1. Vulnerabilities in IBM Notes and Domino
(1963812)
[14/08/2015]
Vulnerabilities were identified in the IBM Notes
and Domino. An attacker could gain access to the system and obtain sensitive
information. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21963812
2. Vulnerabilities in Apple Products (HT205030, HT205031,
HT205032, HT205033)
[14/08/2015] Vulnerabilities were identified in the Apple iOS, OS X and
Safari. An attacker could bypass security restrictions, execute arbitrary code,
obtain sensitive information and cause a denial of service condition. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:support.apple.com/en-hk/HT205030
URL:support.apple.com/en-hk/HT205031
URL:support.apple.com/en-hk/HT205032
URL:support.apple.com/en-hk/HT205033
3. Vulnerabilities in Rockwell Automation devices
(ICS-ALERT-15-225-01, ICS-ALERT-15-225-02)
[14/08/2015] Vulnerabilities were identified in the Rockwell Automation
devices web interface. An attacker could perform cross-site scripting attacks,
execute arbitrary code and cause a denial of service condition. These
vulnerabilities affect 1769-L18ER, A LOGIX5318ER, 1766-L32BWAA, 1766-L32BXBA
models of the mentioned
products.
URL:ics-cert.us-cert.gov/alerts/ICS-ALERT-15-225-01
URL:ics-cert.us-cert.gov/alerts/ICS-ALERT-15-225-02
4. Vulnerability in KAKO HMI Products
(ICS-ALERT-15-224-01)
[14/08/2015] Vulnerability was identified in the KAKO HMI products. An
attacker could execute arbitrary code and take control of the products. The
affected versions were not
specified.
URL:ics-cert.us-cert.gov/alerts/ICS-ALERT-15-224-01
5. Vulnerabilities in Schneider Electric Products
(ICS-ALERT-15-224-02)
[14/08/2015] Vulnerabilities were identified in several Schneider
Electric's Modicon M340 PLC Station P34 CPU modules. An attacker could execute
arbitrary code, perform directory traversal attacks and cause a denial of
service condition. The affected versions were not
specified.
URL:ics-cert.us-cert.gov/alerts/ICS-ALERT-15-224-02
6. Vulnerabilities in Prisma web products
(ICS-ALERT-15-224-03)
[14/08/2015] Vulnerabilities were identified in the Prisma web products.
An attacker could change configuration and execute arbitrary code. The affected
versions were not
specified.
URL:ics-cert.us-cert.gov/alerts/ICS-ALERT-15-224-03
7. Vulnerabilities in Moxa ioLogik E2210
(ICS-ALERT-15-224-04)
[14/08/2015] Vulnerabilities were identified in the Ethernet Micro RTU
controller of the Moxa ioLogik E2210. An attacker could obtain unauthorised
access. The affected versions were not
specified.
URL:ics-cert.us-cert.gov/alerts/ICS-ALERT-15-224-04
8. Vulnerabilities in Google
Andriod
[14/08/2015]
Vulnerabilities were identified in the messaging
app of the Google Andriod. An attacker could crash the application and
manipulate SMS/MMS data. These vulnerabilities affect multiple versions of the
mentioned
product.
URL:www.hkcert.org/my_url/en/alert/15081301
9. Security Updates in Debian
(DSA-3335-1)
[14/08/2015] Debian has
released security update packages for fixing the vulnerability identified in the
request-tracker4 package for multiple versions of Debian GNU/Linux. An attacker
could perform cross-site scripting
attacks.
URL:www.debian.org/security/2015/dsa-3335
10.
Security Updates in SUSE
(SUSE-SU-2015:1379-1, SUSE-SU-2015:1380-1)
[14/08/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the MozillaFirefox package of SUSE Linux Enterprise 11 and 12. Due to multiple
errors, an attacker could bypass security restrictions and gain elevated
privileges.
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html
11.
Vulnerability in Mozilla Firefox (MFSA
2015-93)
[13/08/2015]
Vulnerability was identified in the Mozilla
Firefox. An attacker could gain crash the system. This vulnerability affects
versions prior to 38 of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-93/
12.
Vulnerability in Lenovo Service Engine
BIOS (LEN-2015-020, LEN-2015-077)
[13/08/2015] Vulnerability was identified in the Lenovo Service Engine
BIOS. An attacker could take control of an affected system. This vulnerability
affects multiple models of Lenovo notebooks and desktops. Security patches are
available to resolve this
vulnerability.
URL:support.lenovo.com/us/en/product_security/lse_bios_notebook
URL:support.lenovo.com/us/en/product_security/lse_bios_desktop
URL:www.us-cert.gov/ncas/current-activity/2015/08/12/Lenovo-Service-Engine-LSE-BIOS-Vulnerability
13.
Vulnerability in GnuTLS
(GNUTLS-SA-2015-3)
[13/08/2015] Vulnerability was identified in the GnuTLS. An attacker could
crash the application. This vulnerability affects versions prior to 3.3.17 and
3.4.4 of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:www.gnutls.org/security.html#GNUTLS-SA-2015-3
URL:www.hkcert.org/my_url/en/alert/15081217
14.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1603-1)
[13/08/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the Adobe Flash Player package for Red Hat Enterprise Linux 5 and 6. Due to
multiple errors, an attacker could crash the system and execute arbitrary
code.
URL:rhn.redhat.com/errata/RHSA-2015-1603.html
15.
Security Updates in SUSE
(SUSE-SU-2015:1373-1, SUSE-SU-2015:1374-1, SUSE-SU-2015:1375-1,
SUSE-SU-2015:1376-1)
[13/08/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the flash-player, java-1_7_0-ibm and Real Time Linux Kernel packages of SUSE
Linux Enterprise 11 and 12. Due to multiple errors, an attacker could bypass
security restrictions, gain elevated privileges, cause a denial of service
condition, execute arbitrary code and obtain sensitive
information.
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00004.html
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00006.html
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00007.html
16.
Security Updates in Debian (DSA-3328-1,
DSA-3330-1, DSA-3331-1, DSA-3332-1, DSA-3333-1,
DSA-3334-1)
[13/08/2015] Debian has
released security update packages for fixing the vulnerability identified in the
wordpress, activemq, subversion, iceweasel and gnutls28 packages for multiple
versions of Debian GNU/Linux. Due to multiple errors, an attacker could perform
cross-site scripting attacks, gain elevated privileges, cause a denial of
service condition, perform code injection attacks, obtain sensitive information,
execute arbitrary code and crash the
application.
URL:www.debian.org/security/2015/dsa-3328
URL:www.debian.org/security/2015/dsa-3330
URL:www.debian.org/security/2015/dsa-3331
URL:www.debian.org/security/2015/dsa-3332
URL:www.debian.org/security/2015/dsa-3333
URL:www.debian.org/security/2015/dsa-3334
17.
Vulnerabilities in Microsoft Products
(MS15-079, MS15-080, MS15-081, MS15-082, MS15-083, MS15-084, MS15-085, MS15-086,
MS15-087, MS15-088, MS15-089, MS15-090, MS15-091,
MS15-092)
[12/08/2015]
Vulnerabilities were identified in the Microsoft
Windows, Microsoft Internet Explorer, Microsoft .NET Framework, Microsoft
Office, Microsoft Lync, Microsoft Silverlight, Microsoft Server Software and
Microsoft Edge. An attacker could perform remote code execution, gain elevated
privileges and obtain sensitive information. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:technet.microsoft.com/en-us/library/security/ms15-aug.aspx
URL:technet.microsoft.com/library/security/MS15-079
URL:technet.microsoft.com/library/security/MS15-080
URL:technet.microsoft.com/library/security/MS15-081
URL:technet.microsoft.com/library/security/MS15-082
URL:technet.microsoft.com/library/security/MS15-083
URL:technet.microsoft.com/library/security/MS15-084
URL:technet.microsoft.com/library/security/MS15-085
URL:technet.microsoft.com/library/security/MS15-086
URL:technet.microsoft.com/library/security/MS15-087
URL:technet.microsoft.com/library/security/MS15-088
URL:technet.microsoft.com/library/security/MS15-089
URL:technet.microsoft.com/library/security/MS15-090
URL:technet.microsoft.com/library/security/MS15-091
URL:technet.microsoft.com/library/security/MS15-092
URL:www.hkcert.org/my_url/en/alert/15081201
URL:www.hkcert.org/my_url/en/alert/15081202
URL:www.hkcert.org/my_url/en/alert/15081203
URL:www.hkcert.org/my_url/en/alert/15081204
URL:www.hkcert.org/my_url/en/alert/15081205
URL:www.hkcert.org/my_url/en/alert/15081206
URL:www.hkcert.org/my_url/en/alert/15081207
URL:www.hkcert.org/my_url/en/alert/15081208
URL:www.hkcert.org/my_url/en/alert/15081209
URL:www.hkcert.org/my_url/en/alert/15081210
URL:www.hkcert.org/my_url/en/alert/15081211
URL:www.hkcert.org/my_url/en/alert/15081212
URL:www.hkcert.org/my_url/en/alert/15081213
URL:www.hkcert.org/my_url/en/alert/15081214
URL:www.us-cert.gov/ncas/current-activity/2015/08/11/Microsoft-Releases-August-2015-Security-Bulletin
18.
Vulnerabilities in Adobe Flash Player
(APSB15-19)
[12/08/2015] Vulnerabilities were identified in the Adobe Flash Player. An
attacker could gain execute arbitrary code, cause a buffer overflow and take
control of the affected system. These vulnerabilities affect multiple versions
of the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:helpx.adobe.com/security/products/flash-player/apsb15-19.html
URL:technet.microsoft.com/en-us/library/security/2755801
URL:www.hkcert.org/my_url/en/alert/15081215
URL:www.us-cert.gov/ncas/current-activity/2015/08/11/Adobe-Releases-Security-Updates-Flash-Player
19.
Vulnerabilities in Mozilla Firefox (MFSA
2015-79, MFSA 2015-80, MFSA 2015-81, MFSA 2015-82, MFSA 2015-83, MFSA 2015-84,
MFSA 2015-85, MFSA 2015-86, MFSA 2015-87, MFSA 2015-88, MFSA 2015-89, MFSA
2015-90, MFSA 2015-91, MFSA 2015-92)
[12/08/2015] Vulnerabilities were identified in the Mozilla Firefox. An
attacker could gain execute arbitrary code, crash the application, bypass
security restrictions and perform cross-site scripting attacks. These
vulnerabilities affect multiple versions of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-79/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-80/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-81/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-82/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-83/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-84/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-85/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-86/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-87/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-88/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-89/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-90/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-91/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-92/
URL:www.hkcert.org/my_url/en/alert/15081216
URL:www.us-cert.gov/ncas/current-activity/2015/08/11/Mozilla-Releases-Security-Updates-Firefox-Firefox-ESR-and-Firefox
20. Vulnerability in Schneider Electric IMT25 DTM
component (ICSA-15-223-01)
[12/08/2015] Vulnerability was identified in the Schneider Electric IMT25
DTM component. An attacker could cause a denial of service condition and execute
arbitrary code. This vulnerability affects versions 1.500.000 and prior of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-223-01
21.
Vulnerabilities in Actiontec GT784WN
Wireless N DSL Modem (VU#335192)
[12/08/2015] Vulnerabilities were identified in the Actiontec GT784WN
Wireless N DSL Modem. An attacker could gain escalated privileges, perform
cross-site request forgery attacks and execute arbitrary code. These
vulnerabilities affect versions NCS01-1.0.12 and prior of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:www.kb.cert.org/vuls/id/335192
22.
Vulnerabilities in Mobile Devices C4 ODB2
dongle (VU#209512)
[12/08/2015] Vulnerabilities were identified in the Mobile Devices C4 ODB2
dongle. An attacker could execute arbitrary code and take complete control of
the devices. The affected version was not specified. Security patches are
available to resolve these
vulnerabilities.
URL:www.kb.cert.org/vuls/id/209512
23.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1583-1, RHSA-2015:1586-1)
[12/08/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the kernel and firefox packages for Red Hat Enterprise Linux 5, 6, and 7. Due
to multiple errors, an attacker could gain escalated privileges, crash the
system and execute arbitrary
code.
URL:rhn.redhat.com/errata/RHSA-2015-1583.html
URL:rhn.redhat.com/errata/RHSA-2015-1586.html
24.
Security Updates in Ubuntu GNU/Linux
(USN-2702-1, USN-2702-2)
[12/08/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the firefox and ubufox packages for versions 12.04 LTS, 14.04 LTS and 15.04 of
Ubuntu GNU/Linux. Due to multiple errors, an attacker could cause a denial of
service condition, crash the system, execute arbitrary code and obtain sensitive
information.
URL:www.ubuntu.com/usn/usn-2702-1/
URL:www.ubuntu.com/usn/usn-2702-2/
25.
Security Updates in Oracle Linux
(ELSA-2015-1586)
[12/08/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the firefox package for Oracle Linux 5, 6 and 7. Due to multiple errors, an
attacker could cause a denial of service condition, crash the system and execute
arbitrary
code.
URL:linux.oracle.com/errata/ELSA-2015-1586.html
26.
Vulnerabilities in Xen (105253,
105254)
[11/08/2015]
Vulnerabilities were identified in the Xen. An
attacker could gain elevated privileges and obtain sensitive information. These
vulnerabilities affect multiple versions of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105253
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105254
27.
Vulnerability in devscripts
(105242)
[11/08/2015]
Vulnerability was identified in the devscripts.
An attacker could execute arbitrary code. This vulnerability affects multiple
versions of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105242
28.
Vulnerabilities in Linux Kernel (105236,
105237)
[11/08/2015]
Vulnerabilities were identified in the Linux
Kernel. An attacker could execute arbitrary code. These vulnerabilities affect
multiple versions of the mentioned product. Security patches are available to
resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105236
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105237
29.
Vulnerabilities in IBM Domino Web Server
(1963016)
[10/08/2015]
Vulnerabilities were identified in the IBM
Domino Web Server. An attacker could perform cross-site scripting attacks. These
vulnerabilities affect versions prior to 8.5.3 Fix Pack 6 and 9.0.1 Fix Pack 3
of the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:www-01.ibm.com/support/docview.wss?uid=swg21963016
30.
Vulnerabilities in Huawei Android
Products (Huawei-SA-20150809-01-Android)
[10/08/2015] Vulnerabilities were identified in the Huawei Honor 7 and P8.
A remote attacker could execute arbitrary code. These vulnerabilities affect
multiple versions of the mentioned
products.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-448928.htm
31.
Vulnerability in Sierra Wireless GX, ES,
and LS gateway devices (VU#628568)
[10/08/2015] Vulnerability was identified in the Sierra Wireless GX, ES,
and LS gateway devices running ALEOS. An attacker could gain full control of an
affected device. This vulnerability affects mentioned devices running ALEOS
versions 4.4.1 and earlier. Security patches are available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/628568
32.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1581-1)
[10/08/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the firefox package for Red Hat Enterprise Linux 5, 6, and 7. An attacker
could obtain sensitive
information.
URL:rhn.redhat.com/errata/RHSA-2015-1581.html
33.
Security Updates in Ubuntu GNU/Linux
(USN-2707-1)
[10/08/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the firefox package for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu
GNU/Linux. An attacker could obtain sensitive
information.
URL:www.ubuntu.com/usn/usn-2707-1/
34.
Security Updates in Debian
(DSA-3329-1)
[10/08/2015] Debian has
released security update packages for fixing the vulnerability identified in the
linux package for multiple versions of Debian GNU/Linux. Due to multiple errors,
an attacker could gain escalated privileges, cause a denial of service condition
and obtain sensitive
information.
URL:www.debian.org/security/2015/dsa-3329
35.
Security Updates in Oracle Linux
(ELSA-2015-1581)
[10/08/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the firefox package for Oracle Linux 5, 6 and 7. Due to multiple errors, an
attacker could obtain sensitive
information.
URL:linux.oracle.com/errata/ELSA-2015-1581.html
36.
Security Updates in Slackware
(SSA:2015-219-02)
[10/08/2015] Slackware
has released security update packages for fixing the vulnerability identified in
the mozilla-nss package for multiple versions of Slackware Linux. An attacker
could obtain sensitive
information.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.387488
Source(s)
of above information:
No comments:
Post a Comment