133
29.
Vulnerability in HP Linux Imaging and
Printing (103523)
[02/06/2015] Vulnerability was identified in the HP Linux Imaging and
Printing. An attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary code. This vulnerability affects version 1.6.7
of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103523
30.
Vulnerability in IBM WebSphere
Application Server (1957980)
[02/06/2015] Vulnerability was identified in the IBM WebSphere Application
Server. An attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary code. This vulnerability affects versions 6.1,
7.0, 8.0, 8.5 and 8.5.5 of the mentioned
product.
URL:www.ibm.com/support/docview.wss?uid=swg21957980
31.
Vulnerability in Huawei CPE Bm632w Router
(HW-437262)
[02/06/2015] Vulnerability was identified in the Huawei CPE Bm632w Router.
An attacker could bypass security restrictions and gain elevated privileges.
This vulnerability affects multiple firmware versions of the mentioned
product.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-437262.htm
32.
Vulnerability in Private Shell SSH Client
(103513)
[02/06/2015]
Vulnerability was identified in the Private
Shell SSH Client. An attacker could bypass security restrictions, cause a denial
of service condition and crash the system. This vulnerability affects version
3.3 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103513
33.
Vulnerability in Perl Compatible Regular
Expressions (103511)
[02/06/2015] Vulnerability was identified in the Perl Compatible Regular
Expressions. An attacker could bypass security restrictions, execute arbitrary
code, cause a denial of service condition and crash the system. This
vulnerability affects version 8.36 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103511
34.
Vulnerability in libwmf
(103512)
[02/06/2015]
Vulnerability was identified in the libwmf. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. This vulnerability affects version 0.2.7 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103512
35.
Security Updates in Debian
(DSA-3276-1)
[02/06/2015] Debian has
released security update packages for fixing the vulnerability identified in the
symfony package for multiple versions of Debian GNU/Linux. An attacker could
bypass security restrictions and execute arbitrary
code.
URL:www.debian.org/security/2015/dsa-3276
36.
Security Updates in SUSE
(SUSE-SU-2015:0978-1)
[02/06/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the MozillaFirefox packages of SUSE Linux Enterprise 11. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html
37.
Security Updates in Ubuntu GNU/Linux
(USN-2623-1, USN-2624-1)
[02/06/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the ipsec-tools and openssl packages for versions 12.04 LTS, 14.04 LTS, 14.10
and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2623-1/
URL:www.ubuntu.com/usn/usn-2624-1/
38.
Vulnerabilities in Novell Products
(5211010, 5211030)
[01/06/2015] Vulnerabilities were identified in the Novell Identity
Manager and Novell Messenger. An attacker could bypass security restrictions,
obtain sensitive information, execute arbitrary code, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple versions
of the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=j6RbJAJrtC4~
URL:download.novell.com/Download?buildid=UQgGwYtht9c~
39.
Vulnerability in Juniper Products
(JSA10681)
[01/06/2015]
Vulnerability was identified in the Junos OS
(XNM-SSL) and WXOS. An attacker could bypass security restrictions, obtain
sensitive information and execute arbitrary code. This vulnerability affects
multiple versions of the mentioned
products.
URL:kb.juniper.net/index?page=content&id=JSA10681
40.
Vulnerabilities in F5 Products (SOL16704,
SOL16707)
[01/06/2015]
Vulnerabilities were identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device
and BIG-IQ Security. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, cause a denial of service
condition and crash the system.. These vulnerabilities affect multiple versions
of the mentioned
products.
URL:support.f5.com/kb/en-us/solutions/public/16000/700/sol16704.html
URL:support.f5.com/kb/en-us/solutions/public/16000/700/sol16707.html
41.
Vulnerabilities in Huawei Products
(HW-436642, HW-437161)
[01/06/2015] Vulnerabilities were identified in the Huawei products on the
Hack in the Box (HITB) and Huawei SOHO Products. An attacker could bypass
security restrictions, obtain sensitive information, execute arbitrary code,
cause a denial of service condition and crash the system. These vulnerabilities
affect multiple versions of the mentioned
products.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-436642.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-437161.htm
42.
Vulnerabilities in Blue Coat SSL
Visibility Appliance (VU#498348)
[01/06/2015] Vulnerabilities were identified in the Blue Coat SSL
Visibility Appliance. An attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code and perform cross-site request
forgery attacks. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www.kb.cert.org/vuls/id/498348
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103489
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103490
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103491
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103492
43.
Vulnerabilities in JSPAdmin (103485,
103486, 103487)
[01/06/2015] Vulnerabilities were identified in the JSPAdmin. An attacker
could bypass security restrictions, obtain sensitive information, execute
arbitrary code, perform code injection and cross-site scripting attacks. These
vulnerabilities affect version 1.1 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103485
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103486
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103487
44.
Vulnerability in Linux Kernel
(103483)
[01/06/2015]
Vulnerability was identified in the Linux
Kernel. An attacker could bypass security restrictions, gain elevated
privileges, obtain sensitive information, execute arbitrary code, cause a denial
of service condition and crash the system. This vulnerability affects multiple
versions of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/103483
45.
Security Updates in Debian
(DSA-3275-1)
[01/06/2015] Debian has
released security update packages for fixing the vulnerability identified in the
fusionforge package for multiple versions of Debian GNU/Linux. An attacker could
bypass security restrictions and execute arbitrary
code.
URL:www.debian.org/security/2015/dsa-3275
46.
Security Updates in Gentoo Linux (GLSA
201505-02, GLSA 201505-03)
[01/06/2015] Gentoo has
released security update packages for fixing the vulnerabilities identified in
the adobe-flash and phpmyadmin packages for multiple versions of Gentoo Linux.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:security.gentoo.org/glsa/201505-02
URL:security.gentoo.org/glsa/201505-03
No comments:
Post a Comment