1. Vulnerabilities in Cisco Products (cisco-sa-20151008-asmc,
cisco-sa-20151008-cpi, cisco-sa-20151008-pca, cisco-sa-20151008-pca2,
cisco-sa-20151008-pcp)
[09/10/2015] Vulnerabilities were identified in the Cisco AnyConnect
Secure Mobility Client, Cisco Prime, Cisco Prime Collaboration Assurance (PCA)
and Cisco Prime Collaboration Provisioning (PCP). An attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and crash the
system. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-asmc
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-cpi
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pca
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pca2
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pcp
2. Vulnerabilities in F5 Products (SOL17377,
SOL17378)
[09/10/2015]
Vulnerabilities were identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP
PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, FirePass,
BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC, LineRate and Traffix
SDC. An attacker could bypass security restrictions, gain elevated privileges
and execute arbitrary code. These vulnerabilities affect multiple versions of
the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/300/sol17377.html
URL:support.f5.com/kb/en-us/solutions/public/17000/300/sol17378.html
3. Vulnerability in Huawei ARM Mali GPU driver
(HW-456480)
[09/10/2015] Vulnerability was identified in the Huawei ARM Mali GPU
driver. An attacker could bypass security restrictions, cause a denial of
service condition and crash the system. This vulnerability affects version P8
ALE-UL00 of the mentioned
product.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-456480.htm
4. Vulnerability in Buffalo Linkstation
(107009)
[09/10/2015]
Vulnerability was identified in the Buffalo
Linkstation. An attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code and compromise the system. This vulnerability
affects versions prior to 1.71 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107009
5. Vulnerability in EMV Cards
[09/10/2015] Vulnerability was identified in the EMV Cards. An attacker
could bypass security restrictions and obtain sensitive information. This
vulnerability affects ALL of the mentioned
product.
URL:www.us-cert.gov/ncas/current-activity/2015/10/08/IC3-Releases-Alert-Microchip-Enabled-Credit-Cards
6. Vulnerabilities in Solarwinds Products (107003,
107004)
[09/10/2015]
Vulnerabilities were identified in the
Solarwinds Log and Event Manager, and Solarwinds Storage Manager. An attacker
could bypass security restrictions, execute arbitrary code on the system. These
vulnerabilities affect versions prior to 6.2 of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107003
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107004
7. Vulnerability in Zope Management Interface
(106998)
[09/10/2015]
Vulnerability was identified in the Zope
Management Interface. An attacker could bypass security restrictions, obtain
sensitive information and execute arbitrary code. This vulnerability affects
version 4.3.7 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106998
8. Security Updates in SUSE
(SUSE-SU-2015:1701-1)
[09/10/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the php5 packages of SUSE Linux Enterprise 11. Due to multiple errors, an
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00006.html
9. Vulnerability in Cisco Products
(cisco-sa-20151007-vcs)
[08/10/2015] Vulnerability was identified in the Cisco TelePresence Video
Communication Server (VCS) Expressway. An attacker could bypass security
restrictions, execute arbitrary code and perform a symbolic link attack on the
system. This vulnerability affects version X8.5.2 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151007-vcs
10.
Vulnerabilities in Novell Identity
Manager (5224131, 5225150)
[08/10/2015] Vulnerabilities were identified in the Novell Identity
Manager. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect multiple versions of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=iuNGCHxR7XI~
URL:download.novell.com/Download?buildid=uFdli0n1UCc~
11.
Vulnerability in LanTricks LanWhoIs
(106952)
[08/10/2015]
Vulnerability was identified in the LanTricks
LanWhoIs. An attacker could bypass security restrictions, execute arbitrary
code, cause a denial of service condition and crash the system. This
vulnerability affects version 1.0.1.120 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106952
12.
Vulnerability in Oracle MySQL
(106976)
[08/10/2015]
Vulnerability was identified in the Oracle
MySQL. An attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the system. This vulnerability
affects version 5.6.24 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106976
13.
Vulnerabilities in Red Hat Products
(106975, 106977, 106978)
[08/10/2015] Vulnerabilities were identified in the Red Hat Enterprise
Linux and Red Hat spice. An attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the system. These vulnerabilities affect version 7.3 of Red
Hat Enterprise Linux and version 0.12.0 of Red Hat spice. Security patches are
available to resolve these vulnerabilities identified in Red Hat
spice.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106975
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106977
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106978
14.
Security Updates in Debian (DSA-3369-1,
DSA-3370-1)
[08/10/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the zendframework and freetype packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3369
URL:www.debian.org/security/2015/dsa-3370
15.
Security Updates in Ubuntu GNU/Linux
(USN-2766-1)
[08/10/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the spice packages for versions 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2766-1/
16. Vulnerabilities in Cisco Products
(Cisco-SA-20151002-CVE-2015-6310, Cisco-SA-20151002-CVE-2015-6311,
cisco-sa-20151006-ucs, cisco-sa-20151006-vcs)
[07/10/2015] Vulnerabilities were identified in the Cisco Unified
Communications Manager IM and Presence Service, Cisco Wireless LAN Controller
(WLC) devices, Cisco Unified Computing System (UCS) B-Series blade servers and
Cisco TelePresence Video Communication Server (VCS) Expressway. An attacker
could bypass security restrictions, gain elevated privileges, execute arbitrary
code, cause a denial of service condition and crash the system. These
vulnerabilities affect multiple firmware versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20151002-CVE-2015-6310
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20151002-CVE-2015-6311
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151006-ucs
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151006-vcs
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106929
17.
Vulnerabilities in OpenSMTPD (106905,
106906, 106907, 106908, 106909, 106910, 106911,
106912)
[07/10/2015]
Vulnerabilities were identified in the
OpenSMTPD. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect versions prior to 5.7.2 of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106905
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106906
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106907
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106908
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106909
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106910
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106911
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106912
18.
Vulnerabilities in Cisco Products
(cisco-sa-20151005-aironet,
cisco-sa-20151005-ios-radius)
[06/10/2015] Vulnerabilities were identified in the Cisco Aironet 1850
Series Access Point device and Cisco IOS Software. An attacker could bypass
security restrictions, execute arbitrary code, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple firmware
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151005-aironet
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151005-ios-radius
19.
Vulnerability in Tripwire IP360 VnE
(106899)
[06/10/2015]
Vulnerability was identified in the Tripwire
IP360 VnE. An attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code and compromise the system. This vulnerability
affects versions prior to 7.2.6 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106899
20.
Vulnerability in Samsung XNS ActiveX SDK
(106880)
[06/10/2015]
Vulnerability was identified in the Samsung XNS
ActiveX SDK. An attacker could bypass security restrictions, execute arbitrary
code, cause a denial of service condition and crash the system. The affected
version was not
specified.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106880
21.
Vulnerability in WinRAR
(106895)
[06/10/2015]
Vulnerability was identified in the WinRAR. An
attacker could bypass security restrictions and execute arbitrary code on the
system. This vulnerability affects versions prior to 5.30 beta 4 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106895
22.
Vulnerabilities in
PHP
[06/10/2015] Vulnerabilities were identified in the PHP. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. These vulnerabilities affect versions prior to 5.5.30 or
5.6.14 of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:php.net/ChangeLog-5.php#5.6.14
URL:www.hkcert.org/my_url/en/alert/15100601
23.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1845-1)
[06/10/2015] Red Hat
has released security update packages for fixing the vulnerability identified in
the Red Hat Gluster Storage 3.1 for Red Hat Enterprise Linux 6. An attacker
could bypass security restrictions, execute arbitrary code, cause a denial of
service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1845.html
24.
Security Updates in SUSE
(openSUSE-SU-2015:1679-1, SUSE-SU-2015:1680-1,
openSUSE-SU-2015:1681-1)
[06/10/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the MozillaThunderbird, MozillaFirefox, mozilla-nspr and seamonkey packages of
openSUSE 13.1 and 13.2, and SUSE Linux Enterprise 12. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html
25.
Security Updates in Ubuntu GNU/Linux
(USN-2743-4, USN-2753-3, USN-2754-1, USN-2757-1, USN-2761-1, USN-2762-1,
USN-2763-1, USN-2764-1, USN-2765-1)
[06/10/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the firefox, lxc, thunderbird, oxide-qt, linux, linux-lts-trusty,
linux-lts-utopic and linux-lts-vivid packages for versions 12.04 LTS, 14.04 LTS
and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2743-4/
URL:www.ubuntu.com/usn/usn-2753-3/
URL:www.ubuntu.com/usn/usn-2754-1/
URL:www.ubuntu.com/usn/usn-2757-1/
URL:www.ubuntu.com/usn/usn-2761-1/
URL:www.ubuntu.com/usn/usn-2762-1/
URL:www.ubuntu.com/usn/usn-2763-1/
URL:www.ubuntu.com/usn/usn-2764-1/
URL:www.ubuntu.com/usn/usn-2765-1/
26.
Vulnerabilities in Cisco
Products
[05/10/2015]
Vulnerabilities were identified in the Cisco
Nexus 3000 Series Switches, Cisco Unified Communications Manager IM and Presence
Service, and Cisco Wireless LAN Controller. An attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect multiple firmware versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities identified in Cisco Wireless LAN
Controller.
URL:tools.cisco.com/security/center/viewAlert.x?alertId=41240
URL:tools.cisco.com/security/center/viewAlert.x?alertId=41242
URL:tools.cisco.com/security/center/viewAlert.x?alertId=41249
URL:www.hkcert.org/my_url/en/alert/15100204
URL:www.hkcert.org/my_url/en/alert/15100502
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106870
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106871
27.
Vulnerabilities in SAP HANA (106722,
106723, 106724, 106725, 106726, 106727, 106728, 106729, 106730,
106731)
[05/10/2015]
Vulnerabilities were identified in the SAP HANA.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code and compromise the system.
These vulnerabilities affect version 1.00.091.00.1418659308 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106722
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106723
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106724
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106725
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106726
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106727
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106728
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106729
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106730
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106731
28.
Vulnerabilities in Google
Android
[05/10/2015]
Vulnerabilities were identified in the Google
Android. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code and compromise the
system. These vulnerabilities affect multiple versions of the mentioned
products.
URL:www.hkcert.org/my_url/en/alert/15100501
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106876
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106877
29.
Vulnerability in FreeExtractor MakeSFX
(106865)
[05/10/2015]
Vulnerability was identified in the
FreeExtractor MakeSFX. An attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the system. This
vulnerability affects version 1.44 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106865
30.
Vulnerability in FreeSWITCH
(106777)
[05/10/2015]
Vulnerability was identified in the FreeSWITCH.
An attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. This vulnerability affects
versions prior to 1.6.2 or 1.4.23 of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106777
31.
Vulnerability in PCMan FTP Server
(106776)
[05/10/2015]
Vulnerability was identified in the PCMan FTP
Server. An attacker could bypass security restrictions and obtain sensitive
information. This vulnerability affects version 2.0.7 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106776
32.
Vulnerability in mTheme-Unus theme for
WordPress (106787)
[05/10/2015] Vulnerability was identified in the mTheme-Unus theme for
WordPress. An attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary code. This vulnerability affects versions
prior to 2.3 of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106787
33.
Security Updates in Mageia
(MGASA-2015-0386, MGASA-2015-0387, MGASA-2015-0388,
MGASA-2015-0389)
[05/10/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the kernel, kernel-userspace-headers, kernel-firmware, btrfs-progs, iproute2,
xtables-addons, kmod-xtables-addons, kernel-firmware-nonfree, radeon-firmware,
kmod-broadcom-wl, kmod-fglrx, nvidia304, kmod-nvidia304, nvidia340,
kmod-nvidia340, kmod-nvidia-current, thunderbird, thunderbird-l10n,
gdk-pixbuf2.0 and chromium-browser-stable packages for multiple versions of
Mageia. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0386.html
URL:advisories.mageia.org/MGASA-2015-0387.html
URL:advisories.mageia.org/MGASA-2015-0388.html
URL:advisories.mageia.org/MGASA-2015-0389.html
No comments:
Post a Comment