1. Vulnerability
in Cisco Prime Network Registrar
[18/09/2015] Vulnerability was identified in the Cisco Prime Network
Registrar. An attacker could bypass security restrictions, gain elevated
privileges and compromise the system. This vulnerability affects versions
8.1.3.3 , 8.2.3 or 8.3.2 of the mentioned
product.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=41041
2. Vulnerability in Harman-Kardon Uconnect
(ICSA-15-260-01)
[18/09/2015] Vulnerability was identified in the Harman-Kardon Uconnect.
An attacker could bypass security restrictions, gain elevated privileges,
execute arbitrary code and compromise the system. This vulnerability affects
versions 8.4AN, RA3 or RA4 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-260-01
3. Vulnerability in Pentaho GA PDI and Pentaho GA BA
(106392)
[18/09/2015]
Vulnerability was identified in the Pentaho GA
PDI and Pentaho GA BA. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code and
compromise the system. This vulnerability affects version 5.2 of the mentioned
products. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106392
4. Security Updates in Mageia (MGASA-2015-0375,
MGASA-2015-0376, MGASA-2015-0377)
[18/09/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the ganglia-web, icedtea-web and wordpress packages for multiple versions of
Mageia. Due to multiple errors, an attacker could bypass security restrictions,
gain elevated privileges and execute arbitrary code on the
system.
URL:advisories.mageia.org/MGASA-2015-0375.html
URL:advisories.mageia.org/MGASA-2015-0376.html
URL:advisories.mageia.org/MGASA-2015-0377.html
5. Vulnerabilities in ISC BIND
9
[17/09/2015] Vulnerabilities were identified in the ISC BIND 9. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. These vulnerabilities affect versions prior to 9.9.8,
9.9.8-S1 or 9.10.3 of the mentioned product. Security patches are available to
resolve these
vulnerabilities.
URL:kb.isc.org/article/AA-01305
URL:kb.isc.org/article/AA-01306
URL:kb.isc.org/article/AA-01307
URL:www.us-cert.gov/ncas/current-activity/2015/09/16/Internet-Systems-Consortium-ISC-Releases-Security-Updates-BIND
6. Vulnerabilities in Apple Products (HT205212, HT205217,
HT205219, HT205221)
[17/09/2015] Vulnerabilities were identified in the Apple iOS, Xcode, OS X
Server and iTunes. An attacker could bypass security restrictions, obtain
sensitive information, excite arbitrary code, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple versions
of the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:support.apple.com/kb/HT205212
URL:support.apple.com/kb/HT205217
URL:support.apple.com/kb/HT205219
URL:support.apple.com/kb/HT205221
7. Vulnerabilities in Cisco Products
(cisco-sa-20150916-pca, cisco-sa-20150916-pcp,
cisco-sa-20150916-tps)
[17/09/2015] Vulnerabilities were identified in the Cisco Prime
Collaboration Assurance Software, Cisco Prime Collaboration Provisioning
Software, Cisco TelePresence Server software, Cisco Nexus 9000 Series Switches
and Cisco IOS XE. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pca
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pcp
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40520
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40990
URL:tools.cisco.com/security/center/viewAlert.x?alertId=41006
8. Vulnerabilities in F5 Products
(SOL17263)
[17/09/2015]
Vulnerabilities were identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP
PSM, BIG-IP WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ
Device, BIG-IQ Security, BIG-IQ ADC and Traffix SDC. An attacker could bypass
security restrictions, obtain sensitive information and gain elevated
privileges. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17263.html
9. Vulnerabilities in Symantec Web Gateway Appliance
management console (SYM15-009)
[17/09/2015] Vulnerabilities were identified in the Symantec Web Gateway
(SWG) Appliance management console. An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges and execute
arbitrary code on the system. These vulnerabilities affect versions prior to
v5.0.0.1277 of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20150916_00
10.
Vulnerability in VMware vCenter Server
(VMSA-2015-0006)
[17/09/2015] Vulnerability was identified in the VMware vCenter Server. An
attacker could bypass security restrictions. This vulnerability affects multiple
versions of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:www.vmware.com/security/advisories/VMSA-2015-0006.html
URL:www.hkcert.org/my_url/en/alert/15091701
11.
Vulnerabilities in
WordPress
[17/09/2015]
Vulnerabilities were identified in the
WordPress. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code and compromise the
system. These vulnerabilities affect versions prior to 4.3.1 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:wordpress.org/news/2015/09/wordpress-4-3-1/
URL:www.us-cert.gov/ncas/current-activity/2015/09/15/WordPress-Releases-Security-Update
12.
Security Updates in Oracle Linux
(ELSA-2015-3078)
[17/09/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the kernel packages for Oracle Linux 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, cause
a denial of service condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-3078.html
13.
Security Updates in Mageia
(MGASA-2015-0368, MGASA-2015-0369, MGASA-2015-0370, MGASA-2015-0371,
MGASA-2015-0372, MGASA-2015-0373, MGASA-2015-0374)
[17/09/2015] Mageia has released security update packages for fixing the
vulnerabilities identified in the qemu, php-ZendFramework, php-ZendFramework2,
ipython, spice and openldap packages for multiple versions of Mageia. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0368.html
URL:advisories.mageia.org/MGASA-2015-0369.html
URL:advisories.mageia.org/MGASA-2015-0370.html
URL:advisories.mageia.org/MGASA-2015-0371.html
URL:advisories.mageia.org/MGASA-2015-0372.html
URL:advisories.mageia.org/MGASA-2015-0373.html
URL:advisories.mageia.org/MGASA-2015-0374.html
14.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1808-1)
[17/09/2015] Red Hat
has released security update packages for fixing the vulnerability identified in
the rubygem-openshift-origin-console packages for Red Hat OpenShift Enterprise
2.2. An attacker could bypass security restrictions, gain elevated privileges
and execute arbitrary code on the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1808.html
15.
Security Updates in Ubuntu GNU/Linux
(USN-2740-1, USN-2741-1, USN-2742-1)
[17/09/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the icu, unity-settings-daemon and openldap packages for versions 12.04 LTS,
14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:www.ubuntu.com/usn/usn-2740-1/
URL:www.ubuntu.com/usn/usn-2741-1/
URL:www.ubuntu.com/usn/usn-2742-1/
16.
Information Updates on Microsoft Security
Bulletin (3089664)
[16/09/2015] Microsoft
has updated information on the Security Bulletin for Microsoft Office. MS15-99
was revised to announce that the 3088502 update for Microsoft Office for Mac
2016 is
available.
URL:technet.microsoft.com/en-us/library/security/MS15-099
17.
Vulnerability in Schneider Electric
StruxureWare Building Expert (ICSA-15-258-01)
[16/09/2015] Vulnerability was identified in the Schneider Electric
StruxureWare Building Expert. An attacker could obtain sensitive information.
This vulnerability affects versions prior to 2.15 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-258-01
18.
Vulnerability in CODESYS Gateway Server
(ICSA-15-258-02)
[16/09/2015] Vulnerability was identified in the CODESYS Gateway Server.
An attacker could cause a buffer overflow and perform remote code execution.
This vulnerability affects versions 2.3.9.46 and prior versions of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-258-02
19.
Vulnerabilities in GE Products
(ICSA-15-258-03)
[16/09/2015] Vulnerabilities were identified in the GE MDS PulseNET and
MDS PulseNET Enterprise. An attacker could perform path traversal attack and
take complete control of the affected system. These vulnerabilities affect
versions 2.3.9.46 and prior versions of the mentioned product. Security patches
are available to resolve these
vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-258-03
20.
Security Updates in Debian
(DSA-3360-1)
[16/09/2015] Debian has
released security update packages for fixing the vulnerability identified in the
icu package for multiple versions of Debian GNU/Linux. Due to multiple errors,
an attacker could cause a denial of service
condition.
URL:www.debian.org/security/2015/dsa-3360
21.
Security Updates in Oracle Linux
(ELSA-2015-1778, ELSA-2015-1793)
[16/09/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the kernel and qemu-kvm packages for Oracle Linux 7. Due to multiple errors, an
attacker could cause a denial of service condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-1778.html
URL:linux.oracle.com/errata/ELSA-2015-1793.html
22.
Information Updates on Microsoft Security
Bulletin (3089952)
[15/09/2015] Microsoft
has updated information on the Security Bulletin for Skype for Business Server
and Microsoft Lync Server. MS15-104 was revised to update the prerequisite
detail in the Update FAQ
section.
URL:technet.microsoft.com/en-us/library/security/MS15-104
23.
Vulnerability in IBM HTTP Server
(1963362)
[15/09/2015]
Vulnerability was identified in the IBM HTTP
Server. An attacker could bypass security restrictions, cause a denial of
service condition and crash the system. This vulnerability affects versions
prior to 8.0.0.12 or 8.5.5.7 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:www.ibm.com/support/docview.wss?uid=swg21963362
URL:www.hkcert.org/my_url/en/alert/15091401
24.
Vulnerability in F5 Products
(SOL17256)
[15/09/2015]
Vulnerability was identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
DNS, BIG-IP Link Controller, BIG-IP PEM and Traffix SDC. An attacker could
bypass security restrictions, cause a denial of service condition and crash the
system. This vulnerability affects multiple versions of the mentioned products.
Security patches are available to resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17256.html
25.
Vulnerabilities in
PHP
[15/09/2015] Vulnerabilities were identified in the PHP. An
attacker could bypass security restrictions, obtain sensitive information and
execute arbitrary code on the system. These vulnerabilities affect versions
prior to 5.4.45, 5.5.29 or 5.6.13 of the mentioned product. Security patches are
available to resolve these
vulnerabilities.
URL:www.php.net/ChangeLog-5.php#5.4.45
URL:www.php.net/ChangeLog-5.php#5.5.29
URL:www.php.net/ChangeLog-5.php#5.6.13
URL:www.hkcert.org/my_url/en/alert/15091501
26.
Security Updates in Debian (DSA-3357-1,
DSA-3359-1)
[15/09/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the vzctl and virtualbox packages for multiple versions of Debian GNU/Linux. Due
to multiple errors, an attacker could bypass security restrictions, gain
elevated privileges and execute arbitrary code and compromise the
system.
URL:www.debian.org/security/2015/dsa-3357
URL:www.debian.org/security/2015/dsa-3359
27.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1772-1)
[15/09/2015] Red Hat
has released security update packages for fixing the vulnerability identified in
the qemu-kvm-rhev packages for Red Hat Enterprise Linux OpenStack Platform 5.0,
6.0 and 7.0, for Red Hat Enterprise Linux 7. An attacker could bypass security
restrictions and execute arbitrary code on the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1772.html
28.
Vulnerabilities in IBM Sametime Community
Server (1965920)
[14/09/2015] Vulnerabilities were identified in the IBM Sametime Community
Server. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect versions 8.5.2 and 9 of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21965920
29.
Vulnerabilities in F5 Traffix SDC
(SOL17255, SOL17257)
[14/09/2015] Vulnerabilities were identified in the F5 Traffix SDC. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. These vulnerabilities affect multiple versions of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17255.html
URL:support.f5.com/kb/en-us/solutions/public/17000/200/sol17257.html
30.
Vulnerability in Magento
(106329)
[14/09/2015]
Vulnerability was identified in the Magento. An
attacker could bypass security restrictions and execute arbitrary code on the
system. This vulnerability affects version prior to 1.9.2.1 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106329
31.
Vulnerabilities in Japan Connected-free
Wi-Fi (106301, 106302)
[14/09/2015] Vulnerabilities were identified in the Japan Connected-free
Wi-Fi. An attacker could bypass security restrictions, execute arbitrary code
and perform cross-site scripting attacks. These vulnerabilities affect versions
1.6.0 for Android and 1.0.2 for iOS of the mentioned product. Security patches
are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106301
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106302
32.
Vulnerability in Mozilla Bugzilla
(106311)
[14/09/2015]
Vulnerability was identified in the Mozilla
Bugzilla. An attacker could bypass security restrictions. This vulnerability
affects multiple versions of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106311
33.
Security Updates in Debian (DSA-3356-1,
DSA-3358-1)
[14/09/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the openldap and php5 packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges and execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3356
URL:www.debian.org/security/2015/dsa-3358
34.
Security Updates in Mageia
(MGASA-2015-0359, MGASA-2015-0360, MGASA-2015-0361, MGASA-2015-0362,
MGASA-2015-0363, MGASA-2015-0364, MGASA-2015-0365, MGASA-2015-0366,
MGASA-2015-0367)
[14/09/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the gnupg, gnupg2, libgcrypt, xfsprogs, mariadb, conntrack-tools, libvdpau, php,
phpmyadmin and freetype2 packages for multiple versions of Mageia. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0359.html
URL:advisories.mageia.org/MGASA-2015-0360.html
URL:advisories.mageia.org/MGASA-2015-0361.html
URL:advisories.mageia.org/MGASA-2015-0362.html
URL:advisories.mageia.org/MGASA-2015-0363.html
URL:advisories.mageia.org/MGASA-2015-0364.html
URL:advisories.mageia.org/MGASA-2015-0365.html
URL:advisories.mageia.org/MGASA-2015-0366.html
URL:advisories.mageia.org/MGASA-2015-0367.html
No comments:
Post a Comment