1. Information
Updates on Microsoft Security Bulletins (3004365, 3065718,
3076321)
[24/07/2015]
Microsoft has updated information on the
Security Bulletins for Microsoft Windows, Microsoft SQL Server and Microsoft
Internet Explorer. (a) MS15-006 was revised to inform customers of the July 14,
2015 reoffering of the 3004365 update for Windows 8.1 and Windows Server 2012 R2
systems. (b) MS15-058 was revised to improve the Update FAQ section to help
customers more easily identify the correct update to apply based on a currently
installed version of SQL Server. (c) MS15-065 corrected the affected software
entries for CVE-2015-1733 in the Severity Ratings and Vulnerability Identifiers
table.
URL:technet.microsoft.com/en-us/library/security/MS15-006
URL:technet.microsoft.com/en-us/library/security/MS15-058
URL:technet.microsoft.com/en-us/library/security/MS15-065
2. Vulnerabilities in F5 Products (SOL16907,
SOL16908)
[24/07/2015]
Vulnerabilities were identified in the F5 BIG-IP
LTM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM,
BIG-IP Link Controller, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM and ARX.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, cause a denial of service condition and crash the
system. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16907.html
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16908.html
3. Vulnerabilities in NetCracker Resource Management
(104985, 104986)
[24/07/2015] Vulnerabilities were identified in the NetCracker Resource
Management. An attacker could bypass security restrictions, execute arbitrary
code, perform code injection and cross-site scripting attacks. These
vulnerabilities affect versions prior to 8.2 of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104985
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104986
4. Vulnerabilities in
WordPress
[24/07/2015]
Vulnerabilities were identified in the
WordPress. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
versions prior to 4.2.3 of the mentioned product. Security patches are available
to resolve these
vulnerabilities.
URL:wordpress.org/news/2015/07/wordpress-4-2-3/
URL:www.us-cert.gov/ncas/current-activity/2015/07/23/WordPress-Releases-Security-Update
5. Security Updates in Oracle Linux
(ELSA-2015-1483)
[24/07/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the libuser package for Oracle Linux 7. Due to multiple errors, an attacker
could bypass security restriction, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-1483.html
6. Security Updates in Debian
(DSA-3313-1)
[24/07/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the linux package for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:www.debian.org/security/2015/dsa-3313
7. Security Updates in FreeBSD
(FreeBSD-SA-15:13.tcp)
[24/07/2015] FreeBSD
has released security update packages for fixing the vulnerability identified in
the Transmission Control Protocol package for multiple versions of FreeBSD
Linux. An attacker could bypass security restrictions, cause a denial of service
condition and crash the
system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:13.tcp.asc
8. Security Updates in Gentoo Linux (GLSA
201507-22)
[24/07/2015]
Gentoo has released security update packages for
fixing the vulnerability identified in the e2fsprogs package for multiple
versions of Gentoo Linux. An attacker could bypass security restrictions and
execute arbitrary
code.
URL:security.gentoo.org/glsa/201507-22
9. Security Updates in Mageia (MGASA-2015-0276,
MGASA-2015-0277)
[24/07/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the php, php-apc and java-1.7.0-openjdk packages for multiple versions of
Mageia. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0276.html
URL:advisories.mageia.org/MGASA-2015-0277.html
10.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1482-1, RHSA-2015:1483-1,
RHSA-2015:1488-1)
[24/07/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the libuser and java-1.7.0-ibm packages for Red Hat Enterprise Linux 5, 6 and
7. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1482.html
URL:rhn.redhat.com/errata/RHSA-2015-1483.html
URL:rhn.redhat.com/errata/RHSA-2015-1488.html
11.
Security Updates in Ubuntu GNU/Linux
(USN-2678-1, USN-2679-1, USN-2680-1, USN-2681-1, USN-2682-1, USN-2683-1,
USN-2684-1)
[24/07/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the linux, linux-ti-omap4, linux-lts-trusty, linux-lts-utopic and
linux-lts-vivid packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2678-1/
URL:www.ubuntu.com/usn/usn-2679-1/
URL:www.ubuntu.com/usn/usn-2680-1/
URL:www.ubuntu.com/usn/usn-2681-1/
URL:www.ubuntu.com/usn/usn-2682-1/
URL:www.ubuntu.com/usn/usn-2683-1/
URL:www.ubuntu.com/usn/usn-2684-1/
12.
Vulnerabilities in Cisco Products
(cisco-sa-20150722-apic, cisco-sa-20150722-mp,
cisco-sa-20150722-tftp)
[23/07/2015] Vulnerabilities were identified in the Cisco Application
Policy Infrastructure Controller (APIC), Cisco Nexus 9000 Series ACI Mode
Switch, Cisco Unified MeetingPlace Web Conferencing application, Cisco IOS and
Cisco IOS XE Software. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, perform
cross-site request forgery attacks, cause a denial of service condition and
compromise the system. These vulnerabilities affect multiple firmware versions
of the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-apic
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-mp
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-tftp
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40068
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104948
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104949
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104951
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104952
13.
Vulnerabilities in F5 Products (SOL16983,
SOL16993)
[23/07/2015]
Vulnerabilities were identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ
Device, BIG-IQ Security, BIG-IQ ADC and Traffix SDC. An attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and crash the
system. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16983.html
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16993.html
14.
Vulnerability in EMC
(104950)
[23/07/2015]
Vulnerability was identified in the EMC Avamar
and Avamar Virtual Edition (AVE). An attacker could bypass security restrictions
and obtain sensitive information. This vulnerability affects versions prior to
7.1.2 of the mentioned products. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104950
15.
Vulnerability in Elasticsearch Logstash
(104947)
[23/07/2015]
Vulnerability was identified in the
Elasticsearch Logstash. An attacker could bypass security restrictions, obtain
sensitive information and perform FREAK attacks. This vulnerability affects
versions prior to 1.4.4 or 1.5.3 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104947
16.
Vulnerability in Portfolio Plugin for
WordPress (104932)
[23/07/2015] Vulnerability was identified in the Portfolio Plugin for
WordPress. An attacker could bypass security restrictions, execute arbitrary
code and perform cross-site request forgery attacks. This vulnerability affects
version 1.0 of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104932
17.
Security Updates in Debian
(DSA-3312-1)
[23/07/2015] Debian has
released security update packages for fixing the vulnerability identified in the
cacti package for multiple versions of Debian GNU/Linux. An attacker could
bypass security restrictions, execute arbitrary code and perform code injection
attacks.
URL:www.debian.org/security/2015/dsa-3312
18.
Security Updates in Gentoo Linux (GLSA
201507-21)
[23/07/2015]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the libXfont package for multiple
versions of Gentoo Linux. Due to multiple errors, an attacker could bypass
security restrictions, execute arbitrary code, cause a denial of service
condition and crash the
system.
URL:security.gentoo.org/glsa/201507-21
19.
Security Updates in SUSE
(openSUSE-SU-2015:1277-1)
[23/07/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the libressl package of openSUSE 13.2. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
20.
Security Updates in Ubuntu GNU/Linux
(USN-2675-1, USN-2676-1)
[23/07/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the lxc and NBD packages for versions 12.04 LTS, 14.04 LTS, 14.10 and 15.04 of
Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2675-1/
URL:www.ubuntu.com/usn/usn-2676-1/
21.
Vulnerabilities in Cisco
Products
[22/07/2015]
Vulnerabilities were identified in the Cisco
WebEx Meetings Server and Cisco IOS XR. An attacker could bypass security
restrictions, obtain sensitive information, execute arbitrary code, perform
cross-site request forgery attacks, cause a denial of service condition and
crash the system. These vulnerabilities affect multiple firmware versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40021
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40067
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104913
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104914
22.
Vulnerabilities in Google
Chrome
[22/07/2015]
Vulnerabilities were identified in the Google
Chrome. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
versions prior to 44.0.2403.89 of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:googlechromereleases.blogspot.hk/2015/07/stable-channel-update_21.html
URL:www.us-cert.gov/ncas/current-activity/2015/07/21/Google-Releases-Security-Update-Chrome
23.
Vulnerability in Siemens SIPROTEC 4 and
SIPROTEC Compact devices (SSA-732541)
[22/07/2015] Vulnerability was identified in the Siemens SIPROTEC 4 and
SIPROTEC Compact devices. An attacker could bypass security restrictions, cause
a denial of service condition and crash the system. This vulnerability affects
firmware versions prior to V4.24 of the mentioned products. Security patches are
available to resolve this
vulnerability.
URL:www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-732541.pdf
URL:ics-cert.us-cert.gov/advisories/ICSA-15-202-01
24.
Vulnerability in Hospira Symbiq Infusion
System (ICSA-15-174-01)
[22/07/2015] Vulnerability was identified in the Hospira Symbiq Infusion
System. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code and compromise the
system. This vulnerability affects versions prior to 3.13 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-174-01
25.
Vulnerability in Cacti
(104901)
[22/07/2015]
Vulnerability was identified in the Cacti. An
attacker could bypass security restrictions, execute arbitrary code and perform
code injection attacks. This vulnerability affects versions prior to 0.8.8e of
the mentioned product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104901
26.
Security Updates in SUSE
(SUSE-SU-2015:1273-1)
[22/07/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the mariadb package of SUSE Linux Enterprise 12. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00036.html
27.
Security Updates in Ubuntu GNU/Linux
(USN-2674-1)
[22/07/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the mysql-5.5 and mysql-5.6 packages for versions 12.04 LTS, 14.04 LTS, 14.10
and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2674-1/
28. Vulnerability in Microsoft Windows
(3079904)
[21/07/2015]
Vulnerability was identified in the Microsoft
Windows. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code and compromise the
system. This vulnerability affects all supported versions of the mentioned
products. Security patches are available to resolve this
vulnerability.
URL:technet.microsoft.com/en-us/library/security/MS15-078
URL:www.us-cert.gov/ncas/current-activity/2015/07/20/Microsoft-Releases-Security-Update
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104867
29.
Vulnerabilities in Cisco
Products
[21/07/2015]
Vulnerabilities were identified in the Cisco
WebEx Training Center, Cisco WebEx Meetings, Cisco WebEx, Cisco Unified
Computing System Manager and Cisco Videoscape Policy Resource Manager. An
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, perform code injection and cross-site scripting attacks,
cause a denial of service condition and compromise the system. These
vulnerabilities affect multiple firmware versions of the mentioned products.
Security patches are available to resolve these vulnerabilities except the Cisco
Videoscape Policy Resource
Manager.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39753
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39755
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39756
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39990
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40050
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104878
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104879
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104880
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104881
30.
Vulnerabilities in HP Client Automation
agent (104882, 104883)
[21/07/2015] Vulnerabilities were identified in the HP Client Automation
agent. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. The affected version was not
specified.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104882
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104883
31.
Vulnerability in Total Commander's File
Info plugin (VU#813631)
[21/07/2015] Vulnerability was identified in the Total Commander's File
Info plugin. An attacker could bypass security restrictions, cause a denial of
service condition and crash the system. This vulnerability affects versions
prior to 2.22 of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/813631
32.
Vulnerability in SolarWinds N-Able
N-Central (VU#912036)
[21/07/2015] Vulnerability was identified in the SolarWinds N-Able
N-Central. An attacker could bypass security restrictions, obtain sensitive
information and gain elevated privileges. This vulnerability affects multiple
versions of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:www.kb.cert.org/vuls/id/912036
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104874
33.
Vulnerability in OpenSSH
(104877)
[21/07/2015]
Vulnerability was identified in the OpenSSH. An
attacker could bypass security restrictions and obtain sensitive information.
The affected version was not
specified.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104877
34.
Security Updates in Oracle Linux and
Solaris (ELSA-2015-1443, ELSA-2015-1455)
[21/07/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the bind and thunderbird packages for Oracle Linux 5, 6 and 7. Due to multiple
errors, an attacker could bypass security restriction, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-1443.html
URL:linux.oracle.com/errata/ELSA-2015-1455.html
35.
Security Updates in Debian (DSA-3310-1,
DSA-3311-1)
[21/07/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the freexl and mariadb-10.0 packages for multiple versions of Debian GNU/Linux.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3310
URL:www.debian.org/security/2015/dsa-3311
36.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1443-1, RHSA-2015:11455-1)
[21/07/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the bind and thunderbird packages for Red Hat Enterprise Linux 5, 6 and 7.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1443.html
URL:rhn.redhat.com/errata/RHSA-2015-1455.html
37.
Security Updates in SUSE
(SUSE-SU-2015:1268-1, SUSE-SU-2015:1268-2,
SUSE-SU-2015:1269-1)
[21/07/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the mozillafirefox, mozilla-nspr and mozilla-nss packages of SUSE Linux
Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00035.html
38.
Security Updates in Ubuntu GNU/Linux
(USN-2673-1)
[21/07/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the thunderbird package for versions 12.04 LTS, 14.04 LTS, 14.10 and 15.04 of
Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2673-1/
39. Vulnerability in Novell GroupWise
(104847)
[20/07/2015]
Vulnerability was identified in the Novell
GroupWise. An attacker could bypass security restrictions, execute arbitrary
code and perform cross-site scripting attacks. This vulnerability affects
versions prior to 2014 Support Pack 2 of the mentioned product. Security patches
are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104847
40.
Vulnerability in F5 Products
(SOL16984)
[20/07/2015]
Vulnerability was identified in the F5 ARX and
Traffix SDC. An attacker could bypass security restrictions and execute
arbitrary code. This vulnerability affects multiple versions of the mentioned
products. Security patches are available to resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16984.html
41.
Vulnerability in Siemens SICAM MIC
(SSA-632547)
[20/07/2015] Vulnerability was identified in the Siemens SICAM MIC
telecontrol device. An attacker could bypass security restrictions, execute
arbitrary code and compromise the system. This vulnerability affects firmware
versions prior to V2404 of the mentioned products. Security patches are
available to resolve this
vulnerability.
URL:www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-632547.pdf
URL:ics-cert.us-cert.gov/advisories/ICSA-15-195-01
42.
Vulnerabilities in Elasticsearch (104848,
104849)
[20/07/2015]
Vulnerabilities were identified in the
Elasticsearch. An attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary code. These vulnerabilities affect versions
prior to 1.6.1 or 1.7.0 of the mentioned product. Security patches are available
to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104848
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104849
43.
Security Updates in Debian (DSA-3308-1,
DSA-3309-1)
[20/07/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the mysql-5.5 and tidy packages for multiple versions of Debian GNU/Linux. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3308
URL:www.debian.org/security/2015/dsa-3309
44.
Security Updates in Gentoo Linux (GLSA
201507-20)
[20/07/2015]
Gentoo has released security update packages for
fixing the vulnerabilities identified in the postgresql package for multiple
versions of Gentoo Linux. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:security.gentoo.org/glsa/201507-20
45.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1241-1, RHSA-2015:1242-1,
RHSA-2015:1243-1)
[20/07/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the java-1.8.0-oracle, java-1.7.0-oracle and java-1.6.0-sun packages for Red
Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1241.html
URL:rhn.redhat.com/errata/RHSA-2015-1242.html
URL:rhn.redhat.com/errata/RHSA-2015-1243.html
46.
Security Updates in Slackware
(SSA:2015-198-01, SSA:2015-198-02)
[20/07/2015] Slackware
has released security update packages for fixing the vulnerabilities identified
in the httpd and php packages for multiple versions of Slackware Linux. An
attacker could bypass security restriction, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.420251
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.455436
47.
Security Updates in SUSE
(SUSE-SU-2015:1253-1, SUSE-SU-2015:1253-2, SUSE-SU-2015:1255-1,
SUSE-SU-2015:1258-1, SUSE-SU-2015:1265-1, openSUSE-SU-2015:1266-1,
openSUSE-SU-2015:1267-1)
[20/07/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the php5, flash-player, PHP and Mozilla (Firefox/Thunderbird) packages of SUSE
Linux Enterprise 11 and 12, and openSUSE Evergreen 11.4. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00026.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00027.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00030.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html
Sunday, July 26, 2015
Sunday, July 19, 2015
IT Security Alerts Weekly Digest (12 Jul ~ 18 Jul 2015)
1. Vulnerabilities in Apache Products
[17/07/2015] Vulnerabilities were identified in the Apache HTTP Server and Apache Groovy. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:httpd.apache.org/download.cgi#apache24
URL:groovy-lang.org/security.html
URL:www.hkcert.org/my_url/en/alert/15071701
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104819
2. Vulnerability in Cisco Prime Collaboration Assurance (40003)
[17/07/2015] Vulnerability was identified in the Cisco Prime Collaboration Assurance. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects firmware version 10.0.0 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40003
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104831
3. Vulnerabilities in EMC Documentum Products (104820, 104821)
[17/07/2015] Vulnerabilities were identified in the EMC Documentum CenterStage, EMC Documentum WebTop and WebTop based client. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform cross-site scripting and phishing attacks. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104820
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104821
4. Vulnerability in Path Breadcrumbs module for Drupal (DRUPAL-SA-CONTRIB-2015-133)
[17/07/2015] Vulnerability was identified in the Path Breadcrumbs module for Drupal. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects versions prior to 7.x-3.3 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.drupal.org/node/2533926
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104815
5. Security Updates in Oracle Linux and Solaris (ELSA-2015-1230, ELSA-2015-3049, ELSA-2015-3050)
[17/07/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the java-1.7.0-openjdk and kernel packages for Oracle Linux 5 and 6. Due to multiple errors, an attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-1230.html
URL:linux.oracle.com/errata/ELSA-2015-3049.html
URL:linux.oracle.com/errata/ELSA-2015-3050.html
6. Security Updates in Mageia (MGASA-2015-0275)
[17/07/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the flash-player-plugin package for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restriction, gain elevated privileges, execute arbitrary code and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0275.html
7. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1235-1)
[17/07/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the Adobe Flash Player packages for Red Hat Enterprise Linux 5 and 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1235.html
8. Vulnerabilities in Cisco Products (cisco-sa-20150715-vds)
[16/07/2015] Vulnerabilities were identified in the Cisco Videoscape Delivery System, Cisco Unified Intelligence Center, Cisco Packet Data Network Gateway, Cisco WebEx Meetings Server and Cisco Email Security Appliance. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities except the Cisco Email Security Appliance.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150715-vds
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39920
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39934
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39938
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39940
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104800
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104802
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104806
9. Vulnerability in NetIQ Security Solutions (104803)
[16/07/2015] Vulnerability was identified in the NetIQ Security Solutions for iSeries. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects version 8.1 of the mentioned products. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104803
10. Security Updates in Oracle Linux and Solaris (ELSA-2015-1228, ELSA-2015-1229, ELSA-2015-3048)
[16/07/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the java-1.8.0-openjdk, java-1.7.0-openjdk and kernel packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-1228.html
URL:linux.oracle.com/errata/ELSA-2015-1229.html
URL:linux.oracle.com/errata/ELSA-2015-3048.html
11. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1228-1, RHSA-2015:1229-1, RHSA-2015:1230-1)
[16/07/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the java-1.8.0-openjdk and java-1.7.0-openjdk packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1228.html
URL:rhn.redhat.com/errata/RHSA-2015-1229.html
URL:rhn.redhat.com/errata/RHSA-2015-1230.html
12. Security Updates in Ubuntu GNU/Linux (USN-2656-2)
[16/07/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the firefox package for versions 12.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2656-2/
13. Vulnerabilities in Microsoft Products (2974294, 3065718, 3067505, 3068457, 3069392, 3070102, 3072000, 3072604, 3072620, 3072630, 3072631, 3072633, 3073094, 3074162, 3076321, 3077657)
[15/07/2015] Vulnerabilities were identified in the Microsoft SQL Server, Microsoft Internet Explorer, Microsoft Windows, Microsoft Office and Microsoft Malicious Software Removal Tool (MSRT). An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:technet.microsoft.com/en-us/library/security/ms15-jul.aspx
URL:technet.microsoft.com/library/security/MS15-058
URL:technet.microsoft.com/library/security/MS15-065
URL:technet.microsoft.com/library/security/MS15-066
URL:technet.microsoft.com/library/security/MS15-067
URL:technet.microsoft.com/library/security/MS15-068
URL:technet.microsoft.com/library/security/MS15-069
URL:technet.microsoft.com/library/security/MS15-070
URL:technet.microsoft.com/library/security/MS15-071
URL:technet.microsoft.com/library/security/MS15-072
URL:technet.microsoft.com/library/security/MS15-073
URL:technet.microsoft.com/library/security/MS15-074
URL:technet.microsoft.com/library/security/MS15-075
URL:technet.microsoft.com/library/security/MS15-076
URL:technet.microsoft.com/library/security/MS15-077
URL:technet.microsoft.com/en-us/library/security/2974294
URL:technet.microsoft.com/en-us/library/security/3074162
URL:www.hkcert.org/my_url/en/alert/15071507
URL:www.hkcert.org/my_url/en/alert/15071508
URL:www.hkcert.org/my_url/en/alert/15071509
URL:www.hkcert.org/my_url/en/alert/15071510
URL:www.hkcert.org/my_url/en/alert/15071511
URL:www.hkcert.org/my_url/en/alert/15071512
URL:www.hkcert.org/my_url/en/alert/15071513
URL:www.hkcert.org/my_url/en/alert/15071514
URL:www.hkcert.org/my_url/en/alert/15071515
URL:www.hkcert.org/my_url/en/alert/15071516
URL:www.hkcert.org/my_url/en/alert/15071517
URL:www.hkcert.org/my_url/en/alert/15071518
URL:www.hkcert.org/my_url/en/alert/15071519
URL:www.us-cert.gov/ncas/current-activity/2015/07/14/Microsoft-Releases-July-2015-Security-Bulletin
14. Information Updates on Microsoft Security Advisory (3057154)
[15/07/2015] Microsoft has published Security Advisory KB3057154 for Microsoft Windows to enhance user protection in environments where DES is still enabled for application compatibility reasons.
URL:technet.microsoft.com/en-us/library/security/3057154
15. Vulnerabilities in Adobe Products (APSB15-15, APSB15-17, APSB15-18)
[15/07/2015] Vulnerabilities were identified in the Adobe Acrobat and Reader, Adobe Shockwave Player and Adobe Flash Player. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:helpx.adobe.com/security/products/acrobat/apsb15-15.html
URL:helpx.adobe.com/security/products/shockwave/apsb15-17.html
URL:helpx.adobe.com/security/products/flash-player/apsb15-18.html
URL:www.hkcert.org/my_url/en/alert/15071503
URL:www.hkcert.org/my_url/en/alert/15071504
URL:www.hkcert.org/my_url/en/alert/15071505
URL:www.kb.cert.org/vuls/id/338736
URL:www.kb.cert.org/vuls/id/918568
URL:www.us-cert.gov/ncas/current-activity/2015/07/11/Adobe-Flash-ActionScript-3-opaqueBackground-Use-After-Free
URL:www.us-cert.gov/ncas/current-activity/2015/07/14/Adobe-Releases-Security-Update-Shockwave-Player
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104569
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104570
16. Security Updates in Oracle Products
[15/07/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the Oracle Database Server, Oracle Fusion Applications and Middleware, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite, Oracle Supply Chain Products Suite, Oracle PeopleSoft Products, Oracle JD Edwards Products, Oracle Siebel CRM, Oracle iLearning, Oracle Communications Applications, Oracle Retail Applications, Oracle Health Sciences Applications, Oracle Java SE, Oracle and Sun Systems Products, Oracle Linux and Virtualization, Oracle MySQL and Support Tools. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. Security patches are available to resolve these vulnerabilities.
URL:www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
URL:www.hkcert.org/my_url/en/alert/15071506
URL:www.us-cert.gov/ncas/current-activity/2015/07/14/Oracle-Releases-July-2015-Security-Advisory
17. Vulnerabilities in Cisco Products
[15/07/2015] Vulnerabilities were identified in the Cisco Identity Services Engine, Cisco TelePresence Integrator C Series devices, Cisco Packet Data Network Gateway and Cisco Adaptive Security Appliance. An attacker could bypass security restrictions, execute arbitrary code, perform code injection and cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39871
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39872
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39880
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39907
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39919
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104562
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104564
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104568
18. Vulnerabilities in F5 Products (SOL16954)
[15/07/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16954.html
19. Vulnerabilities in Juniper Junos OS with J-Web (JSA10682)
[15/07/2015] Vulnerabilities were identified in the Juniper Junos OS with J-Web. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:kb.juniper.net/index?page=content&id=JSA10682
20. Vulnerability in BlackBerry Link (BSRT-2015-001)
[15/07/2015] Vulnerability was identified in the BlackBerry Link. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise the system. This vulnerability affects versions prior to 1.2.3.53 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:btsc.webapps.blackberry.com/btsc/dynamickc.do?externalId=KB37207&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB37207
21. Vulnerabilities in Samsung SyncThru (104565)
[15/07/2015] Vulnerabilities were identified in the Samsung SyncThru. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions prior to 6 v1.0 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104565
22. Security Updates in Oracle Linux and Solaris (ELSA-2015-1221)
[15/07/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel package for Oracle Linux 6, Apache Tomcat and X.Org packages for Oracle Solaris 10 and 11.1. Due to multiple errors, an attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-1221.html
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0075_numeric_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0096_permissions_privileges
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0099_numeric_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0119_permissions_privileges
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_tomcat4
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_x_org2
23. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1221-1)
[15/07/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the kernel package for Red Hat Enterprise Linux 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1221.html
24. Vulnerabilities in Cisco Products
[14/07/2015] Vulnerabilities were identified in the Cisco Identity Services Engine, Cisco Unified Communications Manager and Cisco FireSIGHT Management Center. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform code injection and cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39873
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39877
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39879
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39905
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104545
25. Vulnerability in F5 BIG-IP Edge Clients for Windows (SOL16903)
[14/07/2015] Vulnerability was identified in the F5 BIG-IP Edge Clients for Windows. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cipher-downgrade attacks. This vulnerability affects versions 6035.x - 7110.x of the mentioned product. Security patches are available to resolve this vulnerability as recommended in Microsoft Security Bulletin MS15-031.
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16903.html
26. Vulnerabilities in Moodle (MSA-15-0026, MSA-15-0027, MSA-15-0028, MSA-15-0029)
[14/07/2015] Vulnerabilities were identified in the Moodle. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:moodle.org/security/
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104541
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104542
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104543
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104544
27. Vulnerabilities in SAP Products (104276, 104511)
[14/07/2015] Vulnerabilities were identified in the SAP ECC and SAP Afaria. An attacker could bypass security restrictions and gain elevated privileges. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104276
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104511
28. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1120-2)
[14/07/2015] Red Hat has released security update packages for fixing the vulnerability identified in the kernel package for Red Hat Enterprise Linux 5.9 Advanced Update Support. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-1120.html
29. Security Updates in SUSE (openSUSE-SU-2015:1229-1)
[14/07/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the MozillaFirefox and mozilla-nss packages of openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
30. Vulnerabilities in Adobe Flash Player (APSA15-04)
[13/07/2015] Vulnerabilities were identified in the Adobe Flash Player. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned product.
URL:helpx.adobe.com/security/products/flash-player/apsa15-04.html
URL:www.kb.cert.org/vuls/id/338736
URL:www.kb.cert.org/vuls/id/918568
URL:www.us-cert.gov/ncas/current-activity/2015/07/11/Adobe-Flash-ActionScript-3-opaqueBackground-Use-After-Free
31. Vulnerabilities in Apple OS X (HT202681)
[13/07/2015] Vulnerabilities were identified in the Apple OS X. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-us/HT202681
32. Vulnerabilities in Cisco Products (cisco-sa-20150710-openssl)
[13/07/2015] Vulnerabilities were identified in the multiple Cisco Products. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform code injection and cross-site scripting attacks, and compromise the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities except the Cisco TelePresence Advanced Media Gateway and Cisco Mobility Services Engine.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39782
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39785
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39797
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39825
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104521
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104523
33. Vulnerabilities in Novell Products (5214311)
[13/07/2015] Vulnerabilities were identified in the Novell NetIQ Sentinel. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=QhraQvuhtlA~
34. Vulnerabilities in F5 Products (SOL16945, SOL16949, SOL16950)
[13/07/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC and Traffix SDC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16945.html
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16949.html
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16950.html
35. Vulnerability in VMware Products (VMSA-2015-0005)
[13/07/2015] Vulnerability was identified in the VMware Workstation, VMware Player and VMware Horizon View Client for Windows. An attacker could bypass security restrictions and gain elevated privileges. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.vmware.com/security/advisories/VMSA-2015-0005.html
URL:www.us-cert.gov/ncas/current-activity/2015/07/10/VMware-Releases-Security-Advisory
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104519
36. Vulnerability in EMC RecoverPoint (104522)
[13/07/2015] Vulnerability was identified in the EMC RecoverPoint for VMs Installation Manager. An attacker could bypass security restrictions and gain elevated privileges. This vulnerability affects version 4.2 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104522
37. Security Updates in Debian (DSA-3306-1, DSA-3307-1)
[13/07/2015] Debian has released security update packages for fixing the vulnerabilities identified in the pdns and pdns-recursor packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3306
URL:www.debian.org/security/2015/dsa-3307
38. Security Updates in Gentoo Linux (GLSA 201507-10, GLSA 201507-11, GLSA 201507-12, GLSA 201507-13, GLSA 201507-14, GLSA 201507-15, GLSA 201507-16, GLSA 201507-17, GLSA 201507-18, GLSA 201507-19)
[13/07/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the t1utils, perl, libcapsinetwork, adobe-flash, oracle-jre-bin, openssl, portage, net-snmp, chromium and mysql packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:security.gentoo.org/glsa/201507-10
URL:security.gentoo.org/glsa/201507-11
URL:security.gentoo.org/glsa/201507-12
URL:security.gentoo.org/glsa/201507-13
URL:security.gentoo.org/glsa/201507-14
URL:security.gentoo.org/glsa/201507-15
URL:security.gentoo.org/glsa/201507-16
URL:security.gentoo.org/glsa/201507-17
URL:security.gentoo.org/glsa/201507-18
URL:security.gentoo.org/glsa/201507-19
39. Security Updates in Mageia (MGASA-2015-0274)
[13/07/2015] Mageia has released security update packages for fixing the vulnerability identified in the openssl packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions and obtain sensitive information.
URL:advisories.mageia.org/MGASA-2015-0274.html
40. Security Updates in Slackware (SSA:2015-192-01)
[13/07/2015] Slackware has released security update packages for fixing the vulnerability identified in the mozilla-thunderbird packages for multiple versions of Slackware Linux. An attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360005
41. Security Updates in SUSE (SUSE-SU-2015:1224-1, SUSE-SU-2015:1177-2)
[13/07/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the Linux Kernel and MySQL packages of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00024.html
[17/07/2015] Vulnerabilities were identified in the Apache HTTP Server and Apache Groovy. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:httpd.apache.org/download.cgi#apache24
URL:groovy-lang.org/security.html
URL:www.hkcert.org/my_url/en/alert/15071701
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104819
2. Vulnerability in Cisco Prime Collaboration Assurance (40003)
[17/07/2015] Vulnerability was identified in the Cisco Prime Collaboration Assurance. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects firmware version 10.0.0 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40003
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104831
3. Vulnerabilities in EMC Documentum Products (104820, 104821)
[17/07/2015] Vulnerabilities were identified in the EMC Documentum CenterStage, EMC Documentum WebTop and WebTop based client. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform cross-site scripting and phishing attacks. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104820
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104821
4. Vulnerability in Path Breadcrumbs module for Drupal (DRUPAL-SA-CONTRIB-2015-133)
[17/07/2015] Vulnerability was identified in the Path Breadcrumbs module for Drupal. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects versions prior to 7.x-3.3 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.drupal.org/node/2533926
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104815
5. Security Updates in Oracle Linux and Solaris (ELSA-2015-1230, ELSA-2015-3049, ELSA-2015-3050)
[17/07/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the java-1.7.0-openjdk and kernel packages for Oracle Linux 5 and 6. Due to multiple errors, an attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-1230.html
URL:linux.oracle.com/errata/ELSA-2015-3049.html
URL:linux.oracle.com/errata/ELSA-2015-3050.html
6. Security Updates in Mageia (MGASA-2015-0275)
[17/07/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the flash-player-plugin package for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restriction, gain elevated privileges, execute arbitrary code and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0275.html
7. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1235-1)
[17/07/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the Adobe Flash Player packages for Red Hat Enterprise Linux 5 and 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1235.html
8. Vulnerabilities in Cisco Products (cisco-sa-20150715-vds)
[16/07/2015] Vulnerabilities were identified in the Cisco Videoscape Delivery System, Cisco Unified Intelligence Center, Cisco Packet Data Network Gateway, Cisco WebEx Meetings Server and Cisco Email Security Appliance. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities except the Cisco Email Security Appliance.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150715-vds
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39920
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39934
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39938
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39940
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104800
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104802
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104806
9. Vulnerability in NetIQ Security Solutions (104803)
[16/07/2015] Vulnerability was identified in the NetIQ Security Solutions for iSeries. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects version 8.1 of the mentioned products. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104803
10. Security Updates in Oracle Linux and Solaris (ELSA-2015-1228, ELSA-2015-1229, ELSA-2015-3048)
[16/07/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the java-1.8.0-openjdk, java-1.7.0-openjdk and kernel packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-1228.html
URL:linux.oracle.com/errata/ELSA-2015-1229.html
URL:linux.oracle.com/errata/ELSA-2015-3048.html
11. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1228-1, RHSA-2015:1229-1, RHSA-2015:1230-1)
[16/07/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the java-1.8.0-openjdk and java-1.7.0-openjdk packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1228.html
URL:rhn.redhat.com/errata/RHSA-2015-1229.html
URL:rhn.redhat.com/errata/RHSA-2015-1230.html
12. Security Updates in Ubuntu GNU/Linux (USN-2656-2)
[16/07/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the firefox package for versions 12.04 LTS of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2656-2/
13. Vulnerabilities in Microsoft Products (2974294, 3065718, 3067505, 3068457, 3069392, 3070102, 3072000, 3072604, 3072620, 3072630, 3072631, 3072633, 3073094, 3074162, 3076321, 3077657)
[15/07/2015] Vulnerabilities were identified in the Microsoft SQL Server, Microsoft Internet Explorer, Microsoft Windows, Microsoft Office and Microsoft Malicious Software Removal Tool (MSRT). An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:technet.microsoft.com/en-us/library/security/ms15-jul.aspx
URL:technet.microsoft.com/library/security/MS15-058
URL:technet.microsoft.com/library/security/MS15-065
URL:technet.microsoft.com/library/security/MS15-066
URL:technet.microsoft.com/library/security/MS15-067
URL:technet.microsoft.com/library/security/MS15-068
URL:technet.microsoft.com/library/security/MS15-069
URL:technet.microsoft.com/library/security/MS15-070
URL:technet.microsoft.com/library/security/MS15-071
URL:technet.microsoft.com/library/security/MS15-072
URL:technet.microsoft.com/library/security/MS15-073
URL:technet.microsoft.com/library/security/MS15-074
URL:technet.microsoft.com/library/security/MS15-075
URL:technet.microsoft.com/library/security/MS15-076
URL:technet.microsoft.com/library/security/MS15-077
URL:technet.microsoft.com/en-us/library/security/2974294
URL:technet.microsoft.com/en-us/library/security/3074162
URL:www.hkcert.org/my_url/en/alert/15071507
URL:www.hkcert.org/my_url/en/alert/15071508
URL:www.hkcert.org/my_url/en/alert/15071509
URL:www.hkcert.org/my_url/en/alert/15071510
URL:www.hkcert.org/my_url/en/alert/15071511
URL:www.hkcert.org/my_url/en/alert/15071512
URL:www.hkcert.org/my_url/en/alert/15071513
URL:www.hkcert.org/my_url/en/alert/15071514
URL:www.hkcert.org/my_url/en/alert/15071515
URL:www.hkcert.org/my_url/en/alert/15071516
URL:www.hkcert.org/my_url/en/alert/15071517
URL:www.hkcert.org/my_url/en/alert/15071518
URL:www.hkcert.org/my_url/en/alert/15071519
URL:www.us-cert.gov/ncas/current-activity/2015/07/14/Microsoft-Releases-July-2015-Security-Bulletin
14. Information Updates on Microsoft Security Advisory (3057154)
[15/07/2015] Microsoft has published Security Advisory KB3057154 for Microsoft Windows to enhance user protection in environments where DES is still enabled for application compatibility reasons.
URL:technet.microsoft.com/en-us/library/security/3057154
15. Vulnerabilities in Adobe Products (APSB15-15, APSB15-17, APSB15-18)
[15/07/2015] Vulnerabilities were identified in the Adobe Acrobat and Reader, Adobe Shockwave Player and Adobe Flash Player. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:helpx.adobe.com/security/products/acrobat/apsb15-15.html
URL:helpx.adobe.com/security/products/shockwave/apsb15-17.html
URL:helpx.adobe.com/security/products/flash-player/apsb15-18.html
URL:www.hkcert.org/my_url/en/alert/15071503
URL:www.hkcert.org/my_url/en/alert/15071504
URL:www.hkcert.org/my_url/en/alert/15071505
URL:www.kb.cert.org/vuls/id/338736
URL:www.kb.cert.org/vuls/id/918568
URL:www.us-cert.gov/ncas/current-activity/2015/07/11/Adobe-Flash-ActionScript-3-opaqueBackground-Use-After-Free
URL:www.us-cert.gov/ncas/current-activity/2015/07/14/Adobe-Releases-Security-Update-Shockwave-Player
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104569
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104570
16. Security Updates in Oracle Products
[15/07/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the Oracle Database Server, Oracle Fusion Applications and Middleware, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite, Oracle Supply Chain Products Suite, Oracle PeopleSoft Products, Oracle JD Edwards Products, Oracle Siebel CRM, Oracle iLearning, Oracle Communications Applications, Oracle Retail Applications, Oracle Health Sciences Applications, Oracle Java SE, Oracle and Sun Systems Products, Oracle Linux and Virtualization, Oracle MySQL and Support Tools. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. Security patches are available to resolve these vulnerabilities.
URL:www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
URL:www.hkcert.org/my_url/en/alert/15071506
URL:www.us-cert.gov/ncas/current-activity/2015/07/14/Oracle-Releases-July-2015-Security-Advisory
17. Vulnerabilities in Cisco Products
[15/07/2015] Vulnerabilities were identified in the Cisco Identity Services Engine, Cisco TelePresence Integrator C Series devices, Cisco Packet Data Network Gateway and Cisco Adaptive Security Appliance. An attacker could bypass security restrictions, execute arbitrary code, perform code injection and cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39871
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39872
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39880
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39907
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39919
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104562
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104564
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104568
18. Vulnerabilities in F5 Products (SOL16954)
[15/07/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16954.html
19. Vulnerabilities in Juniper Junos OS with J-Web (JSA10682)
[15/07/2015] Vulnerabilities were identified in the Juniper Junos OS with J-Web. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:kb.juniper.net/index?page=content&id=JSA10682
20. Vulnerability in BlackBerry Link (BSRT-2015-001)
[15/07/2015] Vulnerability was identified in the BlackBerry Link. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise the system. This vulnerability affects versions prior to 1.2.3.53 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:btsc.webapps.blackberry.com/btsc/dynamickc.do?externalId=KB37207&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB37207
21. Vulnerabilities in Samsung SyncThru (104565)
[15/07/2015] Vulnerabilities were identified in the Samsung SyncThru. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions prior to 6 v1.0 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104565
22. Security Updates in Oracle Linux and Solaris (ELSA-2015-1221)
[15/07/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel package for Oracle Linux 6, Apache Tomcat and X.Org packages for Oracle Solaris 10 and 11.1. Due to multiple errors, an attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-1221.html
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0075_numeric_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0096_permissions_privileges
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0099_numeric_errors
URL:blogs.oracle.com/sunsecurity/entry/cve_2014_0119_permissions_privileges
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_tomcat4
URL:blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_x_org2
23. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1221-1)
[15/07/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the kernel package for Red Hat Enterprise Linux 6. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1221.html
24. Vulnerabilities in Cisco Products
[14/07/2015] Vulnerabilities were identified in the Cisco Identity Services Engine, Cisco Unified Communications Manager and Cisco FireSIGHT Management Center. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, perform code injection and cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39873
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39877
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39879
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39905
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104545
25. Vulnerability in F5 BIG-IP Edge Clients for Windows (SOL16903)
[14/07/2015] Vulnerability was identified in the F5 BIG-IP Edge Clients for Windows. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cipher-downgrade attacks. This vulnerability affects versions 6035.x - 7110.x of the mentioned product. Security patches are available to resolve this vulnerability as recommended in Microsoft Security Bulletin MS15-031.
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16903.html
26. Vulnerabilities in Moodle (MSA-15-0026, MSA-15-0027, MSA-15-0028, MSA-15-0029)
[14/07/2015] Vulnerabilities were identified in the Moodle. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:moodle.org/security/
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104541
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104542
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104543
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104544
27. Vulnerabilities in SAP Products (104276, 104511)
[14/07/2015] Vulnerabilities were identified in the SAP ECC and SAP Afaria. An attacker could bypass security restrictions and gain elevated privileges. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104276
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104511
28. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1120-2)
[14/07/2015] Red Hat has released security update packages for fixing the vulnerability identified in the kernel package for Red Hat Enterprise Linux 5.9 Advanced Update Support. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-1120.html
29. Security Updates in SUSE (openSUSE-SU-2015:1229-1)
[14/07/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the MozillaFirefox and mozilla-nss packages of openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
30. Vulnerabilities in Adobe Flash Player (APSA15-04)
[13/07/2015] Vulnerabilities were identified in the Adobe Flash Player. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned product.
URL:helpx.adobe.com/security/products/flash-player/apsa15-04.html
URL:www.kb.cert.org/vuls/id/338736
URL:www.kb.cert.org/vuls/id/918568
URL:www.us-cert.gov/ncas/current-activity/2015/07/11/Adobe-Flash-ActionScript-3-opaqueBackground-Use-After-Free
31. Vulnerabilities in Apple OS X (HT202681)
[13/07/2015] Vulnerabilities were identified in the Apple OS X. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-us/HT202681
32. Vulnerabilities in Cisco Products (cisco-sa-20150710-openssl)
[13/07/2015] Vulnerabilities were identified in the multiple Cisco Products. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform code injection and cross-site scripting attacks, and compromise the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities except the Cisco TelePresence Advanced Media Gateway and Cisco Mobility Services Engine.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39782
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39785
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39797
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39825
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104521
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104523
33. Vulnerabilities in Novell Products (5214311)
[13/07/2015] Vulnerabilities were identified in the Novell NetIQ Sentinel. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=QhraQvuhtlA~
34. Vulnerabilities in F5 Products (SOL16945, SOL16949, SOL16950)
[13/07/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC and Traffix SDC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16945.html
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16949.html
URL:support.f5.com/kb/en-us/solutions/public/16000/900/sol16950.html
35. Vulnerability in VMware Products (VMSA-2015-0005)
[13/07/2015] Vulnerability was identified in the VMware Workstation, VMware Player and VMware Horizon View Client for Windows. An attacker could bypass security restrictions and gain elevated privileges. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.vmware.com/security/advisories/VMSA-2015-0005.html
URL:www.us-cert.gov/ncas/current-activity/2015/07/10/VMware-Releases-Security-Advisory
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104519
36. Vulnerability in EMC RecoverPoint (104522)
[13/07/2015] Vulnerability was identified in the EMC RecoverPoint for VMs Installation Manager. An attacker could bypass security restrictions and gain elevated privileges. This vulnerability affects version 4.2 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/104522
37. Security Updates in Debian (DSA-3306-1, DSA-3307-1)
[13/07/2015] Debian has released security update packages for fixing the vulnerabilities identified in the pdns and pdns-recursor packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3306
URL:www.debian.org/security/2015/dsa-3307
38. Security Updates in Gentoo Linux (GLSA 201507-10, GLSA 201507-11, GLSA 201507-12, GLSA 201507-13, GLSA 201507-14, GLSA 201507-15, GLSA 201507-16, GLSA 201507-17, GLSA 201507-18, GLSA 201507-19)
[13/07/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the t1utils, perl, libcapsinetwork, adobe-flash, oracle-jre-bin, openssl, portage, net-snmp, chromium and mysql packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:security.gentoo.org/glsa/201507-10
URL:security.gentoo.org/glsa/201507-11
URL:security.gentoo.org/glsa/201507-12
URL:security.gentoo.org/glsa/201507-13
URL:security.gentoo.org/glsa/201507-14
URL:security.gentoo.org/glsa/201507-15
URL:security.gentoo.org/glsa/201507-16
URL:security.gentoo.org/glsa/201507-17
URL:security.gentoo.org/glsa/201507-18
URL:security.gentoo.org/glsa/201507-19
39. Security Updates in Mageia (MGASA-2015-0274)
[13/07/2015] Mageia has released security update packages for fixing the vulnerability identified in the openssl packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions and obtain sensitive information.
URL:advisories.mageia.org/MGASA-2015-0274.html
40. Security Updates in Slackware (SSA:2015-192-01)
[13/07/2015] Slackware has released security update packages for fixing the vulnerability identified in the mozilla-thunderbird packages for multiple versions of Slackware Linux. An attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360005
41. Security Updates in SUSE (SUSE-SU-2015:1224-1, SUSE-SU-2015:1177-2)
[13/07/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the Linux Kernel and MySQL packages of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html
URL:lists.opensuse.org/opensuse-security-announce/2015-07/msg00024.html
Subscribe to:
Posts (Atom)