1. Vulnerability
in Cisco Prime Network Registrar
[18/09/2015] Vulnerability was identified in the Cisco Prime Network
Registrar. An attacker could bypass security restrictions, gain elevated
privileges and compromise the system. This vulnerability affects versions
8.1.3.3 , 8.2.3 or 8.3.2 of the mentioned
product.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=41041
2. Vulnerability in Harman-Kardon Uconnect
(ICSA-15-260-01)
[18/09/2015] Vulnerability was identified in the Harman-Kardon Uconnect.
An attacker could bypass security restrictions, gain elevated privileges,
execute arbitrary code and compromise the system. This vulnerability affects
versions 8.4AN, RA3 or RA4 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-260-01
3. Vulnerability in Pentaho GA PDI and Pentaho GA BA
(106392)
[18/09/2015]
Vulnerability was identified in the Pentaho GA
PDI and Pentaho GA BA. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code and
compromise the system. This vulnerability affects version 5.2 of the mentioned
products. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106392
4. Security Updates in Mageia (MGASA-2015-0375,
MGASA-2015-0376, MGASA-2015-0377)
[18/09/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the ganglia-web, icedtea-web and wordpress packages for multiple versions of
Mageia. Due to multiple errors, an attacker could bypass security restrictions,
gain elevated privileges and execute arbitrary code on the
system.
URL:advisories.mageia.org/MGASA-2015-0375.html
URL:advisories.mageia.org/MGASA-2015-0376.html
URL:advisories.mageia.org/MGASA-2015-0377.html
5. Vulnerabilities in ISC BIND
9
[17/09/2015] Vulnerabilities were identified in the ISC BIND 9. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. These vulnerabilities affect versions prior to 9.9.8,
9.9.8-S1 or 9.10.3 of the mentioned product. Security patches are available to
resolve these
vulnerabilities.
URL:kb.isc.org/article/AA-01305
URL:kb.isc.org/article/AA-01306
URL:kb.isc.org/article/AA-01307
URL:www.us-cert.gov/ncas/current-activity/2015/09/16/Internet-Systems-Consortium-ISC-Releases-Security-Updates-BIND
6. Vulnerabilities in Apple Products (HT205212, HT205217,
HT205219, HT205221)
[17/09/2015] Vulnerabilities were identified in the Apple iOS, Xcode, OS X
Server and iTunes. An attacker could bypass security restrictions, obtain
sensitive information, excite arbitrary code, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple versions
of the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:support.apple.com/kb/HT205212
URL:support.apple.com/kb/HT205217
URL:support.apple.com/kb/HT205219
URL:support.apple.com/kb/HT205221
7. Vulnerabilities in Cisco Products
(cisco-sa-20150916-pca, cisco-sa-20150916-pcp,
cisco-sa-20150916-tps)
[17/09/2015] Vulnerabilities were identified in the Cisco Prime
Collaboration Assurance Software, Cisco Prime Collaboration Provisioning
Software, Cisco TelePresence Server software, Cisco Nexus 9000 Series Switches
and Cisco IOS XE. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pca
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pcp
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40520
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40990
URL:tools.cisco.com/security/center/viewAlert.x?alertId=41006
8. Vulnerabilities in F5 Products
(SOL17263)
[17/09/2015]
Vulnerabilities were identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP
PSM, BIG-IP WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ
Device, BIG-IQ Security, BIG-IQ ADC and Traffix SDC. An attacker could bypass
security restrictions, obtain sensitive information and gain elevated
privileges. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17263.html
9. Vulnerabilities in Symantec Web Gateway Appliance
management console (SYM15-009)
[17/09/2015] Vulnerabilities were identified in the Symantec Web Gateway
(SWG) Appliance management console. An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges and execute
arbitrary code on the system. These vulnerabilities affect versions prior to
v5.0.0.1277 of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20150916_00
10.
Vulnerability in VMware vCenter Server
(VMSA-2015-0006)
[17/09/2015] Vulnerability was identified in the VMware vCenter Server. An
attacker could bypass security restrictions. This vulnerability affects multiple
versions of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:www.vmware.com/security/advisories/VMSA-2015-0006.html
URL:www.hkcert.org/my_url/en/alert/15091701
11.
Vulnerabilities in
WordPress
[17/09/2015]
Vulnerabilities were identified in the
WordPress. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code and compromise the
system. These vulnerabilities affect versions prior to 4.3.1 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:wordpress.org/news/2015/09/wordpress-4-3-1/
URL:www.us-cert.gov/ncas/current-activity/2015/09/15/WordPress-Releases-Security-Update
12.
Security Updates in Oracle Linux
(ELSA-2015-3078)
[17/09/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the kernel packages for Oracle Linux 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, cause
a denial of service condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-3078.html
13.
Security Updates in Mageia
(MGASA-2015-0368, MGASA-2015-0369, MGASA-2015-0370, MGASA-2015-0371,
MGASA-2015-0372, MGASA-2015-0373, MGASA-2015-0374)
[17/09/2015] Mageia has released security update packages for fixing the
vulnerabilities identified in the qemu, php-ZendFramework, php-ZendFramework2,
ipython, spice and openldap packages for multiple versions of Mageia. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0368.html
URL:advisories.mageia.org/MGASA-2015-0369.html
URL:advisories.mageia.org/MGASA-2015-0370.html
URL:advisories.mageia.org/MGASA-2015-0371.html
URL:advisories.mageia.org/MGASA-2015-0372.html
URL:advisories.mageia.org/MGASA-2015-0373.html
URL:advisories.mageia.org/MGASA-2015-0374.html
14.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1808-1)
[17/09/2015] Red Hat
has released security update packages for fixing the vulnerability identified in
the rubygem-openshift-origin-console packages for Red Hat OpenShift Enterprise
2.2. An attacker could bypass security restrictions, gain elevated privileges
and execute arbitrary code on the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1808.html
15.
Security Updates in Ubuntu GNU/Linux
(USN-2740-1, USN-2741-1, USN-2742-1)
[17/09/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the icu, unity-settings-daemon and openldap packages for versions 12.04 LTS,
14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:www.ubuntu.com/usn/usn-2740-1/
URL:www.ubuntu.com/usn/usn-2741-1/
URL:www.ubuntu.com/usn/usn-2742-1/
16.
Information Updates on Microsoft Security
Bulletin (3089664)
[16/09/2015] Microsoft
has updated information on the Security Bulletin for Microsoft Office. MS15-99
was revised to announce that the 3088502 update for Microsoft Office for Mac
2016 is
available.
URL:technet.microsoft.com/en-us/library/security/MS15-099
17.
Vulnerability in Schneider Electric
StruxureWare Building Expert (ICSA-15-258-01)
[16/09/2015] Vulnerability was identified in the Schneider Electric
StruxureWare Building Expert. An attacker could obtain sensitive information.
This vulnerability affects versions prior to 2.15 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-258-01
18.
Vulnerability in CODESYS Gateway Server
(ICSA-15-258-02)
[16/09/2015] Vulnerability was identified in the CODESYS Gateway Server.
An attacker could cause a buffer overflow and perform remote code execution.
This vulnerability affects versions 2.3.9.46 and prior versions of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-258-02
19.
Vulnerabilities in GE Products
(ICSA-15-258-03)
[16/09/2015] Vulnerabilities were identified in the GE MDS PulseNET and
MDS PulseNET Enterprise. An attacker could perform path traversal attack and
take complete control of the affected system. These vulnerabilities affect
versions 2.3.9.46 and prior versions of the mentioned product. Security patches
are available to resolve these
vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-258-03
20.
Security Updates in Debian
(DSA-3360-1)
[16/09/2015] Debian has
released security update packages for fixing the vulnerability identified in the
icu package for multiple versions of Debian GNU/Linux. Due to multiple errors,
an attacker could cause a denial of service
condition.
URL:www.debian.org/security/2015/dsa-3360
21.
Security Updates in Oracle Linux
(ELSA-2015-1778, ELSA-2015-1793)
[16/09/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the kernel and qemu-kvm packages for Oracle Linux 7. Due to multiple errors, an
attacker could cause a denial of service condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-1778.html
URL:linux.oracle.com/errata/ELSA-2015-1793.html
22.
Information Updates on Microsoft Security
Bulletin (3089952)
[15/09/2015] Microsoft
has updated information on the Security Bulletin for Skype for Business Server
and Microsoft Lync Server. MS15-104 was revised to update the prerequisite
detail in the Update FAQ
section.
URL:technet.microsoft.com/en-us/library/security/MS15-104
23.
Vulnerability in IBM HTTP Server
(1963362)
[15/09/2015]
Vulnerability was identified in the IBM HTTP
Server. An attacker could bypass security restrictions, cause a denial of
service condition and crash the system. This vulnerability affects versions
prior to 8.0.0.12 or 8.5.5.7 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:www.ibm.com/support/docview.wss?uid=swg21963362
URL:www.hkcert.org/my_url/en/alert/15091401
24.
Vulnerability in F5 Products
(SOL17256)
[15/09/2015]
Vulnerability was identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
DNS, BIG-IP Link Controller, BIG-IP PEM and Traffix SDC. An attacker could
bypass security restrictions, cause a denial of service condition and crash the
system. This vulnerability affects multiple versions of the mentioned products.
Security patches are available to resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17256.html
25.
Vulnerabilities in
PHP
[15/09/2015] Vulnerabilities were identified in the PHP. An
attacker could bypass security restrictions, obtain sensitive information and
execute arbitrary code on the system. These vulnerabilities affect versions
prior to 5.4.45, 5.5.29 or 5.6.13 of the mentioned product. Security patches are
available to resolve these
vulnerabilities.
URL:www.php.net/ChangeLog-5.php#5.4.45
URL:www.php.net/ChangeLog-5.php#5.5.29
URL:www.php.net/ChangeLog-5.php#5.6.13
URL:www.hkcert.org/my_url/en/alert/15091501
26.
Security Updates in Debian (DSA-3357-1,
DSA-3359-1)
[15/09/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the vzctl and virtualbox packages for multiple versions of Debian GNU/Linux. Due
to multiple errors, an attacker could bypass security restrictions, gain
elevated privileges and execute arbitrary code and compromise the
system.
URL:www.debian.org/security/2015/dsa-3357
URL:www.debian.org/security/2015/dsa-3359
27.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1772-1)
[15/09/2015] Red Hat
has released security update packages for fixing the vulnerability identified in
the qemu-kvm-rhev packages for Red Hat Enterprise Linux OpenStack Platform 5.0,
6.0 and 7.0, for Red Hat Enterprise Linux 7. An attacker could bypass security
restrictions and execute arbitrary code on the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1772.html
28.
Vulnerabilities in IBM Sametime Community
Server (1965920)
[14/09/2015] Vulnerabilities were identified in the IBM Sametime Community
Server. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect versions 8.5.2 and 9 of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21965920
29.
Vulnerabilities in F5 Traffix SDC
(SOL17255, SOL17257)
[14/09/2015] Vulnerabilities were identified in the F5 Traffix SDC. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. These vulnerabilities affect multiple versions of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17255.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17257.html
30.
Vulnerability in Magento
(106329)
[14/09/2015]
Vulnerability was identified in the Magento. An
attacker could bypass security restrictions and execute arbitrary code on the
system. This vulnerability affects version prior to 1.9.2.1 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106329
31.
Vulnerabilities in Japan Connected-free
Wi-Fi (106301, 106302)
[14/09/2015] Vulnerabilities were identified in the Japan Connected-free
Wi-Fi. An attacker could bypass security restrictions, execute arbitrary code
and perform cross-site scripting attacks. These vulnerabilities affect versions
1.6.0 for Android and 1.0.2 for iOS of the mentioned product. Security patches
are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106301
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106302
32.
Vulnerability in Mozilla Bugzilla
(106311)
[14/09/2015]
Vulnerability was identified in the Mozilla
Bugzilla. An attacker could bypass security restrictions. This vulnerability
affects multiple versions of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106311
33.
Security Updates in Debian (DSA-3356-1,
DSA-3358-1)
[14/09/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the openldap and php5 packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges and execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3356
URL:www.debian.org/security/2015/dsa-3358
34.
Security Updates in Mageia
(MGASA-2015-0359, MGASA-2015-0360, MGASA-2015-0361, MGASA-2015-0362,
MGASA-2015-0363, MGASA-2015-0364, MGASA-2015-0365, MGASA-2015-0366,
MGASA-2015-0367)
[14/09/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the gnupg, gnupg2, libgcrypt, xfsprogs, mariadb, conntrack-tools, libvdpau, php,
phpmyadmin and freetype2 packages for multiple versions of Mageia. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0359.html
URL:advisories.mageia.org/MGASA-2015-0360.html
URL:advisories.mageia.org/MGASA-2015-0361.html
URL:advisories.mageia.org/MGASA-2015-0362.html
URL:advisories.mageia.org/MGASA-2015-0363.html
URL:advisories.mageia.org/MGASA-2015-0364.html
URL:advisories.mageia.org/MGASA-2015-0365.html
URL:advisories.mageia.org/MGASA-2015-0366.html
URL:advisories.mageia.org/MGASA-2015-0367.html
Sunday, September 20, 2015
Sunday, September 13, 2015
IT Security Alerts Weekly Digest (6 Sep ~ 12 Sep 2015)
1. Vulnerability
in IBM HTTP Server (1965419)
[11/09/2015] Vulnerability was identified in the IBM HTTP Server. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code on the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.ibm.com/support/docview.wss?uid=swg21965419
URL:www.hkcert.org/my_url/en/alert/15091001
2. Vulnerability in Auto-Exchanger (106270)
[11/09/2015] Vulnerability was identified in the Auto-Exchanger. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site request forgery attacks. This vulnerability affects version 5.1.0 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106270
3. Vulnerabilities in Synology Products (106282, 106283, 106285)
[11/09/2015] Vulnerabilities were identified in Synology Video Station and Synology Download Station. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross-site scripting attacks and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106282
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106283
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106285
4. Vulnerability in SAP NetWeaver AS ABAP (106277)
[11/09/2015] Vulnerability was identified in the SAP NetWeaver AS ABAP. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code on the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106277
5. Vulnerabilities in Yokogawa Products (ICSA-15-253-01)
[11/09/2015] Vulnerabilities were identified in multiple Yokogawa Products. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-253-01
6. Vulnerability in OpenLDAP
[11/09/2015] Vulnerability was identified in the OpenLDAP. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects versions 2.4.42 and prior of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.hkcert.org/my_url/en/alert/15091101
7. Security Updates in Debian (DSA-3355-1)
[11/09/2015] Debian has released security update packages for fixing the vulnerabilities identified in the libvdpau packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges and execute arbitrary code.
URL:www.debian.org/security/2015/dsa-3355
8. Security Updates in SUSE (SUSE-SU-2015:1528-1)
[11/09/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the MozillaFirefox and mozilla-nss packages of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
9. Security Updates in Ubuntu GNU/Linux (USN-2739-1)
[11/09/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the freetype packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2739-1/
10. Information Updates on Microsoft Security Bulletin (3078662)
[10/09/2015] Microsoft has updated information on the Security Bulletin for Microsoft Windows. MS15-080 was revised to add an Update FAQ that explains why customers running Office 2010 on Windows Vista and later versions of Windows are not being offered the 3054846 update.
URL:technet.microsoft.com/en-us/library/security/MS15-080
11. Vulnerabilities in Cisco Products
[10/09/2015] Vulnerabilities were identified in the Cisco Email Security Appliance, Cisco Web Security Appliance. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40844
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40846
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40896
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106263
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106253
12. Vulnerability in HP UCMDB (c04790231)
[10/09/2015] Vulnerability was identified in the HP UCMDB. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04790231
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106262
13. Vulnerabilities in F5 Products (SOL17242, SOL17248, SOL17251, SOL17253)
[10/09/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC and Traffix SDC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17242.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17248.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17251.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17253.html
14. Vulnerabilities in Huawei Products (Huawei-SA-20150909-02-U1900, Huawei-SA-20150909-01-mDNS, Huawei-SA-20150909-02-FusionAccess, Huawei-SA-20150909-01-U1900)
[10/09/2015] Vulnerabilities were identified in Huawei eSpace U1900 switch series, mDNS module in Huawei WLAN AC products and Huawei FusionAccess. An attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-453506.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-453516.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-453537.htm
URL:www.huawei.com/ilink/en/security/psirt/security-bulletins/security-advisories/HW_453512
15. Vulnerabilities in EMC RSA Identity Management and Governance (106258, 106259)
[10/09/2015] Vulnerabilities were identified in the EMC RSA Identity Management and Governance. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106258
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106259
16. Security Updates in SUSE (SUSE-SU-2015:1519-1)
[10/09/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the qemu packages of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html
17. Security Updates in Ubuntu GNU/Linux (USN-2737-1, USN-2738-1)
[10/09/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux-lts-vivid and linux packages for versions 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2737-1/
URL:www.ubuntu.com/usn/usn-2738-1/
18. Vulnerabilities in Microsoft Products (3072595, 3083992, 3087918, 3089250, 3089548, 3089656, 3089657, 3089662, 3089664, 3089665, 3089669, 3089952, 3091287)
[09/09/2015] Vulnerabilities were identified in the Microsoft Internet Explorer, Edge, Active Directory, Windows, Office, Lync, .NET Framework, Exchange Server and Skype for Business Server. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:technet.microsoft.com/en-us/library/security/ms15-sep.aspx
URL:technet.microsoft.com/library/security/3083992.aspx
URL:technet.microsoft.com/library/security/ms15-094
URL:technet.microsoft.com/library/security/ms15-095
URL:technet.microsoft.com/library/security/ms15-096
URL:technet.microsoft.com/library/security/ms15-097
URL:technet.microsoft.com/library/security/ms15-098
URL:technet.microsoft.com/library/security/ms15-099
URL:technet.microsoft.com/library/security/ms15-100
URL:technet.microsoft.com/library/security/ms15-101
URL:technet.microsoft.com/library/security/ms15-102
URL:technet.microsoft.com/library/security/ms15-103
URL:technet.microsoft.com/library/security/ms15-104
URL:technet.microsoft.com/library/security/ms15-105
URL:www.hkcert.org/my_url/en/alert/15090901
URL:www.hkcert.org/my_url/en/alert/15090902
URL:www.hkcert.org/my_url/en/alert/15090903
URL:www.hkcert.org/my_url/en/alert/15090904
URL:www.hkcert.org/my_url/en/alert/15090905
URL:www.hkcert.org/my_url/en/alert/15090906
URL:www.hkcert.org/my_url/en/alert/15090907
URL:www.hkcert.org/my_url/en/alert/15090908
URL:www.hkcert.org/my_url/en/alert/15090909
URL:www.hkcert.org/my_url/en/alert/15090910
URL:www.hkcert.org/my_url/en/alert/15090911
URL:www.hkcert.org/my_url/en/alert/15090912
URL:www.us-cert.gov/ncas/current-activity/2015/09/08/Microsoft-Releases-September-2015-Security-Bulletin
19. Information Updates on Microsoft Security Bulletin (3073921)
[09/09/2015] Microsoft has updated information on the Security Bulletin for Microsoft Windows. MS15-083 was re-released for affected editions of Windows Vista and Windows Server 2008. Customers running Windows Vista or Windows Server 2008 who previously installed the update should reinstall the update to be fully protected from the vulnerability.
URL:technet.microsoft.com/en-us/library/security/MS15-083
20. Vulnerabilities in Adobe Shockwave Player (APSB15-22)
[09/09/2015] Vulnerabilities were identified in the Adobe Shockwave Player. An attacker could bypass security restrictions and execute arbitrary code on the system. These vulnerabilities affect versions prior to 12.2.0.162 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:helpx.adobe.com/security/products/shockwave/apsb15-22.html
URL:www.hkcert.org/my_url/en/alert/15090913
URL:www.us-cert.gov/ncas/current-activity/2015/09/08/Adobe-Releases-Security-Update-Shockwave-Player
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106205
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106206
21. Vulnerabilities in Cisco Products
[09/09/2015] Vulnerabilities were identified in the Cisco Application Visibility and Control software, Cisco Security Management Appliance and Cisco Sourcefire User Agent. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities in Cisco Application Visibility and Control software and Cisco Sourcefire User Agent.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40845
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40847
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106207
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106209
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106219
22. Vulnerabilities in F5 Products (SOL17155, SOL17199, SOL17235, SOL17237, SOL17238, SOL17239, SOL17241, SOL17244, SOL17245, SOL17246)
[09/09/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC and Traffix SDC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17155.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17199.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17235.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17237.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17238.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17239.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17241.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17244.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17245.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17246.html
23. Vulnerabilities in Advantech WebAccess (ICSA-15-251-01)
[09/09/2015] Vulnerabilities were identified in the Advantech WebAccess. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect version 8.0 and prior of the mentioned product.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-251-01
24. Vulnerabilities in Seagate and LaCie wireless storage Products (VU#903500)
[09/09/2015] Vulnerabilities were identified in Seagate and LaCie wireless storage Products. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities identified in the Seagate products.
URL:www.kb.cert.org/vuls/id/903500
25. Security Updates in Oracle Linux (ELSA-2015-1741, ELSA-2015-1742)
[09/09/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the haproxy and subversion packages for Oracle Linux 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-1741.html
URL:linux.oracle.com/errata/ELSA-2015-1742.html
26. Security Updates in Debian (DSA-3354-1)
[09/09/2015] Debian has released security update packages for fixing the vulnerability identified in the spice packages for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3354
27. Security Updates in Mageia (MGASA-2015-0335, MGASA-2015-0336, MGASA-2015-0337, MGASA-2015-0338, MGASA-2015-0339, MGASA-2015-0340, MGASA-2015-0341, MGASA-2015-0342, MGASA-2015-0343, MGASA-2015-0344, MGASA-2015-0345, MGASA-2015-0346, MGASA-2015-0347, MGASA-2015-0348, MGASA-2015-0349, MGASA-2015-0350, MGASA-2015-0351, MGASA-2015-0352, MGASA-2015-0353, MGASA-2015-0354, MGASA-2015-0355, MGASA-2015-0356, MGASA-2015-0357, MGASA-2015-0358)
[09/09/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the squashfs-tools, hplip, openafs, lighttpd, freeimage, jsoup, bind, iceape, pcre, webmin, ruby-RubyGems, ruby-rack, squid, ntp, libidn, xmltooling, opensaml, struts, util-linux, vorbis-tools, screen, pure-ftpd, chromium-browser-stable, php and libxml2 packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0335.html
URL:advisories.mageia.org/MGASA-2015-0336.html
URL:advisories.mageia.org/MGASA-2015-0337.html
URL:advisories.mageia.org/MGASA-2015-0338.html
URL:advisories.mageia.org/MGASA-2015-0339.html
URL:advisories.mageia.org/MGASA-2015-0340.html
URL:advisories.mageia.org/MGASA-2015-0341.html
URL:advisories.mageia.org/MGASA-2015-0342.html
URL:advisories.mageia.org/MGASA-2015-0343.html
URL:advisories.mageia.org/MGASA-2015-0344.html
URL:advisories.mageia.org/MGASA-2015-0345.html
URL:advisories.mageia.org/MGASA-2015-0346.html
URL:advisories.mageia.org/MGASA-2015-0347.html
URL:advisories.mageia.org/MGASA-2015-0348.html
URL:advisories.mageia.org/MGASA-2015-0349.html
URL:advisories.mageia.org/MGASA-2015-0350.html
URL:advisories.mageia.org/MGASA-2015-0351.html
URL:advisories.mageia.org/MGASA-2015-0352.html
URL:advisories.mageia.org/MGASA-2015-0353.html
URL:advisories.mageia.org/MGASA-2015-0354.html
URL:advisories.mageia.org/MGASA-2015-0355.html
URL:advisories.mageia.org/MGASA-2015-0356.html
URL:advisories.mageia.org/MGASA-2015-0357.html
URL:advisories.mageia.org/MGASA-2015-0358.html
28. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1741-1, RHSA-2015:1742-1)
[09/09/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the haproxy and subversion packages for Red Hat Enterprise 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-1741.html
URL:rhn.redhat.com/errata/RHSA-2015-1742.html
29. Security Updates in SUSE (SUSE-SU-2015:1509-1)
[09/09/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the java-1_6_0-ibm packages of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html
30. Security Updates in Ubuntu GNU/Linux (USN-2735-1, USN-2736-1)
[09/09/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the oxide-qt and spice packages for versions 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2735-1/
URL:www.ubuntu.com/usn/usn-2736-1/
31. Vulnerability in Webroot SecureAnywhere Mobile Protection (106189)
[08/09/2015] Vulnerability was identified in the Webroot SecureAnywhere Mobile Protection for iOS mobile application. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects versions prior to 1.5.1 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106189
32. Security Updates in Debian (DSA-3353-1)
[08/09/2015] Debian has released security update packages for fixing the vulnerability identified in the openslp-dfsg packages for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3353
33. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1740-1)
[08/09/2015] Red Hat has released security update packages for fixing the vulnerability identified in the qemu-kvm-rhev packages for Red Hat Enterprise Virtualization 3. An attacker could bypass security restrictions and obtain sensitive information.
URL:rhn.redhat.com/errata/RHSA-2015-1740.html
34. Security Updates in SUSE (SUSE-SU-2015:1504-1)
[08/09/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the MozillaFirefox packages of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00013.html
35. Vulnerability in Apache Struts (S2-025)
[07/09/2015] Vulnerability was identified in the Apache Struts. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects versions prior to 2.3.20 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:struts.apache.org/docs/s2-025.html
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106172
36. Vulnerabilities in F5 Products (SOL16728, SOL17181, SOL17227)
[07/09/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/700/sol16728.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17181.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17227.html
37. Vulnerability in Avaya One-X Agent (106136)
[07/09/2015] Vulnerability was identified in the Avaya One-X Agent. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects version 2.5.50022.0 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106136
38. Security Updates in Debian (DSA-3351-1, DSA-3352-1)
[07/09/2015] Debian has released security update packages for fixing the vulnerabilities identified in the chromium-browser and screen packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2015/dsa-3351
URL:www.debian.org/security/2015/dsa-3352
39. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1623-2)
[07/09/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the kernel packages for Red Hat Enterprise Linux 6. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-1623.html
40. Security Updates in SUSE (SUSE-SU-2015:1487-1, SUSE-SU-2015:1488-1, SUSE-SU-2015:1489-1, SUSE-SU-2015:1490-1, SUSE-SU-2015:1491-1, SUSE-SU-2015:1496-1)
[07/09/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the Linux Kernel and bind packages of SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00012.html
[11/09/2015] Vulnerability was identified in the IBM HTTP Server. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code on the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.ibm.com/support/docview.wss?uid=swg21965419
URL:www.hkcert.org/my_url/en/alert/15091001
2. Vulnerability in Auto-Exchanger (106270)
[11/09/2015] Vulnerability was identified in the Auto-Exchanger. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site request forgery attacks. This vulnerability affects version 5.1.0 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106270
3. Vulnerabilities in Synology Products (106282, 106283, 106285)
[11/09/2015] Vulnerabilities were identified in Synology Video Station and Synology Download Station. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross-site scripting attacks and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106282
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106283
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106285
4. Vulnerability in SAP NetWeaver AS ABAP (106277)
[11/09/2015] Vulnerability was identified in the SAP NetWeaver AS ABAP. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code on the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106277
5. Vulnerabilities in Yokogawa Products (ICSA-15-253-01)
[11/09/2015] Vulnerabilities were identified in multiple Yokogawa Products. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-253-01
6. Vulnerability in OpenLDAP
[11/09/2015] Vulnerability was identified in the OpenLDAP. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects versions 2.4.42 and prior of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.hkcert.org/my_url/en/alert/15091101
7. Security Updates in Debian (DSA-3355-1)
[11/09/2015] Debian has released security update packages for fixing the vulnerabilities identified in the libvdpau packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges and execute arbitrary code.
URL:www.debian.org/security/2015/dsa-3355
8. Security Updates in SUSE (SUSE-SU-2015:1528-1)
[11/09/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the MozillaFirefox and mozilla-nss packages of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
9. Security Updates in Ubuntu GNU/Linux (USN-2739-1)
[11/09/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the freetype packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2739-1/
10. Information Updates on Microsoft Security Bulletin (3078662)
[10/09/2015] Microsoft has updated information on the Security Bulletin for Microsoft Windows. MS15-080 was revised to add an Update FAQ that explains why customers running Office 2010 on Windows Vista and later versions of Windows are not being offered the 3054846 update.
URL:technet.microsoft.com/en-us/library/security/MS15-080
11. Vulnerabilities in Cisco Products
[10/09/2015] Vulnerabilities were identified in the Cisco Email Security Appliance, Cisco Web Security Appliance. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40844
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40846
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40896
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106263
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106253
12. Vulnerability in HP UCMDB (c04790231)
[10/09/2015] Vulnerability was identified in the HP UCMDB. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04790231
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106262
13. Vulnerabilities in F5 Products (SOL17242, SOL17248, SOL17251, SOL17253)
[10/09/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC and Traffix SDC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17242.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17248.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17251.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17253.html
14. Vulnerabilities in Huawei Products (Huawei-SA-20150909-02-U1900, Huawei-SA-20150909-01-mDNS, Huawei-SA-20150909-02-FusionAccess, Huawei-SA-20150909-01-U1900)
[10/09/2015] Vulnerabilities were identified in Huawei eSpace U1900 switch series, mDNS module in Huawei WLAN AC products and Huawei FusionAccess. An attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-453506.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-453516.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-453537.htm
URL:www.huawei.com/ilink/en/security/psirt/security-bulletins/security-advisories/HW_453512
15. Vulnerabilities in EMC RSA Identity Management and Governance (106258, 106259)
[10/09/2015] Vulnerabilities were identified in the EMC RSA Identity Management and Governance. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106258
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106259
16. Security Updates in SUSE (SUSE-SU-2015:1519-1)
[10/09/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the qemu packages of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html
17. Security Updates in Ubuntu GNU/Linux (USN-2737-1, USN-2738-1)
[10/09/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux-lts-vivid and linux packages for versions 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2737-1/
URL:www.ubuntu.com/usn/usn-2738-1/
18. Vulnerabilities in Microsoft Products (3072595, 3083992, 3087918, 3089250, 3089548, 3089656, 3089657, 3089662, 3089664, 3089665, 3089669, 3089952, 3091287)
[09/09/2015] Vulnerabilities were identified in the Microsoft Internet Explorer, Edge, Active Directory, Windows, Office, Lync, .NET Framework, Exchange Server and Skype for Business Server. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:technet.microsoft.com/en-us/library/security/ms15-sep.aspx
URL:technet.microsoft.com/library/security/3083992.aspx
URL:technet.microsoft.com/library/security/ms15-094
URL:technet.microsoft.com/library/security/ms15-095
URL:technet.microsoft.com/library/security/ms15-096
URL:technet.microsoft.com/library/security/ms15-097
URL:technet.microsoft.com/library/security/ms15-098
URL:technet.microsoft.com/library/security/ms15-099
URL:technet.microsoft.com/library/security/ms15-100
URL:technet.microsoft.com/library/security/ms15-101
URL:technet.microsoft.com/library/security/ms15-102
URL:technet.microsoft.com/library/security/ms15-103
URL:technet.microsoft.com/library/security/ms15-104
URL:technet.microsoft.com/library/security/ms15-105
URL:www.hkcert.org/my_url/en/alert/15090901
URL:www.hkcert.org/my_url/en/alert/15090902
URL:www.hkcert.org/my_url/en/alert/15090903
URL:www.hkcert.org/my_url/en/alert/15090904
URL:www.hkcert.org/my_url/en/alert/15090905
URL:www.hkcert.org/my_url/en/alert/15090906
URL:www.hkcert.org/my_url/en/alert/15090907
URL:www.hkcert.org/my_url/en/alert/15090908
URL:www.hkcert.org/my_url/en/alert/15090909
URL:www.hkcert.org/my_url/en/alert/15090910
URL:www.hkcert.org/my_url/en/alert/15090911
URL:www.hkcert.org/my_url/en/alert/15090912
URL:www.us-cert.gov/ncas/current-activity/2015/09/08/Microsoft-Releases-September-2015-Security-Bulletin
19. Information Updates on Microsoft Security Bulletin (3073921)
[09/09/2015] Microsoft has updated information on the Security Bulletin for Microsoft Windows. MS15-083 was re-released for affected editions of Windows Vista and Windows Server 2008. Customers running Windows Vista or Windows Server 2008 who previously installed the update should reinstall the update to be fully protected from the vulnerability.
URL:technet.microsoft.com/en-us/library/security/MS15-083
20. Vulnerabilities in Adobe Shockwave Player (APSB15-22)
[09/09/2015] Vulnerabilities were identified in the Adobe Shockwave Player. An attacker could bypass security restrictions and execute arbitrary code on the system. These vulnerabilities affect versions prior to 12.2.0.162 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:helpx.adobe.com/security/products/shockwave/apsb15-22.html
URL:www.hkcert.org/my_url/en/alert/15090913
URL:www.us-cert.gov/ncas/current-activity/2015/09/08/Adobe-Releases-Security-Update-Shockwave-Player
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106205
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106206
21. Vulnerabilities in Cisco Products
[09/09/2015] Vulnerabilities were identified in the Cisco Application Visibility and Control software, Cisco Security Management Appliance and Cisco Sourcefire User Agent. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities in Cisco Application Visibility and Control software and Cisco Sourcefire User Agent.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40845
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40847
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106207
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106209
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106219
22. Vulnerabilities in F5 Products (SOL17155, SOL17199, SOL17235, SOL17237, SOL17238, SOL17239, SOL17241, SOL17244, SOL17245, SOL17246)
[09/09/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC and Traffix SDC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17155.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17199.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17235.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17237.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17238.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17239.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17241.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17244.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17245.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17246.html
23. Vulnerabilities in Advantech WebAccess (ICSA-15-251-01)
[09/09/2015] Vulnerabilities were identified in the Advantech WebAccess. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect version 8.0 and prior of the mentioned product.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-251-01
24. Vulnerabilities in Seagate and LaCie wireless storage Products (VU#903500)
[09/09/2015] Vulnerabilities were identified in Seagate and LaCie wireless storage Products. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities identified in the Seagate products.
URL:www.kb.cert.org/vuls/id/903500
25. Security Updates in Oracle Linux (ELSA-2015-1741, ELSA-2015-1742)
[09/09/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the haproxy and subversion packages for Oracle Linux 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-1741.html
URL:linux.oracle.com/errata/ELSA-2015-1742.html
26. Security Updates in Debian (DSA-3354-1)
[09/09/2015] Debian has released security update packages for fixing the vulnerability identified in the spice packages for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3354
27. Security Updates in Mageia (MGASA-2015-0335, MGASA-2015-0336, MGASA-2015-0337, MGASA-2015-0338, MGASA-2015-0339, MGASA-2015-0340, MGASA-2015-0341, MGASA-2015-0342, MGASA-2015-0343, MGASA-2015-0344, MGASA-2015-0345, MGASA-2015-0346, MGASA-2015-0347, MGASA-2015-0348, MGASA-2015-0349, MGASA-2015-0350, MGASA-2015-0351, MGASA-2015-0352, MGASA-2015-0353, MGASA-2015-0354, MGASA-2015-0355, MGASA-2015-0356, MGASA-2015-0357, MGASA-2015-0358)
[09/09/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the squashfs-tools, hplip, openafs, lighttpd, freeimage, jsoup, bind, iceape, pcre, webmin, ruby-RubyGems, ruby-rack, squid, ntp, libidn, xmltooling, opensaml, struts, util-linux, vorbis-tools, screen, pure-ftpd, chromium-browser-stable, php and libxml2 packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0335.html
URL:advisories.mageia.org/MGASA-2015-0336.html
URL:advisories.mageia.org/MGASA-2015-0337.html
URL:advisories.mageia.org/MGASA-2015-0338.html
URL:advisories.mageia.org/MGASA-2015-0339.html
URL:advisories.mageia.org/MGASA-2015-0340.html
URL:advisories.mageia.org/MGASA-2015-0341.html
URL:advisories.mageia.org/MGASA-2015-0342.html
URL:advisories.mageia.org/MGASA-2015-0343.html
URL:advisories.mageia.org/MGASA-2015-0344.html
URL:advisories.mageia.org/MGASA-2015-0345.html
URL:advisories.mageia.org/MGASA-2015-0346.html
URL:advisories.mageia.org/MGASA-2015-0347.html
URL:advisories.mageia.org/MGASA-2015-0348.html
URL:advisories.mageia.org/MGASA-2015-0349.html
URL:advisories.mageia.org/MGASA-2015-0350.html
URL:advisories.mageia.org/MGASA-2015-0351.html
URL:advisories.mageia.org/MGASA-2015-0352.html
URL:advisories.mageia.org/MGASA-2015-0353.html
URL:advisories.mageia.org/MGASA-2015-0354.html
URL:advisories.mageia.org/MGASA-2015-0355.html
URL:advisories.mageia.org/MGASA-2015-0356.html
URL:advisories.mageia.org/MGASA-2015-0357.html
URL:advisories.mageia.org/MGASA-2015-0358.html
28. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1741-1, RHSA-2015:1742-1)
[09/09/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the haproxy and subversion packages for Red Hat Enterprise 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-1741.html
URL:rhn.redhat.com/errata/RHSA-2015-1742.html
29. Security Updates in SUSE (SUSE-SU-2015:1509-1)
[09/09/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the java-1_6_0-ibm packages of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html
30. Security Updates in Ubuntu GNU/Linux (USN-2735-1, USN-2736-1)
[09/09/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the oxide-qt and spice packages for versions 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2735-1/
URL:www.ubuntu.com/usn/usn-2736-1/
31. Vulnerability in Webroot SecureAnywhere Mobile Protection (106189)
[08/09/2015] Vulnerability was identified in the Webroot SecureAnywhere Mobile Protection for iOS mobile application. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects versions prior to 1.5.1 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106189
32. Security Updates in Debian (DSA-3353-1)
[08/09/2015] Debian has released security update packages for fixing the vulnerability identified in the openslp-dfsg packages for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3353
33. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1740-1)
[08/09/2015] Red Hat has released security update packages for fixing the vulnerability identified in the qemu-kvm-rhev packages for Red Hat Enterprise Virtualization 3. An attacker could bypass security restrictions and obtain sensitive information.
URL:rhn.redhat.com/errata/RHSA-2015-1740.html
34. Security Updates in SUSE (SUSE-SU-2015:1504-1)
[08/09/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the MozillaFirefox packages of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00013.html
35. Vulnerability in Apache Struts (S2-025)
[07/09/2015] Vulnerability was identified in the Apache Struts. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects versions prior to 2.3.20 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:struts.apache.org/docs/s2-025.html
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106172
36. Vulnerabilities in F5 Products (SOL16728, SOL17181, SOL17227)
[07/09/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/16000/700/sol16728.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17181.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17227.html
37. Vulnerability in Avaya One-X Agent (106136)
[07/09/2015] Vulnerability was identified in the Avaya One-X Agent. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects version 2.5.50022.0 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106136
38. Security Updates in Debian (DSA-3351-1, DSA-3352-1)
[07/09/2015] Debian has released security update packages for fixing the vulnerabilities identified in the chromium-browser and screen packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2015/dsa-3351
URL:www.debian.org/security/2015/dsa-3352
39. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1623-2)
[07/09/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the kernel packages for Red Hat Enterprise Linux 6. Due to multiple errors, an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-1623.html
40. Security Updates in SUSE (SUSE-SU-2015:1487-1, SUSE-SU-2015:1488-1, SUSE-SU-2015:1489-1, SUSE-SU-2015:1490-1, SUSE-SU-2015:1491-1, SUSE-SU-2015:1496-1)
[07/09/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the Linux Kernel and bind packages of SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00012.html
Monday, September 7, 2015
IT Security Alerts Weekly Digest (30 Aug ~ 5 Sep 2015)
1. Information
Updates on Microsoft Security Bulletin (3080790)
[04/09/2015] Microsoft has updated information on the Security Bulletin for Microsoft Office. MS15-081 was revised to announce that the 3039798 update for Microsoft Office 2013 RT Service Pack 1 is available via Windows Update.
URL:technet.microsoft.com/en-us/library/security/MS15-081
2. Vulnerabilities in BIND (AA-01287, AA-01291)
[04/09/2015] Vulnerabilities were identified in the BIND. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 9.9.7-P3, 9.10.2-P4, 9.9.8rc1 or 9.10.3rc1 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:kb.isc.org/article/AA-01287/
URL:kb.isc.org/article/AA-01291/
URL:www.hkcert.org/my_url/en/alert/15090402
URL:www.us-cert.gov/ncas/current-activity/2015/09/02/Internet-Systems-Consortium-ISC-Releases-Security-Updates-BIND
3. Vulnerabilities in Cisco Products (cisco-sa-20150902-cimcs)
[04/09/2015] Vulnerabilities were identified in the Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director and Cisco TelePresence IX5000 Systems. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40727
URL:www.us-cert.gov/ncas/current-activity/2015/09/03/Cisco-Releases-Security-Updates
4. Vulnerability in Symantec Ghost Explorer Utility (SYM15-008)
[04/09/2015] Vulnerability was identified in Symantec Ghost Explorer Utility. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects versions prior to GSS 3.0 HF2 (12.0.0.8010) and DS 7.6 HF4 (12.0.0.7045) of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20150902_00
5. Vulnerabilities in Cogent DataHub (ICSA-15-246-01)
[04/09/2015] Vulnerabilities were identified in the Cogent DataHub. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions 7.3.8 and prior of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-246-01
6. Vulnerabilities in Moxa Industrial Managed Switch (ICSA-15-246-03)
[04/09/2015] Vulnerabilities were identified in multiple Moxa Industrial Managed Switch. An attacker could bypass security restrictions, execute arbitrary code and compromise the system. These vulnerabilities affect firmware version V3.4 build 14031419 and prior of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-246-03
7. Vulnerability in Sunny WebBox (ICSA-15-181-02)
[04/09/2015] Vulnerability was identified in the Sunny WebBox. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. This vulnerability affects ALL versions of the mentioned product.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-181-02
8. Vulnerability in Huawei UAP2105 device (Huawei-SA-20150902-01-UAP2105)
[04/09/2015] Vulnerability was identified in the Huawei UAP2105 device. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. This vulnerability affects firmware versions prior to V300R012C00SPC160(BootRom) [1] of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-452865.htm
9. Security Updates in Oracle Linux (ELSA-2015-1705, ELSA-2015-1706, ELSA-2015-1707, ELSA-2015-1708, ELSA-2015-1714, ELSA-2015-1715)
[04/09/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the bind, bind97, libXfont, spice and spice-server packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-1705.html
URL:linux.oracle.com/errata/ELSA-2015-1706.html
URL:linux.oracle.com/errata/ELSA-2015-1707.html
URL:linux.oracle.com/errata/ELSA-2015-1708.html
URL:linux.oracle.com/errata/ELSA-2015-1714.html
URL:linux.oracle.com/errata/ELSA-2015-1715.html
10. Security Updates in Debian (DSA-3347-1, DSA-3348-1, DSA-3349-1, DSA-3350-1)
[04/09/2015] Debian has released security update packages for fixing the vulnerabilities identified in the pdns, qemu, qemu-kvm and bind9 packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2015/dsa-3347
URL:www.debian.org/security/2015/dsa-3348
URL:www.debian.org/security/2015/dsa-3349
URL:www.debian.org/security/2015/dsa-3350
11. Security Updates in FreeBSD (FreeBSD-SA-15:23.bind)
[04/09/2015] FreeBSD has released security update packages for fixing the vulnerability identified in the bind packages for multiple versions of FreeBSD Linux. A an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:23.bind.asc
12. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1705-1, RHSA-2015:1706-1, RHSA-2015:1707-1, RHSA-2015:1708-1, RHSA-2015:1712-1)
[04/09/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the bind, bind97, libXfont and chromium-browser packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1705.html
URL:rhn.redhat.com/errata/RHSA-2015-1706.html
URL:rhn.redhat.com/errata/RHSA-2015-1707.html
URL:rhn.redhat.com/errata/RHSA-2015-1708.html
URL:rhn.redhat.com/errata/RHSA-2015-1712.html
13. Security Updates in Slackware (SSA:2015-245-01, SSA:2015-246-01)
[04/09/2015] Slackware has released security update packages for fixing the vulnerabilities identified in the bind and seamonkey packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.490056
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.604342
14. Security Updates in SUSE (SUSE-SU-2015:1476-1, SUSE-SU-2015:1479-1, SUSE-SU-2015:1479-2, SUSE-SU-2015:1478-1, SUSE-SU-2015:1480-1, SUSE-SU-2015:1481-1)
[04/09/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the MozillaFirefox, mozilla-nss, xen, Linux Kernel and bind packages of SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00001.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00002.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00003.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00006.html
15. Security Updates in Ubuntu GNU/Linux (USN-2728-1, USN-2729-1, USN-2730-1, USN-2731-1, USN-2732-1, USN-2733-1, USN-2734-1)
[04/09/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the bind9, libvdpau, openslp-dfsg, linux, linux-ti-omap4 and linux-lts-trusty packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2728-1/
URL:www.ubuntu.com/usn/usn-2729-1/
URL:www.ubuntu.com/usn/usn-2730-1/
URL:www.ubuntu.com/usn/usn-2731-1/
URL:www.ubuntu.com/usn/usn-2732-1/
URL:www.ubuntu.com/usn/usn-2733-1/
URL:www.ubuntu.com/usn/usn-2734-1/
16. Vulnerabilities in Cisco Products
[02/09/2015] Vulnerabilities were identified in the Cisco TelePresence Video Communication Server Expressway and Cisco NX-OS. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40541
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40748
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105994
17. Vulnerabilities in Google Chrome
[02/09/2015] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions prior to 45.0.2454.85 of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.hk/2015/09/stable-channel-update.html
URL:www.hkcert.org/my_url/en/alert/15090201
URL:www.us-cert.gov/ncas/current-activity/2015/09/01/Google-Releases-Security-Update-Chrome
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105999
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106000
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106001
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106002
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106003
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106004
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106005
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106006
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106007
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106008
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106009
18. Vulnerability in F5 Products (SOL17201)
[02/09/2015] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device and BIG-IQ Security. An attacker could bypass security restrictions, execute arbitrary code on the system. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17201.html
19. Vulnerability in Samsung SyncThruWeb (105987)
[02/09/2015] Vulnerability was identified in the Samsung SyncThruWeb. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects version 2.01.00.26 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105987
20. Vulnerabilities in PCMan FTP Server (105975, 105990)
[02/09/2015] Vulnerabilities were identified in PCMan FTP Server. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect version 2.0.7 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105975
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105990
21. Security Updates in Oracle Linux (ELSA-2015-1699)
[02/09/2015] Oracle has released security update packages for fixing the vulnerability identified in the nss-softokn packages for Oracle Linux 6 and 7. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code on the system.
URL:linux.oracle.com/errata/ELSA-2015-1699.html
22. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1699-1, RHSA-2015:1700-1)
[02/09/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the nss-softokn and pcs packages for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code on the system.
URL:rhn.redhat.com/errata/RHSA-2015-1699.html
URL:rhn.redhat.com/errata/RHSA-2015-1700.html
23. Security Updates in Slackware (SSA:2015-244-01)
[02/09/2015] Slackware has released security update packages for fixing the vulnerability identified in the gdk-pixbuf2 packages for multiple versions of Slackware Linux. An attacker could bypass security restrictions and execute arbitrary code on the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.435174
24. Security Updates in SUSE (SUSE-SU-2015:1472-1)
[02/09/2015] SUSE has released security update packages for fixing the vulnerability identified in the kvm package of SUSE Linux Enterprise 11. An attacker could bypass security restrictions and execute arbitrary code on the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00000.html
25. Security Updates in Ubuntu GNU/Linux (USN-2727-1)
[02/09/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the gnutls28 packages for version 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2727-1/
26. Vulnerability in Cisco ASR 1000 Series Aggregation Services Routers
[01/09/2015] Vulnerability was identified in the Cisco ASR 1000 Series Aggregation Services Routers. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects firmware version 15.5 Base, (3)S of the mentioned product.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40708
27. Vulnerabilities in Belkin N600 DB Wireless Dual Band N+ router (VU#201168)
[01/09/2015] Vulnerabilities were identified in the Belkin N600 DB Wireless Dual Band N+ router. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affects multiple firmware versions of the mentioned product.
URL:www.kb.cert.org/vuls/id/201168
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105961
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105962
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105963
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105964
28. Vulnerabilities in Philippine Long Distance Telephone SpeedSurf 504AN and Kasda KW58293 (VU#525276)
[01/09/2015] Vulnerabilities were identified in the Philippine Long Distance Telephone SpeedSurf 504AN and Kasda KW58293. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affects multiple firmware versions of the mentioned products.
URL:www.kb.cert.org/vuls/id/525276
29. Vulnerabilities in Home routers implementing the UPnP protocol (VU#361684)
[01/09/2015] Vulnerabilities were identified in multiple Home routers implementing the UPnP protocol. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affects multiple firmware versions of the mentioned products.
URL:www.kb.cert.org/vuls/id/361684
30. Security Updates in Oracle Linux (ELSA-2015-1694, ELSA-2015-1695)
[01/09/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the gdk-pixbuf2 and jakarta-taglibs-standard packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-1694.html
URL:linux.oracle.com/errata/ELSA-2015-1695.html
31. Security Updates in Debian (DSA-3346-1)
[01/09/2015] Debian has released security update packages for fixing the vulnerabilities identified in the drupal7 packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system.
URL:www.debian.org/security/2015/dsa-3346
32. Security Updates in Mageia (MGASA-2015-0331, MGASA-2015-0332, MGASA-2015-0333, MGASA-2015-0334)
[01/09/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the firefox, firefox-l10n, nspr, nss, glusterfs, audit and glusterfs packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0331.html
URL:advisories.mageia.org/MGASA-2015-0332.html
URL:advisories.mageia.org/MGASA-2015-0333.html
URL:advisories.mageia.org/MGASA-2015-0334.html
33. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1694-1, RHSA-2015:1695-1)
[01/09/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the gdk-pixbuf2 and akarta-taglibs-standard packages for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-1694.html
URL:rhn.redhat.com/errata/RHSA-2015-1695.html
34. Security Updates in SUSE (SUSE-SU-2015:1455-1)
[01/09/2015] SUSE has released security update packages for fixing the vulnerability identified in the kvm package of SUSE Linux Enterprise 11. An attacker could bypass security restrictions and execute arbitrary code on the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html
35. Security Updates in Ubuntu GNU/Linux (USN-2726-1)
[01/09/2015] Ubuntu has released security update packages for fixing the vulnerability identified in the expat packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2726-1/
36. Vulnerabilities in Novell NetIQ Access Manager (5219890)
[31/08/2015] Vulnerabilities were identified in the Novell NetIQ Access Manager. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affects versions 4.1 and 4.1.1 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=ceIVdhBEV2o~
37. Vulnerabilities in F5 Products (SOL17173, SOL17189)
[31/08/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17173.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17189.html
38. Security Updates in Debian (DSA-3345-1)
[31/08/2015] Debian has released security update packages for fixing the vulnerabilities identified in the iceweasel packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3345
39. Security Updates in Slackware (SSA:2015-241-01)
[31/08/2015] Slackware has released security update packages for fixing the vulnerability identified in the mozilla-firefox package for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.356225
40. Security Updates in SUSE (SUSE-SU-2015:1449-1)
[31/08/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the MozillaFirefox and mozilla-nss package of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
Source(s) of above information:
[04/09/2015] Microsoft has updated information on the Security Bulletin for Microsoft Office. MS15-081 was revised to announce that the 3039798 update for Microsoft Office 2013 RT Service Pack 1 is available via Windows Update.
URL:technet.microsoft.com/en-us/library/security/MS15-081
2. Vulnerabilities in BIND (AA-01287, AA-01291)
[04/09/2015] Vulnerabilities were identified in the BIND. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 9.9.7-P3, 9.10.2-P4, 9.9.8rc1 or 9.10.3rc1 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:kb.isc.org/article/AA-01287/
URL:kb.isc.org/article/AA-01291/
URL:www.hkcert.org/my_url/en/alert/15090402
URL:www.us-cert.gov/ncas/current-activity/2015/09/02/Internet-Systems-Consortium-ISC-Releases-Security-Updates-BIND
3. Vulnerabilities in Cisco Products (cisco-sa-20150902-cimcs)
[04/09/2015] Vulnerabilities were identified in the Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director and Cisco TelePresence IX5000 Systems. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40727
URL:www.us-cert.gov/ncas/current-activity/2015/09/03/Cisco-Releases-Security-Updates
4. Vulnerability in Symantec Ghost Explorer Utility (SYM15-008)
[04/09/2015] Vulnerability was identified in Symantec Ghost Explorer Utility. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects versions prior to GSS 3.0 HF2 (12.0.0.8010) and DS 7.6 HF4 (12.0.0.7045) of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20150902_00
5. Vulnerabilities in Cogent DataHub (ICSA-15-246-01)
[04/09/2015] Vulnerabilities were identified in the Cogent DataHub. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions 7.3.8 and prior of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-246-01
6. Vulnerabilities in Moxa Industrial Managed Switch (ICSA-15-246-03)
[04/09/2015] Vulnerabilities were identified in multiple Moxa Industrial Managed Switch. An attacker could bypass security restrictions, execute arbitrary code and compromise the system. These vulnerabilities affect firmware version V3.4 build 14031419 and prior of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-246-03
7. Vulnerability in Sunny WebBox (ICSA-15-181-02)
[04/09/2015] Vulnerability was identified in the Sunny WebBox. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. This vulnerability affects ALL versions of the mentioned product.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-181-02
8. Vulnerability in Huawei UAP2105 device (Huawei-SA-20150902-01-UAP2105)
[04/09/2015] Vulnerability was identified in the Huawei UAP2105 device. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. This vulnerability affects firmware versions prior to V300R012C00SPC160(BootRom) [1] of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-452865.htm
9. Security Updates in Oracle Linux (ELSA-2015-1705, ELSA-2015-1706, ELSA-2015-1707, ELSA-2015-1708, ELSA-2015-1714, ELSA-2015-1715)
[04/09/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the bind, bind97, libXfont, spice and spice-server packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-1705.html
URL:linux.oracle.com/errata/ELSA-2015-1706.html
URL:linux.oracle.com/errata/ELSA-2015-1707.html
URL:linux.oracle.com/errata/ELSA-2015-1708.html
URL:linux.oracle.com/errata/ELSA-2015-1714.html
URL:linux.oracle.com/errata/ELSA-2015-1715.html
10. Security Updates in Debian (DSA-3347-1, DSA-3348-1, DSA-3349-1, DSA-3350-1)
[04/09/2015] Debian has released security update packages for fixing the vulnerabilities identified in the pdns, qemu, qemu-kvm and bind9 packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2015/dsa-3347
URL:www.debian.org/security/2015/dsa-3348
URL:www.debian.org/security/2015/dsa-3349
URL:www.debian.org/security/2015/dsa-3350
11. Security Updates in FreeBSD (FreeBSD-SA-15:23.bind)
[04/09/2015] FreeBSD has released security update packages for fixing the vulnerability identified in the bind packages for multiple versions of FreeBSD Linux. A an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:23.bind.asc
12. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1705-1, RHSA-2015:1706-1, RHSA-2015:1707-1, RHSA-2015:1708-1, RHSA-2015:1712-1)
[04/09/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the bind, bind97, libXfont and chromium-browser packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-1705.html
URL:rhn.redhat.com/errata/RHSA-2015-1706.html
URL:rhn.redhat.com/errata/RHSA-2015-1707.html
URL:rhn.redhat.com/errata/RHSA-2015-1708.html
URL:rhn.redhat.com/errata/RHSA-2015-1712.html
13. Security Updates in Slackware (SSA:2015-245-01, SSA:2015-246-01)
[04/09/2015] Slackware has released security update packages for fixing the vulnerabilities identified in the bind and seamonkey packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.490056
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.604342
14. Security Updates in SUSE (SUSE-SU-2015:1476-1, SUSE-SU-2015:1479-1, SUSE-SU-2015:1479-2, SUSE-SU-2015:1478-1, SUSE-SU-2015:1480-1, SUSE-SU-2015:1481-1)
[04/09/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the MozillaFirefox, mozilla-nss, xen, Linux Kernel and bind packages of SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00001.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00002.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00003.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00005.html
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00006.html
15. Security Updates in Ubuntu GNU/Linux (USN-2728-1, USN-2729-1, USN-2730-1, USN-2731-1, USN-2732-1, USN-2733-1, USN-2734-1)
[04/09/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the bind9, libvdpau, openslp-dfsg, linux, linux-ti-omap4 and linux-lts-trusty packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2728-1/
URL:www.ubuntu.com/usn/usn-2729-1/
URL:www.ubuntu.com/usn/usn-2730-1/
URL:www.ubuntu.com/usn/usn-2731-1/
URL:www.ubuntu.com/usn/usn-2732-1/
URL:www.ubuntu.com/usn/usn-2733-1/
URL:www.ubuntu.com/usn/usn-2734-1/
16. Vulnerabilities in Cisco Products
[02/09/2015] Vulnerabilities were identified in the Cisco TelePresence Video Communication Server Expressway and Cisco NX-OS. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40541
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40748
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105994
17. Vulnerabilities in Google Chrome
[02/09/2015] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions prior to 45.0.2454.85 of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.hk/2015/09/stable-channel-update.html
URL:www.hkcert.org/my_url/en/alert/15090201
URL:www.us-cert.gov/ncas/current-activity/2015/09/01/Google-Releases-Security-Update-Chrome
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105999
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106000
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106001
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106002
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106003
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106004
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106005
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106006
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106007
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106008
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106009
18. Vulnerability in F5 Products (SOL17201)
[02/09/2015] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device and BIG-IQ Security. An attacker could bypass security restrictions, execute arbitrary code on the system. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17201.html
19. Vulnerability in Samsung SyncThruWeb (105987)
[02/09/2015] Vulnerability was identified in the Samsung SyncThruWeb. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects version 2.01.00.26 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105987
20. Vulnerabilities in PCMan FTP Server (105975, 105990)
[02/09/2015] Vulnerabilities were identified in PCMan FTP Server. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect version 2.0.7 of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105975
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105990
21. Security Updates in Oracle Linux (ELSA-2015-1699)
[02/09/2015] Oracle has released security update packages for fixing the vulnerability identified in the nss-softokn packages for Oracle Linux 6 and 7. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code on the system.
URL:linux.oracle.com/errata/ELSA-2015-1699.html
22. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1699-1, RHSA-2015:1700-1)
[02/09/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the nss-softokn and pcs packages for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code on the system.
URL:rhn.redhat.com/errata/RHSA-2015-1699.html
URL:rhn.redhat.com/errata/RHSA-2015-1700.html
23. Security Updates in Slackware (SSA:2015-244-01)
[02/09/2015] Slackware has released security update packages for fixing the vulnerability identified in the gdk-pixbuf2 packages for multiple versions of Slackware Linux. An attacker could bypass security restrictions and execute arbitrary code on the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.435174
24. Security Updates in SUSE (SUSE-SU-2015:1472-1)
[02/09/2015] SUSE has released security update packages for fixing the vulnerability identified in the kvm package of SUSE Linux Enterprise 11. An attacker could bypass security restrictions and execute arbitrary code on the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-09/msg00000.html
25. Security Updates in Ubuntu GNU/Linux (USN-2727-1)
[02/09/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the gnutls28 packages for version 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2727-1/
26. Vulnerability in Cisco ASR 1000 Series Aggregation Services Routers
[01/09/2015] Vulnerability was identified in the Cisco ASR 1000 Series Aggregation Services Routers. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects firmware version 15.5 Base, (3)S of the mentioned product.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40708
27. Vulnerabilities in Belkin N600 DB Wireless Dual Band N+ router (VU#201168)
[01/09/2015] Vulnerabilities were identified in the Belkin N600 DB Wireless Dual Band N+ router. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affects multiple firmware versions of the mentioned product.
URL:www.kb.cert.org/vuls/id/201168
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105961
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105962
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105963
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105964
28. Vulnerabilities in Philippine Long Distance Telephone SpeedSurf 504AN and Kasda KW58293 (VU#525276)
[01/09/2015] Vulnerabilities were identified in the Philippine Long Distance Telephone SpeedSurf 504AN and Kasda KW58293. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affects multiple firmware versions of the mentioned products.
URL:www.kb.cert.org/vuls/id/525276
29. Vulnerabilities in Home routers implementing the UPnP protocol (VU#361684)
[01/09/2015] Vulnerabilities were identified in multiple Home routers implementing the UPnP protocol. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affects multiple firmware versions of the mentioned products.
URL:www.kb.cert.org/vuls/id/361684
30. Security Updates in Oracle Linux (ELSA-2015-1694, ELSA-2015-1695)
[01/09/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the gdk-pixbuf2 and jakarta-taglibs-standard packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-1694.html
URL:linux.oracle.com/errata/ELSA-2015-1695.html
31. Security Updates in Debian (DSA-3346-1)
[01/09/2015] Debian has released security update packages for fixing the vulnerabilities identified in the drupal7 packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system.
URL:www.debian.org/security/2015/dsa-3346
32. Security Updates in Mageia (MGASA-2015-0331, MGASA-2015-0332, MGASA-2015-0333, MGASA-2015-0334)
[01/09/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the firefox, firefox-l10n, nspr, nss, glusterfs, audit and glusterfs packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0331.html
URL:advisories.mageia.org/MGASA-2015-0332.html
URL:advisories.mageia.org/MGASA-2015-0333.html
URL:advisories.mageia.org/MGASA-2015-0334.html
33. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1694-1, RHSA-2015:1695-1)
[01/09/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the gdk-pixbuf2 and akarta-taglibs-standard packages for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-1694.html
URL:rhn.redhat.com/errata/RHSA-2015-1695.html
34. Security Updates in SUSE (SUSE-SU-2015:1455-1)
[01/09/2015] SUSE has released security update packages for fixing the vulnerability identified in the kvm package of SUSE Linux Enterprise 11. An attacker could bypass security restrictions and execute arbitrary code on the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html
35. Security Updates in Ubuntu GNU/Linux (USN-2726-1)
[01/09/2015] Ubuntu has released security update packages for fixing the vulnerability identified in the expat packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2726-1/
36. Vulnerabilities in Novell NetIQ Access Manager (5219890)
[31/08/2015] Vulnerabilities were identified in the Novell NetIQ Access Manager. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affects versions 4.1 and 4.1.1 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=ceIVdhBEV2o~
37. Vulnerabilities in F5 Products (SOL17173, SOL17189)
[31/08/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17173.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17189.html
38. Security Updates in Debian (DSA-3345-1)
[31/08/2015] Debian has released security update packages for fixing the vulnerabilities identified in the iceweasel packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3345
39. Security Updates in Slackware (SSA:2015-241-01)
[31/08/2015] Slackware has released security update packages for fixing the vulnerability identified in the mozilla-firefox package for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.356225
40. Security Updates in SUSE (SUSE-SU-2015:1449-1)
[31/08/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the MozillaFirefox and mozilla-nss package of SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
Source(s) of above information:
Subscribe to:
Posts (Atom)