1. Vulnerabilities in Trend Micro
OfficeScan
[06/11/2015]
Vulnerabilities were identified in the Trend
Micro OfficeScan 11. An attacker could bypass security restrictions, obtain
sensitive information, cause a denial of service condition and crash the system.
These vulnerabilities affect versions prior to 11 Service Pack 1 4150 R2 of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:downloadcenter.trendmicro.com/index.php?regs=NABU&clk=tbl&clkval=4569&cm_mmc=RSS-_-Download%20Center-_-product-_-5
2. Vulnerability in F5 Products
(SOL17556)
[06/11/2015]
Vulnerability was identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
DNS, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IQ Cloud,
BIG-IQ Device, BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the system. This vulnerability affects multiple versions of the mentioned
products. Security patches are available to resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/17000/500/sol17566.html
3. Vulnerability in Piwik
(107843)
[06/11/2015]
Vulnerability was identified in the Piwik. An
attacker could bypass security restrictions and execute arbitrary code on the
system. This vulnerability affects versions prior to 2.15.0 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107843
4. Vulnerabilities in
LibreOffice
[06/11/2015] Vulnerabilities were identified in the LibreOffice. An
attacker could bypass security restrictions, obtain sensitive information and
execute arbitrary code. These vulnerabilities affect multiple versions of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:www.hkcert.org/my_url/en/alert/15110602
5. Vulnerabilities in MIT
Kerberos
[06/11/2015]
Vulnerabilities were identified in the MIT
Kerberos. An attacker could bypass security restrictions, cause a denial of
service condition and crash the system. These vulnerabilities affect multiple
versions of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:www.hkcert.org/my_url/en/alert/15110602
6. Vulnerabilities in Drupal (DRUPAL-SA-CONTRIB-2015-162,
DRUPAL-SA-CONTRIB-2015-163)
[06/11/2015] Vulnerabilities were identified in the Monster Menus module
and Login Disable module for Drupal. An attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect multiple versions of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:www.drupal.org/node/2608356
URL:www.drupal.org/node/2608414
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107838
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107839
7. Security Updates in Oracle Linux
(ELSA-2015-3093)
[06/11/2015] Oracle has
released security update packages for fixing the vulnerability identified in the
kernel packages for Oracle Linux 5 and 6. An attacker could bypass security
restrictions, cause a denial of service condition and crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-3093.html
8. Security Updates in Debian
(DSA-3394-1)
[06/11/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the libreoffice packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3394-1
9. Security Updates in Mageia (MGASA-2015-0428,
MGASA-2015-0429, MGASA-2015-0430, MGASA-2015-0431, MGASA-2015-0432,
MGASA-2015-0433, MGASA-2015-0434)
[06/11/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the libtorrent-rasterbar, sddm, libebml, libmatroska, xscreensaver, libxslt,
libxml2 and util-linux packages for multiple versions of Mageia. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0428.html
URL:advisories.mageia.org/MGASA-2015-0429.html
URL:advisories.mageia.org/MGASA-2015-0430.html
URL:advisories.mageia.org/MGASA-2015-0431.html
URL:advisories.mageia.org/MGASA-2015-0432.html
URL:advisories.mageia.org/MGASA-2015-0433.html
URL:advisories.mageia.org/MGASA-2015-0434.html
10.
Security Updates in Ubuntu GNU/Linux
(USN-2792-1, USN-2793-1, USN-2794-1, USN-2795-1, USN-2796-1, USN-2797-1,
USN-2798-1, USN-2799-1)
[06/11/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the linux, libreoffice, linux-lts-trusty, linux-ti-omap4, linux-lts-utopic and
linux-lts-vivid packages for versions 12.04 LTS, 14.04 LTS and 15.04. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2792-1/
URL:www.ubuntu.com/usn/usn-2793-1/
URL:www.ubuntu.com/usn/usn-2794-1/
URL:www.ubuntu.com/usn/usn-2795-1/
URL:www.ubuntu.com/usn/usn-2796-1/
URL:www.ubuntu.com/usn/usn-2797-1/
URL:www.ubuntu.com/usn/usn-2798-1/
URL:www.ubuntu.com/usn/usn-2799-1/
11.
Vulnerabilities in Cisco Products
(cisco-sa-20151104-aos, cisco-sa-20151104-esa2, cisco-sa-20151104-mse-cred,
cisco-sa-20151104-privmse, cisco-sa-20151104-wsa, cisco-sa-20151104-wsa1,
cisco-sa-20151104-wsa2)
[05/11/2015] Vulnerabilities were identified in the Cisco Email Security
Appliance (ESA), Cisco Content Security Management Appliance (SMA), Cisco Web
Security Appliance (WSA) and Cisco Mobility Services Engine (MSE). An attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-aos
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-esa2
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-mse-cred
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-privmse
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa1
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa2
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107828
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107829
12.
Vulnerability in F5 Products
(SOL17543)
[05/11/2015]
Vulnerability was identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, FirePass, BIG-IQ Cloud,
BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC and Traffix SDC. An attacker could
bypass security restrictions, cause a denial of service condition and crash the
system. This vulnerability affects multiple versions of the mentioned products.
Security patches are available to resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/17000/500/sol17543.html
13.
Vulnerability in Huawei Smart Phone
(Huawei-SA-20151104-01-HIFI)
[05/11/2015] Vulnerability was identified in the Huawei Smart Phone. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and crash the system. This vulnerability affects multiple firmware versions of
the mentioned product. Security patches are available to resolve this
vulnerability.
URL:www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-460347.htm
14.
Vulnerabilities in Google
Android
[05/11/2015]
Vulnerabilities were identified in the Google
Android. An attacker could bypass security restrictions, gain elevated
privileges and execute arbitrary code. These vulnerabilities affect multiple
firmware versions of the mentioned product. Security patches are available to
resolve these
vulnerabilities.
URL:www.hkcert.org/my_url/en/alert/15110502
15.
Vulnerability in libsndfile
(107802)
[05/11/2015]
Vulnerability was identified in the libsndfile.
An attacker could bypass security restrictions and execute arbitrary code on the
system. This vulnerability affects version 1.0.25 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107802
16.
Security Updates in Oracle Linux
(ELSA-2015-1980, ELSA-2015-1981, ELSA-2015-1982)
[05/11/2015] Oracle has released security update packages for fixing the
vulnerabilities identified in the nspr, nss, nss-util and firefox packages for
Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-1980.html
URL:linux.oracle.com/errata/ELSA-2015-1981.html
URL:linux.oracle.com/errata/ELSA-2015-1982.html
17.
Security Updates in Debian (DSA-3391-1,
DSA-3392-1, DSA-3393-1)
[05/11/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the php-horde, freeimage and iceweasel packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3391
URL:www.debian.org/security/2015/dsa-3392
URL:www.debian.org/security/2015/dsa-3393
18.
Security Updates in Mageia
(MGASA-2015-0420, MGASA-2015-0421, MGASA-2015-0422, MGASA-2015-0423,
MGASA-2015-0424, MGASA-2015-0425, MGASA-2015-0426,
MGASA-2015-0427)
[05/11/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the postgresql9.3, postgresql9.4, mediawiki, exfat-utils, libxml2, openafs,
drupal, json-smart, json-path, springframework, firefox, firefox-l10n, nspr, nss
and rootcerts packages for multiple versions of Mageia. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0420.html
URL:advisories.mageia.org/MGASA-2015-0421.html
URL:advisories.mageia.org/MGASA-2015-0422.html
URL:advisories.mageia.org/MGASA-2015-0423.html
URL:advisories.mageia.org/MGASA-2015-0424.html
URL:advisories.mageia.org/MGASA-2015-0425.html
URL:advisories.mageia.org/MGASA-2015-0426.html
URL:advisories.mageia.org/MGASA-2015-0427.html
19.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:1980-1, RHSA-2015:1981-1,
RHSA-2015:1982-1)
[05/11/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the nspr, nss, nss-util and firefox. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-1980.html
URL:rhn.redhat.com/errata/RHSA-2015-1981.html
URL:rhn.redhat.com/errata/RHSA-2015-1982.html
20.
Security Updates in SUSE
(SUSE-SU-2015:1897-1, SUSE-SU-2015:1898-1, openSUSE-SU-2015:1902-1,
openSUSE-SU-2015:1905-1, openSUSE-SU-2015:1906-1, SUSE-SU-2015:1908-1,
openSUSE-SU-2015:1911-1)
[05/11/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the krb5, java-1_7_0-openjdk, java-1_8_0-openjdk, xen and bouncycastle packages
of SUSE Linux Enterprise 11 and 12, openSUSE 13.1, 13.2 and Leap 42.1. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00007.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00012.html
21.
Security Updates in Ubuntu GNU/Linux
(USN-2785-1, USN-2790-1, USN-2791-1)
[05/11/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the firefox, nspr and nss packages for versions 12.04 LTS, 14.04 LTS, 15.04 and
15.10. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2785-1/
URL:www.ubuntu.com/usn/usn-2790-1/
URL:www.ubuntu.com/usn/usn-2791-1/
22.
Vulnerabilities in Mozilla Firefox (MFSA
2015-116, MFSA 2015-117 MFSA 2015-118, MFSA 2015-119, MFSA 2015-120, MFSA
2015-121, MFSA 2015-122, MFSA 2015-123, MFSA 2015-124, MFSA 2015-125, MFSA
2015-126, MFSA 2015-127, MFSA 2015-128, MFSA 2015-129, MFSA 2015-130, MFSA
2015-131, MFSA 2015-132, MFSA 2015-133)
[04/11/2015] Vulnerabilities were identified in the Mozilla Firefox and
Firefox ESR. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and crash the system. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-116/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-117/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-118/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-119/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-120/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-121/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-122/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-123/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-124/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-125/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-126/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-127/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-128/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-129/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-130/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-131/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-132/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-133/
URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox/
URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
23.
Vulnerability in Cisco Social Miner
(cisco-sa-20151103-csm)
[04/11/2015] Vulnerability was identified in the Cisco Social Miner. An
attacker could bypass security restrictions, gain elevated privileges, execute
arbitrary code and perform cross-site scripting attacks. This vulnerability
affects version 10.0(1) of the mentioned product. Security patches are available
to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151103-csm
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107788
24.
Vulnerabilities in IBM WebSphere
Application Server (1969618)
[04/11/2015] Vulnerabilities were identified in the IBM WebSphere
Application Server. An attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code and perform cross-site scripting
attacks. These vulnerabilities affect multiple versions of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21969618
URL:www.hkcert.org/my_url/en/alert/15110401
25.
Vulnerability in HP Vertica
(c04873095)
[04/11/2015] Vulnerability was identified in the HP Vertica. An attacker
could bypass security restrictions, obtain sensitive information and execute
arbitrary code on the system. This vulnerability affects versions prior to
v7.1.2 or v7.2 of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04873095
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107759
26.
Vulnerability in Commvault Edge Server
(VU#866432)
[04/11/2015] Vulnerability was identified in the Commvault Edge Server. An
attacker could bypass security restrictions, gain elevated privileges and
execute arbitrary code. This vulnerability affects version 10 R2 of the
mentioned
product.
URL:www.kb.cert.org/vuls/id/866432
27. Vulnerability in Huawei P7 phones
(Huawei-SA-20151103-01-GPU)
[04/11/2015] Vulnerability was identified in the Huawei P7 phones. An
attacker could bypass security restrictions, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the system. This
vulnerability affects firmware versions prior to P7-L00C17B851 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-460276.htm
28.
Vulnerability in Linksys X2000
(107781)
[04/11/2015]
Vulnerability was identified in the Linksys
X2000. An attacker could bypass security restrictions, gain elevated privileges,
execute arbitrary code and compromise the system. The affected version was not
specified.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107781
29.
Vulnerabilities in ZTE ZXHN H108N R1A
router (VU#391604)
[04/11/2015] Vulnerabilities were identified in the ZTE ZXHN H108N R1A
router. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
multiple firmware versions of the mentioned product. Security patches are
available to resolve these
vulnerabilities.
URL:www.kb.cert.org/vuls/id/391604
30.
Vulnerabilities in Python (107774,
107775, 107776)
[04/11/2015] Vulnerabilities were identified in the Python. An attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the system. These vulnerabilities affect versions 2.7 of the
mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107774
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107775
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107776
31.
Security Updates in Oracle Linux
(ELSA-2015-1978, ELSA-2015-1979)
[04/11/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the kernel and libreswan packages for Oracle Linux 7. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and crash the
system.
URL:linux.oracle.com/errata/ELSA-2015-1978.html
URL:linux.oracle.com/errata/ELSA-2015-1979.html
32.
Security Updates in SUSE
(SUSE-SU-2015:1894-1)
[04/11/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the xen packages of SUSE Linux Enterprise 11. Due to multiple errors, an
attacker could bypass security restrictions, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html
33.
Security Updates in Ubuntu GNU/Linux
(USN-2789-1)
[04/11/2015] Ubuntu has
released security update packages for fixing the vulnerability identified in the
xscreensaver packages for versions 12.04 LTS. An attacker could bypass security
restrictions and execute arbitrary
code.
URL:www.ubuntu.com/usn/usn-2789-1/
34. Vulnerability in Cisco Unified Computing System Blade
Server (cisco-sa-20151102-ucs)
[03/11/2015] Vulnerability was identified in the Cisco Unified Computing
System (UCS) Blade Server. An attacker could bypass security restrictions and
obtain sensitive information. This vulnerability affects version 2.2(5b)A of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151102-ucs
35.
Vulnerabilities in F5 Products (SOL17515,
SOL17516, SOL17517, SOL17518, SOL17528, SOL17530)
[03/11/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ
Device, BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/17000/500/sol17515.html
URL:support.f5.com/kb/en-us/solutions/public/17000/500/sol17516.html
URL:support.f5.com/kb/en-us/solutions/public/17000/500/sol17517.html
URL:support.f5.com/kb/en-us/solutions/public/17000/500/sol17518.html
URL:support.f5.com/kb/en-us/solutions/public/17000/500/sol17528.html
URL:support.f5.com/kb/en-us/solutions/public/17000/500/sol17530.html
36.
Vulnerability in MobaXterm server
(VU#316888)
[03/11/2015] Vulnerability was identified in the MobaXterm server. An
attacker could bypass security restrictions, execute arbitrary code and perform
code injection attacks. This vulnerability affects versions prior to 8.3 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/316888
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107748
37.
Vulnerability in Linux Kernel
(107736)
[03/11/2015]
Vulnerability was identified in the Linux
Kernel. An attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the system. This vulnerability
affects version 3.0 rc1 of the mentioned product. Security patches are available
to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107736
38.
Vulnerabilities in PHP Server Monitor
(107730, 107731)
[03/11/2015] Vulnerabilities were identified in the PHP Server Monitor. An
attacker could bypass security restrictions, gain elevated privileges, execute
arbitrary code and perform cross-site scripting attacks. These vulnerabilities
affect version 3.1.1 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107730
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107731
39.
Vulnerabilities in MediaWiki (107704,
107705, 107706, 107707, 107708, 107709, 107710,
107711)
[03/11/2015]
Vulnerabilities were identified in the
MediaWiki. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
versions prior to 1.23.11, 1.24.4 and 1.25.3 of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107704
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107705
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107706
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107707
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107708
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107709
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107710
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107711
40.
Security Updates in Debian (DSA-3387-1,
DSA-3388-1, DSA-3390-1)
[03/11/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the openafs, ntp and xen packages for multiple versions of Debian GNU/Linux. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3387
URL:www.debian.org/security/2015/dsa-3388
URL:www.debian.org/security/2015/dsa-3390
41.
Security Updates in Gentoo Linux (GLSA
201511-01)
[03/11/2015]
Gentoo has released security update packages for
fixing the vulnerability identified in the mksh packages for multiple versions
of Gentoo Linux. An attacker could bypass security restrictions and execute
arbitrary
code.
URL:security.gentoo.org/glsa/201511-01
42.
Security Updates in SUSE
(SUSE-SU-2015:1874-1, SUSE-SU-2015:1874-2, SUSE-SU-2015:1875-1,
SUSE-SU-2015:1875-2, openSUSE-SU-2015:1876-1)
[03/11/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the java-1_7_0-openjdk and chromium packages of SUSE Linux Enterprise 11 and 12,
SUSE Package Hub for SUSE Linux Enterprise 12. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00001.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00002.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00003.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00004.html
43.
Vulnerability in IBM WebSphere
Application Server (1966837)
[02/11/2015] Vulnerability was identified in the IBM WebSphere Application
Server. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code and perform cross-site scripting attacks.
This vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:www.ibm.com/support/docview.wss?uid=swg21966837
44.
Security Updates in Debian (DSA-3384-1,
DSA-3385-1, DSA-3386-1)
[02/11/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the virtualbox, mariadb-10.0 and unzip packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3384
URL:www.debian.org/security/2015/dsa-3385
URL:www.debian.org/security/2015/dsa-3386
45.
Security Updates in Gentoo Linux (GLSA
201510-02, GLSA 201510-03, GLSA 201510-04, GLSA 201510-05, GLSA 201510-06, GLSA
201510-07, GLSA 201510-08)
[02/11/2015] Gentoo has
released security update packages for fixing the vulnerabilities identified in
the qemu, wireshark, tcpdump, mediawiki, django, cups and cups-filters packages
for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:security.gentoo.org/glsa/201510-02
URL:security.gentoo.org/glsa/201510-03
URL:security.gentoo.org/glsa/201510-04
URL:security.gentoo.org/glsa/201510-05
URL:security.gentoo.org/glsa/201510-06
URL:security.gentoo.org/glsa/201510-07
URL:security.gentoo.org/glsa/201510-08
46.
Security Updates in Mageia
(MGASA-2015-0416, MGASA-2015-0417, MGASA-2015-0418,
MGASA-2015-0419)
[02/11/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the miniupnpc, libpng12, ntp and phpmyadmin packages for multiple versions of
Mageia. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:advisories.mageia.org/MGASA-2015-0416.html
URL:advisories.mageia.org/MGASA-2015-0417.html
URL:advisories.mageia.org/MGASA-2015-0418.html
URL:advisories.mageia.org/MGASA-2015-0419.html
47.
Security Updates in SUSE
(openSUSE-SU-2015:1842-1, SUSE-SU-2015:1846-1,
SUSE-SU-2015:1853-1)
[02/11/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the linux kernel, openstack-swift and xen packages of openSUSE 13.2, SUSE
OpenStack Cloud 5 and SUSE Linux Enterprise 11. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00024.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html
URL:lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html
No comments:
Post a Comment