1. Vulnerability
in Adobe ColdFusion (APSB15-21)
[28/08/2015] Vulnerability was identified in the Adobe ColdFusion. An
attacker could bypass security restrictions and obtain sensitive information.
This vulnerability affects versions prior to 10 Update 17 or 11 Update 6 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:helpx.adobe.com/security/products/coldfusion/apsb15-21.html
2. Vulnerabilities in Mozilla Firefox (MFSA 2015-94, MFSA
2015-95)
[28/08/2015]
Vulnerabilities were identified in the Mozilla
Firefox. An attacker could bypass security restriction and execute arbitrary
code on the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox/
URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-94/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-95/
URL:www.hkcert.org/my_url/en/alert/15082801
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105897
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105898
3. Vulnerability in Cisco Identity Services Engine Guest
Portal
[28/08/2015]
Vulnerability was identified in the Cisco
Identity Services Engine Guest Portal. An attacker could bypass security
restrictions. This vulnerability affects firmware version 1.2.0.899 patch 14 of
the mentioned
product.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40691
4. Vulnerabilities in F5 Products
(SOL17169)
[28/08/2015]
Vulnerability was identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device,
BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions
and obtain sensitive information. This vulnerability affects multiple versions
of the mentioned products. Security patches are available to resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17169.html
5. Vulnerabilities in HP notebook PCs
(c04773272)
[28/08/2015] Vulnerabilities were identified in the HP notebook PCs with
the HP lt4112 LTE/HSPA+ Gobi 4G Module. An attacker could bypass security
restriction and execute arbitrary code on the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04773272
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105904
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105905
6. Vulnerabilities in Moxa SoftCMS
(ICSA-15-239-01)
[28/08/2015] Vulnerabilities were identified in the Moxa SoftCMS. An
attacker could bypass security restrictions and execute arbitrary code on the
system. These vulnerabilities affect versions prior to 1.4 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-239-01
7. Vulnerability in Siemens SIMATIC S7-1200
(ICSA-15-239-02)
[28/08/2015] Vulnerability was identified in the Siemens SIMATIC S7-1200.
An attacker could bypass security restrictions, gain elevated privileges and
execute arbitrary code on the system. This vulnerability affects versions prior
to V4.1.3 of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-239-02
8. Vulnerability in Innominate mGuard VPN
(ICSA-15-239-03)
[28/08/2015] Vulnerability was identified in the Innominate mGuard VPN. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. This vulnerability affects firmware versions prior to
8.1.7 of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-239-03
9. Security Updates in Oracle Linux
(ELSA-2015-1693)
[28/08/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the firefox packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions, gain elevated privileges, execute
arbitrary code and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-1693.html
10.
Security Updates in Debian
(DSA-3344-1)
[28/08/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the php5 packages for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3344
11.
Security Updates in Mageia
(MGASA-2015-0326, MGASA-2015-0327, MGASA-2015-0328, MGASA-2015-0329,
MGASA-2015-0330)
[28/08/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the subversion, python-django14, python-django, drupal, vlc, thunderbird and
thunderbird-l10n packages for multiple versions of Mageia. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0326.html
URL:advisories.mageia.org/MGASA-2015-0327.html
URL:advisories.mageia.org/MGASA-2015-0328.html
URL:advisories.mageia.org/MGASA-2015-0329.html
URL:advisories.mageia.org/MGASA-2015-0330.html
12.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1693-1)
[28/08/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the firefox packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple
errors, an attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1693.html
13.
Security Updates in Ubuntu GNU/Linux
(USN-2723-1, USN-2724-1, USN-2725-1)
[28/08/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the firefox, qemu, qemu-kvm and cups-filters packages for versions 12.04 LTS,
14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:www.ubuntu.com/usn/usn-2723-1/
URL:www.ubuntu.com/usn/usn-2724-1/
URL:www.ubuntu.com/usn/usn-2725-1/
14.
Vulnerabilities in Apache Products
(105879, 105884)
[27/08/2015] Vulnerabilities were identified in the Apache Struts and
Apache CXF Fediz. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the system. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105879
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105884
15.
Vulnerability in Cisco ACE 4700 Series
Application Control Engine Appliances
[27/08/2015] Vulnerability was identified in the Cisco ACE 4700 Series
Application Control Engine Appliances. An attacker could bypass security
restrictions, gain elevated privileges and execute arbitrary code. This
vulnerability affects firmware version A5 Base, 3.0 of the mentioned
product.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40666
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105886
16.
Vulnerabilities in F5 Products (SOL17170,
SOL17171)
[27/08/2015]
Vulnerabilities were identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device,
BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and crash the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17170.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17171.html
17.
Vulnerability in Konica Minolta FTP
(105869)
[27/08/2015]
Vulnerability was identified in the Konica
Minolta FTP. An attacker could bypass security restrictions, cause a denial of
service condition and crash the system. This vulnerability affects version 1.0
of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105869
18.
Vulnerability in Endress+Hauser HART
Device DTM (ICSA-15-237-01)
[27/08/2015] Vulnerability was identified in the Endress+Hauser HART
Device DTM. An attacker could bypass security restrictions. This vulnerability
affects multiple versions of the mentioned products. Security patches are
available to resolve this
vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-237-01
19.
Vulnerability in OpenStack Nova
(105880)
[27/08/2015]
Vulnerability was identified in the OpenStack
Nova. An attacker could bypass security restrictions, cause a denial of service
condition and crash the system. This vulnerability affects versions 2014.2.3 or
2015.1.1 of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105880
20.
Security Updates in Debian
(DSA-3343-1)
[27/08/2015] Debian has
released security update packages for fixing the vulnerability identified in the
twig package for multiple versions of Debian GNU/Linux. An attacker could bypass
security restrictions and execute arbitrary
code.
URL:www.debian.org/security/2015/dsa-3343
21.
Security Updates in FreeBSD
(FreeBSD-SA-15:21.amd64, FreeBSD-SA-15:22.openssh)
[27/08/2015] FreeBSD has released security update packages for fixing the
vulnerabilities identified in the sys_amd64 and openssh packages for multiple
versions of FreeBSD Linux. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:21.amd64.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:22.openssh.asc
22.
Security Updates in Mageia
(MGASA-2015-0325)
[27/08/2015] Mageia has
released security update packages for fixing the vulnerability identified in the
cgit packages for multiple versions of Mageia. An attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:advisories.mageia.org/MGASA-2015-0325.html
23.
Security Updates in Ubuntu GNU/Linux
(USN-2722-1)
[27/08/2015] Ubuntu has
released security update packages for fixing the vulnerability identified in the
gdk-pixbuf packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu
GNU/Linux. An attacker could bypass security restrictions, execute arbitrary
code, cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2722-1/
24. Vulnerability in Cisco TelePresence Video
Communication Server Expressway
[26/08/2015] Vulnerability was identified in the Cisco TelePresence Video
Communication Server Expressway. An attacker could bypass security restrictions
and obtain sensitive information. This vulnerability affects firmware version
X8.5.2 of the mentioned
product.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40620
25.
Vulnerabilities in HP KeyView
(c04771027)
[26/08/2015] Vulnerabilities were identified in the HP KeyView. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the system. These vulnerabilities affect versions prior to
v10.23.0.1 or v10.24.0.1 of the mentioned product. Security patches are
available to resolve these
vulnerabilities.
URL:h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04771027
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105854
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105855
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105856
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105857
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105858
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105859
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105860
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105861
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105862
26.
Vulnerabilities in F5 Products (SOL17172,
SOL17174, SOL17175)
[26/08/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway,
BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device,
BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and crash the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17172.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17174.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17175.html
27.
Vulnerabilities in Novell NetIQ Access
Manager (5219870)
[26/08/2015] Vulnerabilities were identified in the Novell NetIQ Access
Manager. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and crash the system. These vulnerabilities affects versions
4.0 and 4.0.2 of the mentioned product. Security patches are available to
resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=hEFHOxg6tAo~
28.
Vulnerability in DSL routers
(VU#950576)
[26/08/2015] Vulnerability was identified in the DSL routers by ASUS,
DIGICOM, Observa Telecom, Philippine Long Distance Telephone (PLDT), and ZTE. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code and compromise the system. This
vulnerability affects multiple firmware versions of the mentioned
products.
URL:www.kb.cert.org/vuls/id/950576
29.
Vulnerability in
OpenSSH
[26/08/2015]
Vulnerability was identified in the OpenSSH. An
attacker could bypass security restrictions and gain elevated privileges. This
vulnerability affects versions prior to 7.1 of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:www.openssh.com/txt/release-7.1
URL:www.hkcert.org/my_url/en/alert/15082601
30.
Security Updates in Oracle Linux
(ELSA-2015-1682)
[26/08/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the thunderbird packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions, gain elevated privileges and
execute arbitrary
code.
URL:linux.oracle.com/errata/ELSA-2015-1682.html
31.
Security Updates in Mageia
(MGASA-2015-0322, MGASA-2015-0323, MGASA-2015-0324)
[26/08/2015] Mageia has released security update packages for fixing the
vulnerabilities identified in the gnutls, wireshark and vlc packages for
multiple versions of Mageia. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:advisories.mageia.org/MGASA-2015-0322.html
URL:advisories.mageia.org/MGASA-2015-0323.html
URL:advisories.mageia.org/MGASA-2015-0324.html
32.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1682-1, RHSA-2015:1683-1, RHSA-2015:1684-1, RHSA-2015:1685-1,
RHSA-2015:1686-1)
[26/08/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the thunderbird, qemu-kvm-rhev, openstack-swift, python-keystoneclient and
python-django packages for Red Hat Enterprise Linux OpenStack Platform 5, Red
Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1682.html
URL:rhn.redhat.com/errata/RHSA-2015-1683.html
URL:rhn.redhat.com/errata/RHSA-2015-1684.html
URL:rhn.redhat.com/errata/RHSA-2015-1685.html
URL:rhn.redhat.com/errata/RHSA-2015-1686.html
33.
Security Updates in Ubuntu GNU/Linux
(USN-2712-1)
[26/08/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the thunderbird packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, gain elevated privileges and execute arbitrary
code.
URL:www.ubuntu.com/usn/usn-2712-1/
34. Information Updates on Microsoft Security Bulletin
(3086251)
[25/08/2015]
Microsoft has updated information on the
Security Bulletin for Microsoft .NET Framework. MS15-092 was revised to inform
customers that on August 18, 2015, a metadata change was implemented on Windows
Update for the updates documented in this
bulletin.
URL:technet.microsoft.com/en-us/library/security/MS15-092
35.
Vulnerabilities in Trend Micro
OfficeScan
[25/08/2015]
Vulnerabilities were identified in the Trend
Micro OfficeScan 10. An attacker could bypass security restrictions, obtain
sensitive information, cause a denial of service condition and crash the system.
These vulnerabilities affect versions prior to 10.6 Service Pack 3 of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:downloadcenter.trendmicro.com/index.php?regs=NABU&clk=tbl&clkval=4153&cm_mmc=RSS-_-Download%20Center-_-product-_-5#fragment-4204
URL:docs.trendmicro.com/all/ent/officescan/v10.6/en-us/osce_10.6_sp3_cp_files.pdf
36.
Vulnerability in Cisco Prime
Infrastructure
[25/08/2015] Vulnerability was identified in the Cisco Prime
Infrastructure. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and crash the system. This vulnerability affects multiple
firmware versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40652
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105853
37.
Vulnerability in IBM WebSphere
Application Server (1962107)
[25/08/2015] Vulnerability was identified in the IBM WebSphere Application
Server. An attacker could bypass security restrictions and obtain sensitive
information. This vulnerability affects multiple versions of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:www-01.ibm.com/support/docview.wss?uid=swg21962107
38.
Vulnerabilities in F5 Products (SOL17132,
SOL17136)
[25/08/2015]
Vulnerabilities were identified in the F5 BIG-IP
LTM, #BIG-IP AAM, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM,
BIG-IP Link Controller, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM and
Traffix SDC. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and crash the system. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17132.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17136.html
39.
Vulnerability in Splunk Enterprise
(105841)
[25/08/2015]
Vulnerability was identified in the Splunk
Enterprise. An attacker could bypass security restrictions, execute arbitrary
code and perform cross-site scripting attacks. This vulnerability affects
multiple versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105841
40.
Security Updates in Oracle Linux
(ELSA-2015-1664, ELSA-2015-1665, ELSA-2015-1667,
ELSA-2015-1668)
[25/08/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the nss, mariadb and httpd packages for Oracle Linux 5, 6 and 7. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-1664.html
URL:linux.oracle.com/errata/ELSA-2015-1665.html
URL:linux.oracle.com/errata/ELSA-2015-1667.html
URL:linux.oracle.com/errata/ELSA-2015-1668.html
41.
Information Updates on Microsoft Security
Bulletins (3073094, 3078662)
[24/08/2015] Microsoft
has updated information on the Security Bulletins for Microsoft Windows,
Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft
Silverlight. (a) MS15-067 was revised to improve the Update FAQ section and the
footnote for the Affected Software table to help customers more easily identify
the correct update to apply based on the currently installed version of RDP on
Windows 7 systems. (b) MS15-080 was revised to inform customers running Windows
Vista, Server 2008 and Windows 7 that the 3078601 update on the Microsoft
Download Center was updated on August 18, 2015. Microsoft recommends that
customers who installed the 3078601 update via the Microsoft Download Center
prior to August 18 reinstall the update to be fully protected. If customers
installed update via Windows Update, Windows Update Catalog, or WSUS, no action
is
required.
URL:technet.microsoft.com/en-us/library/security/MS15-067
URL:technet.microsoft.com/en-us/library/security/MS15-080
42.
Vulnerability in Cisco Wireless LAN
Controller
[24/08/2015]
Vulnerability was identified in the Cisco
Wireless LAN Controller. An attacker could bypass security restrictions, obtain
sensitive information, cause a denial of service condition and crash the system.
This vulnerability affects firmware version 8.1 .104.37 of the mentioned
product.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40586
43.
Security Updates in Debian (DSA-3338-1,
DSA-3339-1, DSA-3340-1, DSA-3342-1)
[24/08/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the python-django, openjdk-6, zendframework and vlc packages for multiple
versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3338
URL:www.debian.org/security/2015/dsa-3339
URL:www.debian.org/security/2015/dsa-3340
URL:www.debian.org/security/2015/dsa-3342
44.
Security Updates in Mageia
(MGASA-2015-0316, MGASA-2015-0317, MGASA-2015-0318, MGASA-2015-0319,
MGASA-2015-0320, MGASA-2015-0321)
[24/08/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the x11-server, libcryptopp, php, php-apc, mediawiki and openssh packages for
multiple versions of Mageia. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0316.html
URL:advisories.mageia.org/MGASA-2015-0317.html
URL:advisories.mageia.org/MGASA-2015-0318.html
URL:advisories.mageia.org/MGASA-2015-0319.html
URL:advisories.mageia.org/MGASA-2015-0320.html
URL:advisories.mageia.org/MGASA-2015-0321.html
45.
Security Updates in Slackware
(SSA:2015-233-01)
[24/08/2015] Slackware
has released security update packages for fixing the vulnerability identified in
the gnutls package for multiple versions of Slackware Linux. An attacker could
bypass security restrictions, cause a denial of service condition and crash the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.395455
46.
Security Updates in SUSE
(SUSE-SU-2015:1421-1, SUSE-SU-2015:1424-1,
SUSE-SU-2015:1426-1)
[24/08/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the xen, glibc and kvm package of SUSE Linux Enterprise 11. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html
Source(s)
of above information:
Sunday, August 30, 2015
Sunday, August 23, 2015
IT Security Alerts Weekly Digest (16 Aug ~ 22 Aug 2015)
1. Information
Updates on Microsoft Security Bulletin (3088903)
[21/08/2015] Microsoft has updated information on the Security Bulletin for Microsoft Internet Explorer. MS15-078 was revised to announce a detection change in the 3087985 update for Internet Explorer.
URL:technet.microsoft.com/en-us/library/security/MS15-093
2. Vulnerability in Apache Tapestry (105794)
[21/08/2015] Vulnerability was identified in the Apache Tapestry. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects versions prior to 5.3.6 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105794
3. Vulnerabilities in Apple QuickTime (HT205046)
[21/08/2015] Vulnerabilities were identified in the Apple QuickTime for Windows 7 and Windows Vista. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 7.7.8 of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-us/HT205046
URL:www.us-cert.gov/ncas/current-activity/2015/08/20/Apple-Releases-Security-Update-QuickTime
4. Vulnerabilities in Cisco Products
[21/08/2015] Vulnerabilities were identified in the Cisco Prime Infrastructure and Cisco Aggregation Services Routers. An attacker could bypass security restrictions, gain elevated privileges, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities except the Cisco Prime Infrastructure.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40553
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40585
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105793
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105796
5. Vulnerability in HP-UX (c04735247)
[21/08/2015] Vulnerability was identified in the HP-UX. An attacker could bypass security restrictions and gain elevated privileges. This vulnerability affects versions 11.11, 11.23 and 11.31 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04735247
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105795
6. Vulnerability in EMC Documentum D2 (105797)
[21/08/2015] Vulnerability was identified in the EMC Documentum D2. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. This vulnerability affects versions prior to 4.5 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105797
7. Vulnerability in Micros DVR Products (VU#276148)
[21/08/2015] Vulnerability was identified in dedicated Micros DVR products, including the DV-IP Express, SD Advanced, SD, EcoSense, and DS2. An attacker could bypass security restrictions, obtain sensitive information and compromise the system. This vulnerability affects multiple versions of the mentioned products.
URL:www.kb.cert.org/vuls/id/276148
8. Vulnerabilities in Drupal (DRUPAL-SA-CORE-2015-003, DRUPAL-SA-CONTRIB-2015-139, DRUPAL-SA-CONTRIB-2015-140, DRUPAL-SA-CONTRIB-2015-141)
[21/08/2015] Vulnerabilities were identified in the Drupal. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. These vulnerabilities affects versions prior to 6.37 or 7.39 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.drupal.org/SA-CORE-2015-003
URL:www.drupal.org/node/2553971
URL:www.drupal.org/node/2553977
URL:www.drupal.org/node/2554145
URL:www.us-cert.gov/ncas/current-activity/2015/08/19/Drupal-Releases-Security-Updates
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105755
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105775
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105776
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105777
9. Vulnerability in WP Symposium plugin for WordPress (105780)
[21/08/2015] Vulnerability was identified in the WP Symposium plugin for WordPress. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects version 15.1 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105780
10. Security Updates in Debian (DSA-3341-1)
[21/08/2015] Debian has released security update packages for fixing the vulnerability identified in the conntrack package for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3341
11. Security Updates in SUSE (SUSE-SU-2015:1409-1)
[21/08/2015] SUSE has released security update packages for fixing the vulnerability identified in the kvm package of SUSE Linux Enterprise 11. An attacker could bypass security restrictions and execute arbitrary code.
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html
12. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1646-1, RHSA-2015:1647-1)
[21/08/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the rh-mariadb100-mariadb and mariadb55-mariadb packages for Red Hat Software Collections 2 for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1646.html
URL:rhn.redhat.com/errata/RHSA-2015-1647.html
13. Security Updates in Ubuntu GNU/Linux (USN-2702-3, USN-2702-2)
[21/08/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the firefox and subversion packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2702-3/
URL:www.ubuntu.com/usn/usn-2721-1/
14. Vulnerabilities in IBM WebSphere Application Server (1963275)
[20/08/2015] Vulnerabilities were identified in the IBM WebSphere Application Server. An attacker could bypass security restrictions, obtain sensitive information and gain elevated privileges. These vulnerabilities affects versions 7, 8 and 8.5 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21963275
URL:www.hkcert.org/my_url/en/alert/15082001
15. Vulnerability in Magento Community Edition (105725)
[20/08/2015] Vulnerability was identified in the Magento Community Edition. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects version 1.9.1.0 CE of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105725
16. Vulnerabilities in Django (105728, 105729)
[20/08/2015] Vulnerabilities were identified in the Django. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affects versions prior to 1.4.22, 1.7.10 or 1.8.4 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105728
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105729
17. Security Updates in NetBSD (SA2015-007, SA2015-008)
[20/08/2015] NetBSD has released security update packages for fixing the vulnerabilities identified in the openssl packages for multiple versions of NetBSD GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-007.txt.asc
URL:ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
18. Vulnerability in Microsoft Internet Explorer (MS15-093)
[19/08/2015] Vulnerability was identified in the Microsoft Internet Explorer. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise the system. This vulnerability affects all supported versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:technet.microsoft.com/en-us/library/security/MS15-093
URL:www.hkcert.org/my_url/en/alert/15081901
19. Vulnerability in Adobe LiveCycle Data Services (APSB15-20)
[19/08/2015] Vulnerability was identified in the Adobe LiveCycle Data Services. An attacker could bypass security restrictions, obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:helpx.adobe.com/content/help/en/security/products/livecycleds/apsb15-20.html
20. Vulnerabilities in Cisco Products
[19/08/2015] Vulnerabilities were identified in the Cisco Finesse, Cisco TelePresence Video Communication Server Expressway and Cisco Unified Interaction Manager. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40436
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40518
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40522
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40523
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40555
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105701
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105702
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105704
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105705
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105706
21. Vulnerability in F5 Products (SOL17047)
[19/08/2015] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/17000/000/sol17047.html
22. Vulnerabilities in Trend Micro Products
[19/08/2015] Vulnerabilities were identified in the Trend Micro Deep Discovery. An attacker bypass security restriction, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect version 3.8 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:esupport.trendmicro.com/solution/en-US/1112206.aspx
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105698
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105699
23. Vulnerability in FTP Commander (105700)
[19/08/2015] Vulnerability was identified in the FTP Commander. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects version 8.02 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105700
24. Vulnerability in Foxit Software Foxit Reader (105696)
[19/08/2015] Vulnerability was identified in the Foxit Software Foxit Reader. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects version 7.1.5 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105696
25. Vulnerability in MASM32 Quick Editor (105678)
[19/08/2015] Vulnerability was identified in the MASM32 Quick Editor. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects version 11 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105678
26. Vulnerability in PHP (105673)
[19/08/2015] Vulnerability was identified in the PHP. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105673
27. Security Updates in Oracle Linux (ELSA-2015-1640)
[19/08/2015] Oracle has released security update packages for fixing the vulnerability identified in the pam packages for Oracle Linux 6 and 7. An attacker could bypass security restriction, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-1640.html
28. Security Updates in Debian (DSA-3337-1)
[19/08/2015] Debian has released security update packages for fixing the vulnerability identified in the gdk-pixbuf package for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions and execute arbitrary code.
URL:www.debian.org/security/2015/dsa-3337
29. Security Updates in FreeBSD (FreeBSD-SA-15:20.expat)
[19/08/2015] FreeBSD has released security update packages for fixing the vulnerability identified in the libbsdxml packages for multiple versions of FreeBSD Linux. An attacker could bypass security restriction, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:20.expat.asc
30. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1640-1, RHSA-2015:1642-1, RHSA-2015:1643-1)
[19/08/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the pam, JBoss Web Server 2.1.0 and kernel packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1640.html
URL:rhn.redhat.com/errata/RHSA-2015-1642.html
URL:rhn.redhat.com/errata/RHSA-2015-1643.html
31. Security Updates in Ubuntu GNU/Linux (USN-2710-2, USN-2713-1, USN-2714-1, USN-2715-1, USN-2716-1, USN-2717-1, USN-2718-1, USN-2719-1, USN-2720-1)
[19/08/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the openssh, linux, linux-ti-omap4, linux-lts-trusty, inux-lts-utopic, linux-lts-vivid and python-django packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2710-2/
URL:www.ubuntu.com/usn/usn-2713-1/
URL:www.ubuntu.com/usn/usn-2714-1/
URL:www.ubuntu.com/usn/usn-2715-1/
URL:www.ubuntu.com/usn/usn-2716-1/
URL:www.ubuntu.com/usn/usn-2717-1/
URL:www.ubuntu.com/usn/usn-2718-1/
URL:www.ubuntu.com/usn/usn-2719-1/
URL:www.ubuntu.com/usn/usn-2720-1/
32. Vulnerability in Apache ActiveMQ (105644)
[18/08/2015] Vulnerability was identified in the Apache ActiveMQ. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and compromise the system. This vulnerability affects versions prior to 5.12.0 or 5.11.2 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105644
33. Vulnerabilities in Cisco Products
[18/08/2015] Vulnerabilities were identified in the Cisco Prime Infrastructure and Cisco NX-OS Internet Group Management Protocol. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/quickview/bug/CSCut39938
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40470
URL:www.kb.cert.org/vuls/id/300820
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105649
34. Vulnerabilities in F5 Products (SOL17049, SOL17061, SOL17113, SOL17114, SOL17115, SOL17118, SOL17120, SOL17123, SOL17124, SOL17127, SOL17130)
[18/08/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, FirePass, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC, LineRate and Traffix SDC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/000/sol17049.html
URL:support.f5.com/kb/en-us/solutions/public/17000/000/sol17061.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17113.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17114.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17115.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17118.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17120.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17123.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17124.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17127.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17130.html
35. Vulnerability in Huawei Mobile Broadband Product (Huawei-SA-20150817-01-MBB)
[18/08/2015] Vulnerability was identified in the Huawei MBB (Mobile Broadband) product E3272s. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects firmware versions prior to E3272s-153TCPU-V200R002B491D09SP00C00 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-450877.htm
36. Vulnerabilities in EMC Products (105650, 105651, 105652, 105653, 105654, 105655, 105656, 105657, 105658, 105659, 105660)
[18/08/2015] Vulnerabilities were identified in the EMC Documentum Content Server and EMC multiple RSA BSAFE products. An attacker bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105650
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105651
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105652
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105653
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105654
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105655
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105656
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105657
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105658
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105659
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105660
37. Vulnerability in Google Android (105645)
[18/08/2015] Vulnerability was identified in the Google Android. An attacker could bypass security restrictions and obtain sensitive information. The affected version was not specified.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105645
38. Security Updates in Oracle Linux (ELSA-2015-1627, ELSA-2015-1628, ELSA-2015-1633, ELSA-2015-1634, ELSA-2015-1635, ELSA-2015-1636)
[18/08/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the glibc, mysql55-mysql, subversion, sqlite and net-snmp packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-1627.html
URL:linux.oracle.com/errata/ELSA-2015-1628.html
URL:linux.oracle.com/errata/ELSA-2015-1633.html
URL:linux.oracle.com/errata/ELSA-2015-1634.html
URL:linux.oracle.com/errata/ELSA-2015-1635.html
URL:linux.oracle.com/errata/ELSA-2015-1636.html
39. Security Updates in Debian (DSA-3336-1)
[18/08/2015] Debian has released security update packages for fixing the vulnerabilities identified in the nss package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information and perform spoofing attacks.
URL:www.debian.org/security/2015/dsa-3336
40. Security Updates in Mageia (MGASA-2015-0315)
[18/08/2015] Mageia has released security update packages for fixing the vulnerability identified in the kdepim4 packages for multiple versions of Mageia. An attacker could bypass security restrictions and obtain sensitive information.
URL:advisories.mageia.org/MGASA-2015-0315.html
41. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1627-1, RHSA-2015:1628-1, RHSA-2015:1629-1, RHSA-2015:1630-1, RHSA-2015:1633-1, RHSA-2015:1634-1, RHSA-2015:1635-1, RHSA-2015:1636-1)
[18/08/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the glibc, mysql55-mysql, rh-mysql56-mysql, subversion, sqlite and net-snmp packages for Red Hat Software Collections 2, Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1627.html
URL:rhn.redhat.com/errata/RHSA-2015-1628.html
URL:rhn.redhat.com/errata/RHSA-2015-1629.html
URL:rhn.redhat.com/errata/RHSA-2015-1630.html
URL:rhn.redhat.com/errata/RHSA-2015-1633.html
URL:rhn.redhat.com/errata/RHSA-2015-1634.html
URL:rhn.redhat.com/errata/RHSA-2015-1635.html
URL:rhn.redhat.com/errata/RHSA-2015-1636.html
42. Security Updates in Ubuntu GNU/Linux (USN-2711-1)
[18/08/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the net-snmp packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2711-1/
43. Vulnerabilities in Cisco Products
[17/08/2015] Vulnerabilities were identified in the Cisco ASR 9000 Series Aggregation Services Routers, Cisco Nexus 3000 Series Switches, Cisco WebEx Node for Cisco Media Convergence Server, Cisco Unified Interaction Manager, Cisco Nexus 9000 Series Switches, Cisco FireSIGHT Management Center, Cisco TelePresence Video Communication Server, Cisco Edge 340 Series Digital Media Player, Cisco Adaptive Security Appliance, Cisco Content Security Management Appliance, Cisco Nexus Operating System Address Resolution Protocol and Cisco Unified Communications Manager. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39939
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40426
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40427
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40428
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40429
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40431
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40432
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40433
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40434
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40439
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40440
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40441
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40442
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40443
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40444
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40445
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40446
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40450
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40469
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105593
44. Vulnerabilities in Trend Micro OfficeScan
[17/08/2015] Vulnerabilities were identified in the Trend Micro OfficeScan 11. An attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 11.0 Service Pack 1 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:docs.trendmicro.com/all/ent/officescan/v11.0/en-us/osce_11.0_sp1_cp_server_readme.htm#resolved
URL:downloadcenter.trendmicro.com/index.php?regs=NABU&clk=tbl&clkval=4569&cm_mmc=RSS-_-Download%20Center-_-product-_-5
45. Vulnerabilities in OSIsoft PI Data Archive Server (ICSA-15-225-01)
[17/08/2015] Vulnerabilities were identified in the OSIsoft PI Data Archive Server. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 3.4.3950.64 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-225-01
46. Security Updates in Oracle Linux (ELSA-2015-1623, ELSA-2015-3071, ELSA-2015-3072, ELSA-2015-3073)
[17/08/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel and kernel-uek packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restriction, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-1623.html
URL:linux.oracle.com/errata/ELSA-2015-3071.html
URL:linux.oracle.com/errata/ELSA-2015-3072.html
URL:linux.oracle.com/errata/ELSA-2015-3073.html
47. Security Updates in Gentoo Linux (GLSA 201508-01, GLSA 201508-02, GLSA 201508-03)
[17/08/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the adobe-flash, libgadu and icecast packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:security.gentoo.org/glsa/201508-01
URL:security.gentoo.org/glsa/201508-02
URL:security.gentoo.org/glsa/201508-03
48. Security Updates in Mageia (MGASA-2015-0304, MGASA-2015-0305, MGASA-2015-0306, MGASA-2015-0307, MGASA-2015-0308, MGASA-2015-0309, MGASA-2015-0310, MGASA-2015-0311, MGASA-2015-0312, MGASA-2015-0313, MGASA-2015-0314)
[17/08/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the lxc, firefox, firefox-l10n, cacti, libunwind, ghostscript, wordpress,qemu, flash-player-plugin, rootcerts, nss, gdk-pixbuf2.0 and owncloud packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0304.html
URL:advisories.mageia.org/MGASA-2015-0305.html
URL:advisories.mageia.org/MGASA-2015-0306.html
URL:advisories.mageia.org/MGASA-2015-0307.html
URL:advisories.mageia.org/MGASA-2015-0308.html
URL:advisories.mageia.org/MGASA-2015-0309.html
URL:advisories.mageia.org/MGASA-2015-0310.html
URL:advisories.mageia.org/MGASA-2015-0311.html
URL:advisories.mageia.org/MGASA-2015-0312.html
URL:advisories.mageia.org/MGASA-2015-0313.html
URL:advisories.mageia.org/MGASA-2015-0314.html
49. Security Updates in Slackware (SSA:2015-226-01, SSA:2015-226-02)
[17/08/2015] Slackware has released security update packages for fixing the vulnerabilities identified in the mozilla-firefox and mozilla-thunderbird packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.312024
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360362
50. Security Updates in SUSE (openSUSE-SU-2015:1382-1, openSUSE-SU-2015:1387-1, openSUSE-SU-2015:1388-1, openSUSE-SU-2015:1389-1, openSUSE-SU-2015:1390-1, openSUSE-SU-2015:1391-1)
[17/08/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the Linux Kernel, glibc, flash-player and MozillaFirefox packages of openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00013.html
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00016.html
51. Security Updates in Ubuntu GNU/Linux (USN-2709-1, USN-2710-1)
[17/08/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the pollinate and openssh packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, perform brute-force password attacks and obtain sensitive information.
URL:www.ubuntu.com/usn/usn-2709-1/
URL:www.ubuntu.com/usn/usn-2710-1/
Source(s) of above information:AdobeAppleCERT/CCCiscoDebianDrupalF5FreeBSDHKCERTHuaweiIBMIBM ISSMageiaMicrosoftNetBSDopenSUSEOracleRed HatSlackwareTrend MicroUbuntuUS-CERT
[21/08/2015] Microsoft has updated information on the Security Bulletin for Microsoft Internet Explorer. MS15-078 was revised to announce a detection change in the 3087985 update for Internet Explorer.
URL:technet.microsoft.com/en-us/library/security/MS15-093
2. Vulnerability in Apache Tapestry (105794)
[21/08/2015] Vulnerability was identified in the Apache Tapestry. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects versions prior to 5.3.6 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105794
3. Vulnerabilities in Apple QuickTime (HT205046)
[21/08/2015] Vulnerabilities were identified in the Apple QuickTime for Windows 7 and Windows Vista. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 7.7.8 of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-us/HT205046
URL:www.us-cert.gov/ncas/current-activity/2015/08/20/Apple-Releases-Security-Update-QuickTime
4. Vulnerabilities in Cisco Products
[21/08/2015] Vulnerabilities were identified in the Cisco Prime Infrastructure and Cisco Aggregation Services Routers. An attacker could bypass security restrictions, gain elevated privileges, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities except the Cisco Prime Infrastructure.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40553
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40585
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105793
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105796
5. Vulnerability in HP-UX (c04735247)
[21/08/2015] Vulnerability was identified in the HP-UX. An attacker could bypass security restrictions and gain elevated privileges. This vulnerability affects versions 11.11, 11.23 and 11.31 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04735247
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105795
6. Vulnerability in EMC Documentum D2 (105797)
[21/08/2015] Vulnerability was identified in the EMC Documentum D2. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. This vulnerability affects versions prior to 4.5 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105797
7. Vulnerability in Micros DVR Products (VU#276148)
[21/08/2015] Vulnerability was identified in dedicated Micros DVR products, including the DV-IP Express, SD Advanced, SD, EcoSense, and DS2. An attacker could bypass security restrictions, obtain sensitive information and compromise the system. This vulnerability affects multiple versions of the mentioned products.
URL:www.kb.cert.org/vuls/id/276148
8. Vulnerabilities in Drupal (DRUPAL-SA-CORE-2015-003, DRUPAL-SA-CONTRIB-2015-139, DRUPAL-SA-CONTRIB-2015-140, DRUPAL-SA-CONTRIB-2015-141)
[21/08/2015] Vulnerabilities were identified in the Drupal. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. These vulnerabilities affects versions prior to 6.37 or 7.39 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.drupal.org/SA-CORE-2015-003
URL:www.drupal.org/node/2553971
URL:www.drupal.org/node/2553977
URL:www.drupal.org/node/2554145
URL:www.us-cert.gov/ncas/current-activity/2015/08/19/Drupal-Releases-Security-Updates
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105755
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105775
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105776
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105777
9. Vulnerability in WP Symposium plugin for WordPress (105780)
[21/08/2015] Vulnerability was identified in the WP Symposium plugin for WordPress. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects version 15.1 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105780
10. Security Updates in Debian (DSA-3341-1)
[21/08/2015] Debian has released security update packages for fixing the vulnerability identified in the conntrack package for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3341
11. Security Updates in SUSE (SUSE-SU-2015:1409-1)
[21/08/2015] SUSE has released security update packages for fixing the vulnerability identified in the kvm package of SUSE Linux Enterprise 11. An attacker could bypass security restrictions and execute arbitrary code.
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html
12. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1646-1, RHSA-2015:1647-1)
[21/08/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the rh-mariadb100-mariadb and mariadb55-mariadb packages for Red Hat Software Collections 2 for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1646.html
URL:rhn.redhat.com/errata/RHSA-2015-1647.html
13. Security Updates in Ubuntu GNU/Linux (USN-2702-3, USN-2702-2)
[21/08/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the firefox and subversion packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2702-3/
URL:www.ubuntu.com/usn/usn-2721-1/
14. Vulnerabilities in IBM WebSphere Application Server (1963275)
[20/08/2015] Vulnerabilities were identified in the IBM WebSphere Application Server. An attacker could bypass security restrictions, obtain sensitive information and gain elevated privileges. These vulnerabilities affects versions 7, 8 and 8.5 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21963275
URL:www.hkcert.org/my_url/en/alert/15082001
15. Vulnerability in Magento Community Edition (105725)
[20/08/2015] Vulnerability was identified in the Magento Community Edition. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects version 1.9.1.0 CE of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105725
16. Vulnerabilities in Django (105728, 105729)
[20/08/2015] Vulnerabilities were identified in the Django. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affects versions prior to 1.4.22, 1.7.10 or 1.8.4 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105728
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105729
17. Security Updates in NetBSD (SA2015-007, SA2015-008)
[20/08/2015] NetBSD has released security update packages for fixing the vulnerabilities identified in the openssl packages for multiple versions of NetBSD GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-007.txt.asc
URL:ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
18. Vulnerability in Microsoft Internet Explorer (MS15-093)
[19/08/2015] Vulnerability was identified in the Microsoft Internet Explorer. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise the system. This vulnerability affects all supported versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:technet.microsoft.com/en-us/library/security/MS15-093
URL:www.hkcert.org/my_url/en/alert/15081901
19. Vulnerability in Adobe LiveCycle Data Services (APSB15-20)
[19/08/2015] Vulnerability was identified in the Adobe LiveCycle Data Services. An attacker could bypass security restrictions, obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:helpx.adobe.com/content/help/en/security/products/livecycleds/apsb15-20.html
20. Vulnerabilities in Cisco Products
[19/08/2015] Vulnerabilities were identified in the Cisco Finesse, Cisco TelePresence Video Communication Server Expressway and Cisco Unified Interaction Manager. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40436
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40518
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40522
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40523
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40555
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105701
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105702
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105704
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105705
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105706
21. Vulnerability in F5 Products (SOL17047)
[19/08/2015] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/17000/000/sol17047.html
22. Vulnerabilities in Trend Micro Products
[19/08/2015] Vulnerabilities were identified in the Trend Micro Deep Discovery. An attacker bypass security restriction, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect version 3.8 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:esupport.trendmicro.com/solution/en-US/1112206.aspx
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105698
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105699
23. Vulnerability in FTP Commander (105700)
[19/08/2015] Vulnerability was identified in the FTP Commander. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects version 8.02 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105700
24. Vulnerability in Foxit Software Foxit Reader (105696)
[19/08/2015] Vulnerability was identified in the Foxit Software Foxit Reader. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects version 7.1.5 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105696
25. Vulnerability in MASM32 Quick Editor (105678)
[19/08/2015] Vulnerability was identified in the MASM32 Quick Editor. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects version 11 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105678
26. Vulnerability in PHP (105673)
[19/08/2015] Vulnerability was identified in the PHP. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105673
27. Security Updates in Oracle Linux (ELSA-2015-1640)
[19/08/2015] Oracle has released security update packages for fixing the vulnerability identified in the pam packages for Oracle Linux 6 and 7. An attacker could bypass security restriction, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-1640.html
28. Security Updates in Debian (DSA-3337-1)
[19/08/2015] Debian has released security update packages for fixing the vulnerability identified in the gdk-pixbuf package for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions and execute arbitrary code.
URL:www.debian.org/security/2015/dsa-3337
29. Security Updates in FreeBSD (FreeBSD-SA-15:20.expat)
[19/08/2015] FreeBSD has released security update packages for fixing the vulnerability identified in the libbsdxml packages for multiple versions of FreeBSD Linux. An attacker could bypass security restriction, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:20.expat.asc
30. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1640-1, RHSA-2015:1642-1, RHSA-2015:1643-1)
[19/08/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the pam, JBoss Web Server 2.1.0 and kernel packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1640.html
URL:rhn.redhat.com/errata/RHSA-2015-1642.html
URL:rhn.redhat.com/errata/RHSA-2015-1643.html
31. Security Updates in Ubuntu GNU/Linux (USN-2710-2, USN-2713-1, USN-2714-1, USN-2715-1, USN-2716-1, USN-2717-1, USN-2718-1, USN-2719-1, USN-2720-1)
[19/08/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the openssh, linux, linux-ti-omap4, linux-lts-trusty, inux-lts-utopic, linux-lts-vivid and python-django packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2710-2/
URL:www.ubuntu.com/usn/usn-2713-1/
URL:www.ubuntu.com/usn/usn-2714-1/
URL:www.ubuntu.com/usn/usn-2715-1/
URL:www.ubuntu.com/usn/usn-2716-1/
URL:www.ubuntu.com/usn/usn-2717-1/
URL:www.ubuntu.com/usn/usn-2718-1/
URL:www.ubuntu.com/usn/usn-2719-1/
URL:www.ubuntu.com/usn/usn-2720-1/
32. Vulnerability in Apache ActiveMQ (105644)
[18/08/2015] Vulnerability was identified in the Apache ActiveMQ. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and compromise the system. This vulnerability affects versions prior to 5.12.0 or 5.11.2 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105644
33. Vulnerabilities in Cisco Products
[18/08/2015] Vulnerabilities were identified in the Cisco Prime Infrastructure and Cisco NX-OS Internet Group Management Protocol. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/quickview/bug/CSCut39938
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40470
URL:www.kb.cert.org/vuls/id/300820
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105649
34. Vulnerabilities in F5 Products (SOL17049, SOL17061, SOL17113, SOL17114, SOL17115, SOL17118, SOL17120, SOL17123, SOL17124, SOL17127, SOL17130)
[18/08/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, FirePass, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC, LineRate and Traffix SDC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/000/sol17049.html
URL:support.f5.com/kb/en-us/solutions/public/17000/000/sol17061.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17113.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17114.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17115.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17118.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17120.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17123.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17124.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17127.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17130.html
35. Vulnerability in Huawei Mobile Broadband Product (Huawei-SA-20150817-01-MBB)
[18/08/2015] Vulnerability was identified in the Huawei MBB (Mobile Broadband) product E3272s. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects firmware versions prior to E3272s-153TCPU-V200R002B491D09SP00C00 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-450877.htm
36. Vulnerabilities in EMC Products (105650, 105651, 105652, 105653, 105654, 105655, 105656, 105657, 105658, 105659, 105660)
[18/08/2015] Vulnerabilities were identified in the EMC Documentum Content Server and EMC multiple RSA BSAFE products. An attacker bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105650
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105651
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105652
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105653
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105654
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105655
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105656
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105657
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105658
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105659
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105660
37. Vulnerability in Google Android (105645)
[18/08/2015] Vulnerability was identified in the Google Android. An attacker could bypass security restrictions and obtain sensitive information. The affected version was not specified.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105645
38. Security Updates in Oracle Linux (ELSA-2015-1627, ELSA-2015-1628, ELSA-2015-1633, ELSA-2015-1634, ELSA-2015-1635, ELSA-2015-1636)
[18/08/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the glibc, mysql55-mysql, subversion, sqlite and net-snmp packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-1627.html
URL:linux.oracle.com/errata/ELSA-2015-1628.html
URL:linux.oracle.com/errata/ELSA-2015-1633.html
URL:linux.oracle.com/errata/ELSA-2015-1634.html
URL:linux.oracle.com/errata/ELSA-2015-1635.html
URL:linux.oracle.com/errata/ELSA-2015-1636.html
39. Security Updates in Debian (DSA-3336-1)
[18/08/2015] Debian has released security update packages for fixing the vulnerabilities identified in the nss package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information and perform spoofing attacks.
URL:www.debian.org/security/2015/dsa-3336
40. Security Updates in Mageia (MGASA-2015-0315)
[18/08/2015] Mageia has released security update packages for fixing the vulnerability identified in the kdepim4 packages for multiple versions of Mageia. An attacker could bypass security restrictions and obtain sensitive information.
URL:advisories.mageia.org/MGASA-2015-0315.html
41. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1627-1, RHSA-2015:1628-1, RHSA-2015:1629-1, RHSA-2015:1630-1, RHSA-2015:1633-1, RHSA-2015:1634-1, RHSA-2015:1635-1, RHSA-2015:1636-1)
[18/08/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the glibc, mysql55-mysql, rh-mysql56-mysql, subversion, sqlite and net-snmp packages for Red Hat Software Collections 2, Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1627.html
URL:rhn.redhat.com/errata/RHSA-2015-1628.html
URL:rhn.redhat.com/errata/RHSA-2015-1629.html
URL:rhn.redhat.com/errata/RHSA-2015-1630.html
URL:rhn.redhat.com/errata/RHSA-2015-1633.html
URL:rhn.redhat.com/errata/RHSA-2015-1634.html
URL:rhn.redhat.com/errata/RHSA-2015-1635.html
URL:rhn.redhat.com/errata/RHSA-2015-1636.html
42. Security Updates in Ubuntu GNU/Linux (USN-2711-1)
[18/08/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the net-snmp packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2711-1/
43. Vulnerabilities in Cisco Products
[17/08/2015] Vulnerabilities were identified in the Cisco ASR 9000 Series Aggregation Services Routers, Cisco Nexus 3000 Series Switches, Cisco WebEx Node for Cisco Media Convergence Server, Cisco Unified Interaction Manager, Cisco Nexus 9000 Series Switches, Cisco FireSIGHT Management Center, Cisco TelePresence Video Communication Server, Cisco Edge 340 Series Digital Media Player, Cisco Adaptive Security Appliance, Cisco Content Security Management Appliance, Cisco Nexus Operating System Address Resolution Protocol and Cisco Unified Communications Manager. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=39939
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40426
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40427
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40428
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40429
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40431
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40432
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40433
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40434
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40439
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40440
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40441
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40442
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40443
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40444
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40445
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40446
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40450
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40469
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105593
44. Vulnerabilities in Trend Micro OfficeScan
[17/08/2015] Vulnerabilities were identified in the Trend Micro OfficeScan 11. An attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 11.0 Service Pack 1 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:docs.trendmicro.com/all/ent/officescan/v11.0/en-us/osce_11.0_sp1_cp_server_readme.htm#resolved
URL:downloadcenter.trendmicro.com/index.php?regs=NABU&clk=tbl&clkval=4569&cm_mmc=RSS-_-Download%20Center-_-product-_-5
45. Vulnerabilities in OSIsoft PI Data Archive Server (ICSA-15-225-01)
[17/08/2015] Vulnerabilities were identified in the OSIsoft PI Data Archive Server. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 3.4.3950.64 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-225-01
46. Security Updates in Oracle Linux (ELSA-2015-1623, ELSA-2015-3071, ELSA-2015-3072, ELSA-2015-3073)
[17/08/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel and kernel-uek packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restriction, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-1623.html
URL:linux.oracle.com/errata/ELSA-2015-3071.html
URL:linux.oracle.com/errata/ELSA-2015-3072.html
URL:linux.oracle.com/errata/ELSA-2015-3073.html
47. Security Updates in Gentoo Linux (GLSA 201508-01, GLSA 201508-02, GLSA 201508-03)
[17/08/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the adobe-flash, libgadu and icecast packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:security.gentoo.org/glsa/201508-01
URL:security.gentoo.org/glsa/201508-02
URL:security.gentoo.org/glsa/201508-03
48. Security Updates in Mageia (MGASA-2015-0304, MGASA-2015-0305, MGASA-2015-0306, MGASA-2015-0307, MGASA-2015-0308, MGASA-2015-0309, MGASA-2015-0310, MGASA-2015-0311, MGASA-2015-0312, MGASA-2015-0313, MGASA-2015-0314)
[17/08/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the lxc, firefox, firefox-l10n, cacti, libunwind, ghostscript, wordpress,qemu, flash-player-plugin, rootcerts, nss, gdk-pixbuf2.0 and owncloud packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0304.html
URL:advisories.mageia.org/MGASA-2015-0305.html
URL:advisories.mageia.org/MGASA-2015-0306.html
URL:advisories.mageia.org/MGASA-2015-0307.html
URL:advisories.mageia.org/MGASA-2015-0308.html
URL:advisories.mageia.org/MGASA-2015-0309.html
URL:advisories.mageia.org/MGASA-2015-0310.html
URL:advisories.mageia.org/MGASA-2015-0311.html
URL:advisories.mageia.org/MGASA-2015-0312.html
URL:advisories.mageia.org/MGASA-2015-0313.html
URL:advisories.mageia.org/MGASA-2015-0314.html
49. Security Updates in Slackware (SSA:2015-226-01, SSA:2015-226-02)
[17/08/2015] Slackware has released security update packages for fixing the vulnerabilities identified in the mozilla-firefox and mozilla-thunderbird packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.312024
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360362
50. Security Updates in SUSE (openSUSE-SU-2015:1382-1, openSUSE-SU-2015:1387-1, openSUSE-SU-2015:1388-1, openSUSE-SU-2015:1389-1, openSUSE-SU-2015:1390-1, openSUSE-SU-2015:1391-1)
[17/08/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the Linux Kernel, glibc, flash-player and MozillaFirefox packages of openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00013.html
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00016.html
51. Security Updates in Ubuntu GNU/Linux (USN-2709-1, USN-2710-1)
[17/08/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the pollinate and openssh packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, perform brute-force password attacks and obtain sensitive information.
URL:www.ubuntu.com/usn/usn-2709-1/
URL:www.ubuntu.com/usn/usn-2710-1/
Source(s) of above information:AdobeAppleCERT/CCCiscoDebianDrupalF5FreeBSDHKCERTHuaweiIBMIBM ISSMageiaMicrosoftNetBSDopenSUSEOracleRed HatSlackwareTrend MicroUbuntuUS-CERT
Subscribe to:
Posts (Atom)