1. Vulnerability
in HP Loadrunner Virtual Table Server (c04900820)
[27/11/2015] Vulnerability was identified in the HP Loadrunner Virtual
Table Server. An attacker could bypass security restrictions and execute
arbitrary code on the system. This vulnerability affects versions 11.52, 12.00,
12.01, 12.02 and 12.50 of the mentioned products. Security patches are available
to resolve this
vulnerability.
URL:h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04900820
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108317
2. Vulnerability in EMC Isilon OneFS
(108318)
[27/11/2015]
Vulnerability was identified in the EMC Isilon
OneFS. An attacker could bypass security restrictions, gain elevated privileges,
execute arbitrary code and compromise the system. This vulnerability affects
multiple versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108318
3. Vulnerabilities in Huawei Products
(Huawei-SA-20151126-01-VCN500, Huawei-SA-20151126-02-VCN500,
Huawei-SA-20151126-03-VCN500, Huawei-SA-20151126-04-VCN500,
HW-463102)
[27/11/2015]
Vulnerabilities were identified in the Huawei
VCN500, Huawei home gateway, WiMAX, and CPE products. An attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, perform SQL Injection and replay attacks, cause a denial
of service condition and crash the system. These vulnerabilities affect multiple
firmware versions of the mentioned products. Security patches are available to
resolve these vulnerabilities identified in the Huawei
VCN500.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-463067.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-463070.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-463072.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-463084.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-463102.htm
4. Vulnerability in Xen
(XSA-163)
[27/11/2015]
Vulnerability was identified in the Xen. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, cause a denial of service condition and crash the system.
This vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:xenbits.xen.org/xsa/advisory-163.html
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108301
5. Security Updates in Oracle Linux (ELSA-2015-2172,
ELSA-2015-2505)
[27/11/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the glibc, abrt and libreport packages for Oracle Linux 7. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-2172.html
URL:linux.oracle.com/errata/ELSA-2015-2505.html
6. Security Updates in Debian (DSA-3405-1, DSA-3406-1,
DSA-3407-1)
[27/11/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the smokeping, nspr and dpkg packages for multiple versions of Debian GNU/Linux.
Due to multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3405
URL:www.debian.org/security/2015/dsa-3406
URL:www.debian.org/security/2015/dsa-3407
7. Security Updates in Mageia (MGASA-2015-0455,
MGASA-2015-0456, MGASA-2015-0457, MGASA-2015-0458,
MGASA-2015-0459)
[27/11/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the libsndfile, python-pygments, libxml2, python-m2crypto and tigervnc packages
for multiple versions of Mageia. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0455.html
URL:advisories.mageia.org/MGASA-2015-0456.html
URL:advisories.mageia.org/MGASA-2015-0457.html
URL:advisories.mageia.org/MGASA-2015-0458.html
URL:advisories.mageia.org/MGASA-2015-0459.html
8. Security Updates in Red Hat Enterprise Linux
(RHSA-2015:2519-1, RHSA-2015:2520-1)
[27/11/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the thunderbird and ntp packages for Red Hat Enterprise Linux 5, 6 and 7. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2015-2519.html
URL:rhn.redhat.com/errata/RHSA-2015-2520.html
9. Security Updates in SUSE (openSUSE-SU-2015:2099-1,
openSUSE-SU-2015:2100-1, SUSE-SU-2015:2108-1)
[27/11/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the libpng12, libpng16 and Linux Kernel packages of openSUSE 13.1 and 13.2, and
SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html
10.
Security Updates in Ubuntu GNU/Linux
(USN-2820-1)
[27/11/2015] Ubuntu has
released security update packages for fixing the vulnerability identified in the
dpkg packages for versions 12.04 LTS, 14.04 LTS, 15.04 and 15.10. An attacker
could bypass security restrictions, execute arbitrary code, cause a denial of
service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2820-1/
11. Vulnerabilities in Cisco Products
(cisco-sa-20151125-asr5000, cisco-sa-20151125-ci)
[26/11/2015] Vulnerabilities were identified in the Cisco Aggregation
Services Router (ASR) 5000 Series and various routers, access points, switches,
firewalls products. An attacker could cause a denial of service condition and
obtain sensitive information. These vulnerabilities affect multiple versions of
the mentioned
products.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-asr5000
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci
12.
Vulnerabilities in Huawei Products
(Huawei-SA-20151125-01- FusionCompute, Huawei-SA-20151125-01-TE,
Huawei-SA-20151125-01-VCM)
[26/11/2015] Vulnerabilities were identified in the Huawei FusionCompute,
Huawei TE series and Huawei Video Content Management (VCM) system. An attacker
could obtain sensitive information, cause service disruption and gain elevated
privileges. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-462904.htm
URL:www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-462952.htm
URL:www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-462985.htm
13.
Vulnerability in embedded devices using
non-unique X.509 certificates and SSH host keys
(VU#566724)
[26/11/2015] Vulnerability was identified in the embedded devices using
non-unique X.509 certificates and SSH host keys. An attacker could obtain
sensitive information. This vulnerability affects multiple versions of embedded
devices of various
vendors.
URL:www.kb.cert.org/vuls/id/566724
14. Security Updates in Debian (DSA-3403-1,
DSA-3404-1)
[26/11/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the libcommons-collections3-java and python-django packages for multiple
versions of Debian GNU/Linux. Due to multiple errors, an attacker could obtain
sensitive
information.
URL:www.debian.org/security/2015/dsa-3403
URL:www.debian.org/security/2015/dsa-3404
15.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:2518-1)
[26/11/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the java-1.5.0-ibm packages for Red Hat Enterprise Linux 5 and 6. An attacker
could bypass security restrictions and cause buffer
overflow.
URL:rhn.redhat.com/errata/RHSA-2015-2518.html
16.
Security Updates in Ubuntu GNU/Linux
(USN-2818-1)
[26/11/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the openjdk-7 package for versions 14.04 LTS, 15.04 and 15.10. An attacker could
obtain sensitive information and execute arbitrary
code.
URL:www.ubuntu.com/usn/usn-2818-1/
17. Security Updates in Slackware
(SSA:2015-328-01)
[26/11/2015] Slackware
has released security update packages for fixing the vulnerability identified in
the pcre package for multiple versions of Slackware Linux. An attacker could
execute arbitrary code and cause a denial of service
condition.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.339015
18.
Vulnerability in Cisco Adaptive Security
Appliance Software (cisco-sa-20151123-asa)
[25/11/2015] Vulnerability was identified in the Cisco Adaptive Security
Appliance (ASA) Software. An attacker could bypass security restrictions,
execute arbitrary code, cause a denial of service condition and crash the
system. This vulnerability affects version 8.4 of the mentioned products.
Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-asa
19.
Vulnerabilities in Dell Products
(VU#870761, VU#925497)
[25/11/2015] Vulnerabilities were identified in the Dell Foundation
Services and Dell System Detect. An attacker could bypass security restrictions,
obtain sensitive information, execute arbitrary code, cause a denial of service
condition and compromise the system. These vulnerabilities affect multiple
versions of the mentioned
products.
URL:www.kb.cert.org/vuls/id/870761
URL:www.kb.cert.org/vuls/id/925497
URL:www.hkcert.org/my_url/en/alert/15112501
URL:www.us-cert.gov/ncas/current-activity/2015/11/24/Dell-Computers-Contain-CA-Root-Certificate-Vulnerability
20.
Vulnerabilities in Huawei Products
(Huawei-SA-20151124-01-HomeGateway,
Huawei-SA-20151124-01-smartphone)
[25/11/2015] Vulnerabilities were identified in the Huawei home gateway
and Huawei mobile phone products. An attacker could bypass security
restrictions, obtain sensitive information and execute arbitrary code. These
vulnerabilities affect multiple firmware versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-462908.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-462918.htm
21.
Vulnerabilities in Moxa OnCell Central
Manager (ICSA-15-328-01)
[25/11/2015] Vulnerabilities were identified in the Moxa OnCell Central
Manager. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and compromise the system. These
vulnerabilities affect versions prior to 2.2 of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-328-01
22.
Security Updates in Debian
(DSA-3402-1)
[25/11/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the symfony packages for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary code on the
system.
URL:www.debian.org/security/2015/dsa-3402
23.
Security Updates in SUSE
(SUSE-SU-2015:2081-1, SUSE-SU-2015:2084-1, SUSE-SU-2015:2085-1,
SUSE-SU-2015:2086-1, SUSE-SU-2015:2087-1, SUSE-SU-2015:2089-1,
SUSE-SU-2015:2090-1, SUSE-SU-2015:2091-1)
[25/11/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Mozilla Firefox and Linux Kernel Live Patch packages of SUSE Linux
Enterprise 10 and 12. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00026.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00027.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00028.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00029.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00030.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00031.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00032.html
24.
Security Updates in Ubuntu GNU/Linux
(USN-2816-1, USN-2817-1)
[25/11/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the python-django and icedtea-web packages for versions 12.04 LTS, 14.04 LTS,
15.04 and 15.10. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges and execute
arbitrary
code.
URL:www.ubuntu.com/usn/usn-2816-1/
URL:www.ubuntu.com/usn/usn-2817-1/
25.
Vulnerabilities in Apache Cordova Android
(108200, 108201)
[24/11/2015] Vulnerabilities were identified in the Apache Cordova
Android. An attacker could bypass security restrictions, obtain sensitive
information and execute arbitrary code on the system. These vulnerabilities
affect multiple versions prior to 4.1.1 of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108200
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108201
26.
Vulnerabilities in Cisco Products
(cisco-sa-20151123-fire, cisco-sa-20151123-vts)
[24/11/2015] Vulnerabilities were identified in the Cisco Firepower 9000
and Cisco Virtual Topology System (VTS) devices. An attacker could bypass
security restrictions, execute arbitrary code, perform code injection attacks,
cause a denial of service condition and crash the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-fire
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-vts
27.
Vulnerabilities in IBM Products (1969225,
1970676)
[24/11/2015]
Vulnerabilities were identified in the IBM Java
Security Components and IBM Sterling B2B Integrator Queue Watcher. An attacker
could bypass security restrictions, obtain sensitive information, execute
arbitrary code and perform cross-site scripting attacks. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21969225
URL:www.ibm.com/support/docview.wss?uid=swg21970676
URL:exchange.xforce.ibmcloud.com/vulnerabilities/106309
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107860
28.
Vulnerabilities in Novell Sentinel
(5228410)
[24/11/2015]
Vulnerabilities were identified in the Novell
Sentinel. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect multiple versions of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:download.novell.com/Download?buildid=Hf9VJbUu3WM~
29.
Vulnerability in Lenovo SHAREit
(108198)
[24/11/2015]
Vulnerability was identified in the Lenovo
SHAREit. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and perform cross-site scripting attacks.
This vulnerability affects version 2.3.80 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108198
30.
Vulnerabilities in CSL DualCom Product
(VU#428280)
[24/11/2015] Vulnerabilities were identified in the CSL DualCom GPRS
CS2300-R alarm signaling boards. An attacker could bypass security restrictions,
obtain sensitive information, execute arbitrary code, cause a denial of service
condition and crash the system. These vulnerabilities affect multiple firmware
versions of the mentioned
product.
URL:www.kb.cert.org/vuls/id/428280
31. Vulnerability in NetWin SurgeFTP
(108197)
[24/11/2015]
Vulnerability was identified in the NetWin
SurgeFTP. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and perform cross-site scripting attacks.
This vulnerability affects version 23d6 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108197
32.
Security Updates in Oracle Linux
(ELSA-2015-2079, ELSA-2015-2088, ELSA-2015-2101, ELSA-2015-2108, ELSA-2015-2111,
ELSA-2015-2131, ELSA-2015-2140, ELSA-2015-2151, ELSA-2015-2154, ELSA-2015-2155,
ELSA-2015-2159, ELSA-2015-2180, ELSA-2015-2231, ELSA-2015-2237, ELSA-2015-241,
ELSA-2015-2248, ELSA-2015-2345, ELSA-2015-2360, ELSA-2015-2369, ELSA-2015-2379,
ELSA-2015-2393, ELSA-2015-2401, ELSA-2015-2417, ELSA-2015-2455,
ELSA-2015-2504)
[24/11/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the binutils, openssh, python, cpio, grep, openldap, libssh2, xfsprogs, krb5,
file, curl, rubygem-bundler, rubygem-thor, ntp, rest, chrony, netcf, net-snmp,
cups-filters, openhpi, squid, wireshark, grub2, autofs, unbound and libreport
packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-2079.html
URL:linux.oracle.com/errata/ELSA-2015-2088.html
URL:linux.oracle.com/errata/ELSA-2015-2101.html
URL:linux.oracle.com/errata/ELSA-2015-2108.html
URL:linux.oracle.com/errata/ELSA-2015-2111.html
URL:linux.oracle.com/errata/ELSA-2015-2131.html
URL:linux.oracle.com/errata/ELSA-2015-2140.html
URL:linux.oracle.com/errata/ELSA-2015-2151.html
URL:linux.oracle.com/errata/ELSA-2015-2154.html
URL:linux.oracle.com/errata/ELSA-2015-2155.html
URL:linux.oracle.com/errata/ELSA-2015-2159.html
URL:linux.oracle.com/errata/ELSA-2015-2180.html
URL:linux.oracle.com/errata/ELSA-2015-2231.html
URL:linux.oracle.com/errata/ELSA-2015-2237.html
URL:linux.oracle.com/errata/ELSA-2015-2241.html
URL:linux.oracle.com/errata/ELSA-2015-2248.html
URL:linux.oracle.com/errata/ELSA-2015-2345.html
URL:linux.oracle.com/errata/ELSA-2015-2360.html
URL:linux.oracle.com/errata/ELSA-2015-2369.html
URL:linux.oracle.com/errata/ELSA-2015-2378.html
URL:linux.oracle.com/errata/ELSA-2015-2393.html
URL:linux.oracle.com/errata/ELSA-2015-2401.html
URL:linux.oracle.com/errata/ELSA-2015-2417.html
URL:linux.oracle.com/errata/ELSA-2015-2455.html
URL:linux.oracle.com/errata/ELSA-2015-2504.html
33.
Security Updates in Debian
(DSA-3401-1)
[24/11/2015] Debian has
released security update packages for fixing the vulnerability identified in the
openjdk-7 packages for multiple versions of Debian GNU/Linux. An attacker could
bypass security restrictions, obtain sensitive information and execute arbitrary
code on the
system.
URL:www.debian.org/security/2015/dsa-3401
34.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:2504-1, RHSA-2015:2505-1, RHSA-2015:2506-1, RHSA-2015:2507-1,
RHSA-2015:2508-1, RHSA-2015:2509-1)
[24/11/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the libreport, abrt, java-1.7.1-ibm, java-1.7.0-ibm, java-1.6.0-ibm and
java-1.8.0-ibm packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-2504.html
URL:rhn.redhat.com/errata/RHSA-2015-2505.html
URL:rhn.redhat.com/errata/RHSA-2015-2506.html
URL:rhn.redhat.com/errata/RHSA-2015-2507.html
URL:rhn.redhat.com/errata/RHSA-2015-2508.html
URL:rhn.redhat.com/errata/RHSA-2015-2509.html
35.
Vulnerabilities in Cisco Products
(cisco-sa-20151120-ns, cisco-sa-20151120-tvcs)
[23/11/2015] Vulnerabilities were identified in the Cisco Networking
Services and Cisco TelePresence Video Communication Server (VCS). An attacker
could bypass security restrictions, obtain sensitive information, execute
arbitrary code and perform cross-site request forgery attacks. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151120-ns
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151120-tvcs
36.
Vulnerabilities in F5 Traffix SDC
(SOL05534090, SOL14132811, SOL93203055)
[23/11/2015] Vulnerabilities were identified in the F5 Traffix SDC. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. These vulnerabilities affect
multiple versions of the mentioned product. Security patches are available to
resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/k/05/sol05534090.html
URL:support.f5.com/kb/en-us/solutions/public/k/14/sol14132811.html
URL:support.f5.com/kb/en-us/solutions/public/k/93/sol93203055.html
37.
Vulnerabilities in Arris cable modems
(VU#419568)
[23/11/2015] Vulnerabilities were identified in the Arris cable modems. An
attacker could bypass security restrictions, execute arbitrary code, perform
cross-site scripting and cross-site request forgery attacks. These
vulnerabilities affect multiple firmware versions of the mentioned
product.
URL:www.kb.cert.org/vuls/id/419568
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108188
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108189
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108190
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108191
38.
Security Updates in Debian
(DSA-3400-1)
[23/11/2015] Debian has
released security update packages for fixing the vulnerability identified in the
lxc packages for multiple versions of Debian GNU/Linux. An attacker could bypass
security restrictions, obtain sensitive information and execute arbitrary code
on the
system.
URL:www.debian.org/security/2015/dsa-3400
39.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:2500-1)
[23/11/2015] Red Hat
has released security update packages for fixing the vulnerability identified in
the Apache commons-collections library for Red Hat JBoss Enterprise Application
Platform 6.4 packages for Red Hat Enterprise Linux 5, 6 and 7. An attacker could
bypass security restrictions, gain elevated privileges and execute arbitrary
code on the
system.
URL:rhn.redhat.com/errata/RHSA-2015-2500.html
Monday, November 30, 2015
Sunday, November 22, 2015
IT Security Alerts Weekly Digest (15 Nov ~ 21 Nov 2015)
1. Vulnerability
in HP Operations Orchestration (c04894110)
[20/11/2015] Vulnerability was identified in the HP Operations Orchestration. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affects versions prior to 10.22.001 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04894110
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108160
2. Vulnerability in VMware Products (VMSA-2015-0008)
[20/11/2015] Vulnerability was identified in the VMware vCenter Server, vCloud Director and VMware Horizon View. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.vmware.com/security/advisories/VMSA-2015-0008.html
URL:www.us-cert.gov/ncas/current-activity/2015/11/19/VMware-Releases-Security-Updates
3. Vulnerabilities in Kaspersky Antivirus (108161, 108165)
[20/11/2015] Vulnerabilities were identified in the Kaspersky Antivirus. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108161
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108165
4. Vulnerability in Horde Groupware (108151)
[20/11/2015] Vulnerability was identified in the Horde Groupware. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform code injection attacks. This vulnerability affects versions prior to 5.2.11 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108151
5. Vulnerabilities in NVIDIA Products (108164, 108166, 108186)
[20/11/2015] Vulnerabilities were identified in multiple NVIDIA Products. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108164
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108166
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108186
6. Vulnerabilities in Tibbo AggreGate Platform (ICSA-15-323-01)
[20/11/2015] Vulnerabilities were identified in the Tibbo AggreGate Platform. An attacker could bypass security restrictions and execute arbitrary code on the system. These vulnerabilities affect versions prior to 5.30.06 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-323-01
7. Vulnerability in Spiffy web server (108167)
[20/11/2015] Vulnerability was identified in the Spiffy web server. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects versions prior to 5.4 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108167
8. Vulnerability in Linux Kernel (108162)
[20/11/2015] Vulnerability was identified in the Linux Kernel. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108162
9. Vulnerabilities in Jenkins (108174, 108175, 108176, 108177, 108178, 108179, 108180, 108181, 108182, 108183)
[20/11/2015] Vulnerabilities were identified in Jenkins. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108174
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108175
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108176
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108177
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108178
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108179
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108180
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108181
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108182
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108183
10. Vulnerability in Zenario CMS (108136)
[20/11/2015] Vulnerability was identified in the Zenario CMS. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform code injection attacks. This vulnerability affects multiple versions of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108136
11. Security Updates in Mageia (MGASA-2015-0449, MGASA-2015-0450, MGASA-2015-0451, MGASA-2015-0452, MGASA-2015-0453, MGASA-2015-0454)
[20/11/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the gcc, kernel, kernel-userspace-headers, kmod-xtables-addons, kmod-broadcom-wl, kmod-fglrx, kmod-nvidia304, kmod-nvidia340, kmod-nvidia-current, libpng, libpng12, dovecot, latex2rtf, uglify-js, nodejs-align-text, nodejs-ansi-regex, nodejs-camelcase, nodejs-center-align, nodejs-cliui, nodejs-code-point-at, nodejs-decamelize, nodejs-invert-kv, nodejs-is-buffer, nodejs-is-fullwidth-code-point, nodejs-kind-of, nodejs-lcid, nodejs-longest, nodejs-minimist, nodejs-number-is-nan, nodejs-os-locale, nodejs-repeat-string, nodejs-right-align, nodejs-source-map, nodejs-string-width, nodejs-strip-ansi, nodejs-window-size, nodejs-wrap-ansi, nodejs-y18n and nodejs-yargs packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0449.html
URL:advisories.mageia.org/MGASA-2015-0450.html
URL:advisories.mageia.org/MGASA-2015-0451.html
URL:advisories.mageia.org/MGASA-2015-0452.html
URL:advisories.mageia.org/MGASA-2015-0453.html
URL:advisories.mageia.org/MGASA-2015-0454.html
12. Security Updates in Ubuntu GNU/Linux (USN-2815-1)
[20/11/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the libpng packages for versions 12.04 LTS, 14.04 LTS, 15.04 and 15.10. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2815-1/
13. Vulnerabilities in IBM WebSphere Application Server (1969620)
[19/11/2015] Vulnerabilities were identified in the IBM SDK Java Technology Edition shipped with IBM WebSphere Application Server. An attacker could bypass security restrictions and obtain sensitive information. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21969620
14. Vulnerability in F5 Products (SOL10600056)
[19/11/2015] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC, LineRate and Traffix SDC. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/k/10/sol10600056.html
15. Vulnerability in Huawei DSM Product (Huawei-SA-20151118-01-DSM)
[19/11/2015] Vulnerability was identified in the Huawei DSM Product. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects versions prior to V100R002C05SPC661 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-462410.htm
16. Security Updates in Oracle Linux (ELSA-2015-2078, ELSA-2015-2081, ELSA-2015-2086)
[19/11/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the postgresql and java-1.6.0-openjdk packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-2078.html
URL:linux.oracle.com/errata/ELSA-2015-2081.html
URL:linux.oracle.com/errata/ELSA-2015-2086.html
17. Security Updates in Debian (DSA-3399-1)
[19/11/2015] Debian has released security update packages for fixing the vulnerabilities identified in the libpng packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3399
18. Security Updates in Red Hat Enterprise Linux (RHSA-2015:2068-1, RHSA-2015:2077-1)
[19/11/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the nss, nss-util, nspr and rh-postgresql94-postgresql packages for Red Hat Enterprise Linux 6, Red Hat Software Collections 2 for RHEL 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-2068.html
URL:rhn.redhat.com/errata/RHSA-2015-2077.html
19. Security Updates in SUSE (openSUSE-SU-2015:2003-1, SUSE-SU-2015:1898-2)
[19/11/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the xen and krb5 packages of openSUSE 13.2 and SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00023.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00024.html
20. Security Updates in Ubuntu GNU/Linux (USN-2814-1)
[19/11/2015] Ubuntu has released security update packages for fixing the vulnerability identified in the nvidia-graphics-drivers-304, nvidia-graphics-drivers-304-updates, nvidia-graphics-drivers-340, nvidia-graphics-drivers-340-updates, nvidia-graphics-drivers-352 and nvidia-graphics-drivers-352-updates packages for versions 12.04 LTS, 14.04 LTS, 15.04 and 15.10. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code.
URL:www.ubuntu.com/usn/usn-2814-1/
21. Vulnerabilities in Adobe Products (APSB15-29, APSB15-30, APSB15-31)
[18/11/2015] Vulnerabilities were identified in the Adobe ColdFusion, Adobe LiveCycle Data Services and Adobe Premiere Clip. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site request forgery (CSRF) attacks. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:helpx.adobe.com/security/products/coldfusion/apsb15-29.html
URL:helpx.adobe.com/security/products/livecycleds/apsb15-30.html
URL:helpx.adobe.com/security/products/premiereclip/apsb15-31.html
URL:www.hkcert.org/my_url/en/alert/15111801
URL:www.us-cert.gov/ncas/current-activity/2015/11/17/Adobe-Releases-Security-Updates-ColdFusion-LiveCycle-Data-Services
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108102
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108103
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108104
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108105
22. Vulnerability in Apache CXF
[18/11/2015] Vulnerability was identified in the Apache CXF. An attacker could bypass security restrictions, execute arbitrary code and perform XML wrapping attacks. This vulnerability affects versions prior to 2.7.18, 3.0.7 or 3.1.3 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:cxf.apache.org/security-advisories.data/CVE-2015-5253.txt.asc
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108096
23. Vulnerabilities in Cisco Prime Collaboration Assurance and Cisco Firepower 9000 Series Switch (cisco-sa-20151008-pca1, cisco-sa-20151116-fire, cisco-sa-20151116-fire1, cisco-sa-20151116-firepower, cisco-sa-20151117-firepower1, cisco-sa-20151117-firepower2, cisco-sa-20151117-firepower3, cisco-sa-20151117-firepower4)
[18/11/2015] Vulnerabilities were identified in the Cisco Prime Collaboration Assurance and Cisco Firepower 9000 Series Switch. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross-site request forgery (CSRF) attacks, clickjacking or phishing attacks, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pca1
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fire
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fire1
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-firepower
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower1
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower2
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower3
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower4
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108040
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108100
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108101
24. Vulnerability in Huawei P8 smart phone (HW-462315)
[18/11/2015] Vulnerability was identified in the Huawei P8 smart phone. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned product.
URL:www1.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-462315.htm
25. Vulnerability in Exemys Telemetry Web Server (ICSA-15-321-01)
[18/11/2015] Vulnerability was identified in the Exemys Telemetry Web Server. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects multiple versions of the mentioned product.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-321-01
26. Vulnerabilities in TECO Products (108083, 108084, 108086)
[18/11/2015] Vulnerabilities were identified in the TECO TP03-PCLINK, TECO SG2 FBD Client and ECO AP-PCLINK. An attacker could bypass security restrictions and execute arbitrary code on the system. These vulnerabilities affect multiple versions of the mentioned products.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108083
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108084
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108086
27. Vulnerabilities in Xen (XSA-156)
[18/11/2015] Vulnerabilities were identified in the Xen. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:xenbits.xen.org/xsa/advisory-156.html
URL:www.hkcert.org/my_url/en/alert/15111701
28. Security Updates in Gentoo Linux (GLSA 201511-02)
[18/11/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the Adobe Flash Player packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:security.gentoo.org/glsa/201511-02
29. Security Updates in Ubuntu GNU/Linux (USN-2813-1)
[18/11/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the lxcfs packages for versions 15.04 and 15.10. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code.
URL:www.ubuntu.com/usn/usn-2813-1/
30. Vulnerability in Cisco FireSIGHT Management Center (cisco-sa-20151116-fmc)
[17/11/2015] Vulnerability was identified in the Cisco FireSIGHT Management Center (MC). An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code on the system. This vulnerability affects versions 5.2, 5.3, and 5.4 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fmc
31. Vulnerability in ESET Antivirus (108038)
[17/11/2015] Vulnerability was identified in the ESET Antivirus. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise the system. The affected version was not specified.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108038
32. Security Updates in Oracle Linux (ELSA-2015-2065)
[17/11/2015] Oracle has released security update packages for fixing the vulnerability identified in the xen packages for Oracle Linux 5. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-2065.html
33. Security Updates in Debian (DSA-3398-1)
[17/11/2015] Debian has released security update packages for fixing the vulnerability identified in the strongswan packages for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions and execute arbitrary code on the system.
URL:www.debian.org/security/2015/dsa-3398
34. Security Updates in Mageia (MGASA-2015-0445, MGASA-2015-0446, MGASA-2015-0447, MGASA-2015-0448)
[17/11/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the mariadb, krb5, iceape and chromium-browser-stable packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0445.html
URL:advisories.mageia.org/MGASA-2015-0446.html
URL:advisories.mageia.org/MGASA-2015-0447.html
URL:advisories.mageia.org/MGASA-2015-0448.html
35. Security Updates in SUSE (SUSE-SU-2015:1952-1)
[17/11/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the krb5 packages of openSUSE Leap 42.1. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html
36. Security Updates in Ubuntu GNU/Linux (USN-2811-1, USN-2812-1)
[17/11/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the strongSwan and libxml2 packages for versions 12.04 LTS, 14.04 LTS, 15.04 and 15.10. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2811-1/
URL:www.ubuntu.com/usn/usn-2812-1/
37. Vulnerability in Apache Commons Collections Java library (VU#576313)
[16/11/2015] Vulnerability was identified in the Apache Commons Collections Java library. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects multiple versions of the mentioned product.
URL:www.kb.cert.org/vuls/id/576313
URL:www.us-cert.gov/ncas/current-activity/2015/11/13/Apache-Commons-Collections-Java-Library-Vulnerability
38. Vulnerabilities in Cisco Products (cisco-sa-20151112-ios1, cisco-sa-20151112-vds, cisco-sa-20151113-aironet)
[16/11/2015] Vulnerabilities were identified in the Cisco IOS Software, Cisco Videoscape Distribution Suite Service Manager and Cisco Aironet 1800 Series Access Points. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151112-ios1
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151112-vds
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151113-aironet
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108014
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108015
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108016
39. Vulnerability in Checkpoint.com sub-domains (107974)
[16/11/2015] Vulnerability was identified in the Checkpoint.com sub-domains. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. The affected version was not specified.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107974
40. Vulnerability in Fastest Cache plugin for WordPress (107971)
[16/11/2015] Vulnerability was identified in the Fastest Cache plugin for WordPress. An attacker could bypass security restrictions, execute arbitrary code and perform SQL injection attacks on the system. This vulnerability affects versions prior to 0.8.4.9 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107971
41. Vulnerability in Mayo theme for Drupal (DRUPAL-SA-CONTRIB-2015-164)
[16/11/2015] Vulnerability was identified in the Mayo theme for Drupal. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks on the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.drupal.org/node/2613424
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107971
42. Vulnerability in libpng (108010)
[16/11/2015] Vulnerability was identified in the libpng. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects versions prior to 1.6.19, 1.5.24, 1.4.17, 1.2.54 and 1.0.64 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108010
43. Security Updates in Oracle Linux (ELSA-2015-3098)
[16/11/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-3098.html
44. Security Updates in Slackware (SSA:2015-318-01)
[16/11/2015] Slackware has released security update packages for fixing the vulnerabilities identified in the seamonkey packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.412318
Source(s) of above information:
[20/11/2015] Vulnerability was identified in the HP Operations Orchestration. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affects versions prior to 10.22.001 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04894110
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108160
2. Vulnerability in VMware Products (VMSA-2015-0008)
[20/11/2015] Vulnerability was identified in the VMware vCenter Server, vCloud Director and VMware Horizon View. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.vmware.com/security/advisories/VMSA-2015-0008.html
URL:www.us-cert.gov/ncas/current-activity/2015/11/19/VMware-Releases-Security-Updates
3. Vulnerabilities in Kaspersky Antivirus (108161, 108165)
[20/11/2015] Vulnerabilities were identified in the Kaspersky Antivirus. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108161
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108165
4. Vulnerability in Horde Groupware (108151)
[20/11/2015] Vulnerability was identified in the Horde Groupware. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform code injection attacks. This vulnerability affects versions prior to 5.2.11 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108151
5. Vulnerabilities in NVIDIA Products (108164, 108166, 108186)
[20/11/2015] Vulnerabilities were identified in multiple NVIDIA Products. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108164
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108166
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108186
6. Vulnerabilities in Tibbo AggreGate Platform (ICSA-15-323-01)
[20/11/2015] Vulnerabilities were identified in the Tibbo AggreGate Platform. An attacker could bypass security restrictions and execute arbitrary code on the system. These vulnerabilities affect versions prior to 5.30.06 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-323-01
7. Vulnerability in Spiffy web server (108167)
[20/11/2015] Vulnerability was identified in the Spiffy web server. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects versions prior to 5.4 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108167
8. Vulnerability in Linux Kernel (108162)
[20/11/2015] Vulnerability was identified in the Linux Kernel. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108162
9. Vulnerabilities in Jenkins (108174, 108175, 108176, 108177, 108178, 108179, 108180, 108181, 108182, 108183)
[20/11/2015] Vulnerabilities were identified in Jenkins. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108174
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108175
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108176
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108177
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108178
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108179
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108180
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108181
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108182
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108183
10. Vulnerability in Zenario CMS (108136)
[20/11/2015] Vulnerability was identified in the Zenario CMS. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform code injection attacks. This vulnerability affects multiple versions of the mentioned product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108136
11. Security Updates in Mageia (MGASA-2015-0449, MGASA-2015-0450, MGASA-2015-0451, MGASA-2015-0452, MGASA-2015-0453, MGASA-2015-0454)
[20/11/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the gcc, kernel, kernel-userspace-headers, kmod-xtables-addons, kmod-broadcom-wl, kmod-fglrx, kmod-nvidia304, kmod-nvidia340, kmod-nvidia-current, libpng, libpng12, dovecot, latex2rtf, uglify-js, nodejs-align-text, nodejs-ansi-regex, nodejs-camelcase, nodejs-center-align, nodejs-cliui, nodejs-code-point-at, nodejs-decamelize, nodejs-invert-kv, nodejs-is-buffer, nodejs-is-fullwidth-code-point, nodejs-kind-of, nodejs-lcid, nodejs-longest, nodejs-minimist, nodejs-number-is-nan, nodejs-os-locale, nodejs-repeat-string, nodejs-right-align, nodejs-source-map, nodejs-string-width, nodejs-strip-ansi, nodejs-window-size, nodejs-wrap-ansi, nodejs-y18n and nodejs-yargs packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0449.html
URL:advisories.mageia.org/MGASA-2015-0450.html
URL:advisories.mageia.org/MGASA-2015-0451.html
URL:advisories.mageia.org/MGASA-2015-0452.html
URL:advisories.mageia.org/MGASA-2015-0453.html
URL:advisories.mageia.org/MGASA-2015-0454.html
12. Security Updates in Ubuntu GNU/Linux (USN-2815-1)
[20/11/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the libpng packages for versions 12.04 LTS, 14.04 LTS, 15.04 and 15.10. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2815-1/
13. Vulnerabilities in IBM WebSphere Application Server (1969620)
[19/11/2015] Vulnerabilities were identified in the IBM SDK Java Technology Edition shipped with IBM WebSphere Application Server. An attacker could bypass security restrictions and obtain sensitive information. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21969620
14. Vulnerability in F5 Products (SOL10600056)
[19/11/2015] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC, LineRate and Traffix SDC. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/k/10/sol10600056.html
15. Vulnerability in Huawei DSM Product (Huawei-SA-20151118-01-DSM)
[19/11/2015] Vulnerability was identified in the Huawei DSM Product. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects versions prior to V100R002C05SPC661 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-462410.htm
16. Security Updates in Oracle Linux (ELSA-2015-2078, ELSA-2015-2081, ELSA-2015-2086)
[19/11/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the postgresql and java-1.6.0-openjdk packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-2078.html
URL:linux.oracle.com/errata/ELSA-2015-2081.html
URL:linux.oracle.com/errata/ELSA-2015-2086.html
17. Security Updates in Debian (DSA-3399-1)
[19/11/2015] Debian has released security update packages for fixing the vulnerabilities identified in the libpng packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3399
18. Security Updates in Red Hat Enterprise Linux (RHSA-2015:2068-1, RHSA-2015:2077-1)
[19/11/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the nss, nss-util, nspr and rh-postgresql94-postgresql packages for Red Hat Enterprise Linux 6, Red Hat Software Collections 2 for RHEL 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-2068.html
URL:rhn.redhat.com/errata/RHSA-2015-2077.html
19. Security Updates in SUSE (openSUSE-SU-2015:2003-1, SUSE-SU-2015:1898-2)
[19/11/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the xen and krb5 packages of openSUSE 13.2 and SUSE Linux Enterprise 11. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00023.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00024.html
20. Security Updates in Ubuntu GNU/Linux (USN-2814-1)
[19/11/2015] Ubuntu has released security update packages for fixing the vulnerability identified in the nvidia-graphics-drivers-304, nvidia-graphics-drivers-304-updates, nvidia-graphics-drivers-340, nvidia-graphics-drivers-340-updates, nvidia-graphics-drivers-352 and nvidia-graphics-drivers-352-updates packages for versions 12.04 LTS, 14.04 LTS, 15.04 and 15.10. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code.
URL:www.ubuntu.com/usn/usn-2814-1/
21. Vulnerabilities in Adobe Products (APSB15-29, APSB15-30, APSB15-31)
[18/11/2015] Vulnerabilities were identified in the Adobe ColdFusion, Adobe LiveCycle Data Services and Adobe Premiere Clip. An attacker could bypass security restrictions, execute arbitrary code and perform cross-site request forgery (CSRF) attacks. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:helpx.adobe.com/security/products/coldfusion/apsb15-29.html
URL:helpx.adobe.com/security/products/livecycleds/apsb15-30.html
URL:helpx.adobe.com/security/products/premiereclip/apsb15-31.html
URL:www.hkcert.org/my_url/en/alert/15111801
URL:www.us-cert.gov/ncas/current-activity/2015/11/17/Adobe-Releases-Security-Updates-ColdFusion-LiveCycle-Data-Services
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108102
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108103
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108104
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108105
22. Vulnerability in Apache CXF
[18/11/2015] Vulnerability was identified in the Apache CXF. An attacker could bypass security restrictions, execute arbitrary code and perform XML wrapping attacks. This vulnerability affects versions prior to 2.7.18, 3.0.7 or 3.1.3 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:cxf.apache.org/security-advisories.data/CVE-2015-5253.txt.asc
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108096
23. Vulnerabilities in Cisco Prime Collaboration Assurance and Cisco Firepower 9000 Series Switch (cisco-sa-20151008-pca1, cisco-sa-20151116-fire, cisco-sa-20151116-fire1, cisco-sa-20151116-firepower, cisco-sa-20151117-firepower1, cisco-sa-20151117-firepower2, cisco-sa-20151117-firepower3, cisco-sa-20151117-firepower4)
[18/11/2015] Vulnerabilities were identified in the Cisco Prime Collaboration Assurance and Cisco Firepower 9000 Series Switch. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, perform cross-site request forgery (CSRF) attacks, clickjacking or phishing attacks, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pca1
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fire
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fire1
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-firepower
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower1
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower2
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower3
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower4
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108040
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108100
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108101
24. Vulnerability in Huawei P8 smart phone (HW-462315)
[18/11/2015] Vulnerability was identified in the Huawei P8 smart phone. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned product.
URL:www1.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-462315.htm
25. Vulnerability in Exemys Telemetry Web Server (ICSA-15-321-01)
[18/11/2015] Vulnerability was identified in the Exemys Telemetry Web Server. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects multiple versions of the mentioned product.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-321-01
26. Vulnerabilities in TECO Products (108083, 108084, 108086)
[18/11/2015] Vulnerabilities were identified in the TECO TP03-PCLINK, TECO SG2 FBD Client and ECO AP-PCLINK. An attacker could bypass security restrictions and execute arbitrary code on the system. These vulnerabilities affect multiple versions of the mentioned products.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108083
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108084
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108086
27. Vulnerabilities in Xen (XSA-156)
[18/11/2015] Vulnerabilities were identified in the Xen. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:xenbits.xen.org/xsa/advisory-156.html
URL:www.hkcert.org/my_url/en/alert/15111701
28. Security Updates in Gentoo Linux (GLSA 201511-02)
[18/11/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the Adobe Flash Player packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:security.gentoo.org/glsa/201511-02
29. Security Updates in Ubuntu GNU/Linux (USN-2813-1)
[18/11/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the lxcfs packages for versions 15.04 and 15.10. Due to multiple errors, an attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code.
URL:www.ubuntu.com/usn/usn-2813-1/
30. Vulnerability in Cisco FireSIGHT Management Center (cisco-sa-20151116-fmc)
[17/11/2015] Vulnerability was identified in the Cisco FireSIGHT Management Center (MC). An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code on the system. This vulnerability affects versions 5.2, 5.3, and 5.4 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fmc
31. Vulnerability in ESET Antivirus (108038)
[17/11/2015] Vulnerability was identified in the ESET Antivirus. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise the system. The affected version was not specified.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108038
32. Security Updates in Oracle Linux (ELSA-2015-2065)
[17/11/2015] Oracle has released security update packages for fixing the vulnerability identified in the xen packages for Oracle Linux 5. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-2065.html
33. Security Updates in Debian (DSA-3398-1)
[17/11/2015] Debian has released security update packages for fixing the vulnerability identified in the strongswan packages for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions and execute arbitrary code on the system.
URL:www.debian.org/security/2015/dsa-3398
34. Security Updates in Mageia (MGASA-2015-0445, MGASA-2015-0446, MGASA-2015-0447, MGASA-2015-0448)
[17/11/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the mariadb, krb5, iceape and chromium-browser-stable packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0445.html
URL:advisories.mageia.org/MGASA-2015-0446.html
URL:advisories.mageia.org/MGASA-2015-0447.html
URL:advisories.mageia.org/MGASA-2015-0448.html
35. Security Updates in SUSE (SUSE-SU-2015:1952-1)
[17/11/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the krb5 packages of openSUSE Leap 42.1. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html
36. Security Updates in Ubuntu GNU/Linux (USN-2811-1, USN-2812-1)
[17/11/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the strongSwan and libxml2 packages for versions 12.04 LTS, 14.04 LTS, 15.04 and 15.10. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2811-1/
URL:www.ubuntu.com/usn/usn-2812-1/
37. Vulnerability in Apache Commons Collections Java library (VU#576313)
[16/11/2015] Vulnerability was identified in the Apache Commons Collections Java library. An attacker could bypass security restrictions and execute arbitrary code. This vulnerability affects multiple versions of the mentioned product.
URL:www.kb.cert.org/vuls/id/576313
URL:www.us-cert.gov/ncas/current-activity/2015/11/13/Apache-Commons-Collections-Java-Library-Vulnerability
38. Vulnerabilities in Cisco Products (cisco-sa-20151112-ios1, cisco-sa-20151112-vds, cisco-sa-20151113-aironet)
[16/11/2015] Vulnerabilities were identified in the Cisco IOS Software, Cisco Videoscape Distribution Suite Service Manager and Cisco Aironet 1800 Series Access Points. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151112-ios1
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151112-vds
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151113-aironet
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108014
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108015
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108016
39. Vulnerability in Checkpoint.com sub-domains (107974)
[16/11/2015] Vulnerability was identified in the Checkpoint.com sub-domains. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. The affected version was not specified.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107974
40. Vulnerability in Fastest Cache plugin for WordPress (107971)
[16/11/2015] Vulnerability was identified in the Fastest Cache plugin for WordPress. An attacker could bypass security restrictions, execute arbitrary code and perform SQL injection attacks on the system. This vulnerability affects versions prior to 0.8.4.9 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107971
41. Vulnerability in Mayo theme for Drupal (DRUPAL-SA-CONTRIB-2015-164)
[16/11/2015] Vulnerability was identified in the Mayo theme for Drupal. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks on the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.drupal.org/node/2613424
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107971
42. Vulnerability in libpng (108010)
[16/11/2015] Vulnerability was identified in the libpng. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects versions prior to 1.6.19, 1.5.24, 1.4.17, 1.2.54 and 1.0.64 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108010
43. Security Updates in Oracle Linux (ELSA-2015-3098)
[16/11/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-3098.html
44. Security Updates in Slackware (SSA:2015-318-01)
[16/11/2015] Slackware has released security update packages for fixing the vulnerabilities identified in the seamonkey packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.412318
Source(s) of above information:
Subscribe to:
Posts (Atom)