1. Vulnerability
in Cisco IOS Software (cisco-sa-20151112-ios2)
[13/11/2015] Vulnerability was identified in the Cisco IOS Software. An
attacker could bypass security restrictions. This vulnerability affects firmware
versions 15.2(04)M6 and 15.4(03)S of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151112-ios2
2. Vulnerability in Huawei HG630a and HG630a-50
(HW-461898)
[13/11/2015] Vulnerability was identified in the Huawei HG630a and
HG630a-50. An attacker could bypass security restrictions and execute arbitrary
code. This vulnerability affects multiple firmware versions of the mentioned
products. Security patches are available to resolve this
vulnerability.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-461898.htm
3. Vulnerability in AlienVault Unified Security
Management (107973)
[13/11/2015] Vulnerability was identified in the AlienVault Unified
Security Management. An attacker could bypass security restrictions, obtain
sensitive information and gain elevated privileges. This vulnerability affects
versions prior to 5.0.1 of the mentioned product. Security patches are available
to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107973
4. Vulnerabilities in Unitronics VisiLogic OPLC IDE
(ICSA-15-274-02)
[13/11/2015] Vulnerabilities were identified in the Unitronics VisiLogic
OPLC IDE. An attacker could bypass security restrictions and execute arbitrary
code on the system. These vulnerabilities affect versions prior to V9.8.02 of
the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-274-02
5. Security Updates in SUSE (openSUSE-SU-2015:1964-1,
openSUSE-SU-2015:1971-1, SUSE-SU-2015:1978-1,
SUSE-SU-2015:1981-1)
[13/11/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the xen, java-1_7_0-openjdk, MozillaFirefox, mozilla-nspr and mozilla-nss
packages of openSUSE 13.1 and Leap 42.1, and SUSE Linux Enterprise 11. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00018.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00019.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html
6. Security Updates in Ubuntu GNU/Linux (USN-2809-1,
USN-2810-1)
[13/11/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the lxd and krb5 packages for versions 12.04 LTS, 14.04 LTS, 15.04 and 15.10.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2809-1/
URL:www.ubuntu.com/usn/usn-2810-1/
7. Vulnerability in Cisco FireSIGHT Management Center
(cisco-sa-20151111-fmc)
[12/11/2015] Vulnerability was identified in the Cisco FireSIGHT
Management Center (MC). An attacker could bypass security restrictions, execute
arbitrary code and perform cross-site scripting attacks. This vulnerability
affects versions 5.4.1.4 and 6.0.1 of the mentioned product. Security patches
are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151111-fmc
8. Vulnerabilities in Huawei Products
(Huawei-SA-20151111-01-AR, Huawei-SA-20151111-01-eSpace,
Huawei-SA-20151111-01-VP9660,
Huawei-SA-20151111-02-eSpace)
[12/11/2015] Vulnerabilities were identified in multiple Huawei products.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the system. These vulnerabilities affect multiple
firmware versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-461213.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-461217.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-461219.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-461676.htm
URL:www.huawei.com/ilink/en/security/psirt/security-bulletins/security-advisories/HW_461216
9. Vulnerability in HP ArcSight
(c04797406)
[12/11/2015] Vulnerability was identified in the HP ArcSight Management
Center and HP ArcSight Logger. An attacker could bypass security restrictions,
obtain sensitive information, execute arbitrary code and perform cross-site
scripting attacks. This vulnerability affects multiple versions of the mentioned
products. Security patches are available to resolve this
vulnerability.
URL:h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04797406
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107959
10.
Vulnerability in SolarWinds DameWare Mini
Remote Control (107958)
[12/11/2015] Vulnerability was identified in the SolarWinds DameWare Mini
Remote Control. An attacker could bypass security restrictions and execute
arbitrary code on the system. This vulnerability affects versions prior to V12.0
HOTFIX 1 of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107958
11.
Vulnerabilities in Google
Chrome
[12/11/2015]
Vulnerabilities were identified in the Google
Chrome. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
versions prior to 46.0.2490.82 or 46.0.2490.86 of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:googlechromereleases.blogspot.hk/2015/11/stable-channel-update.html
URL:googlechromereleases.blogspot.hk/2015/11/stable-channel-update-for-chrome-os.html
URL:www.us-cert.gov/ncas/current-activity/2015/11/11/Google-Releases-Security-Updates-Chrome-and-Chrome-OS
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107942
12.
Security Updates in Debian
(DSA-3397-1)
[12/11/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the wpa packages for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3397
13.
Security Updates in Mageia
(MGASA-2015-0444)
[12/11/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the flash-player-plugin packages for multiple versions of Mageia. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0444.html
14.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:2023-1, RHSA-2015:2024-1)
[12/11/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the flash-plugin packages for Red Hat Enterprise Linux 5 and 6. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-2023.html
URL:rhn.redhat.com/errata/RHSA-2015-2024.html
15.
Vulnerabilities in Microsoft Products
(3104519, 3081320, 3100213, 3101722, 3102939, 3104507, 3104517, 3104521,
3104540, 3105256, 3105864, 3105872, 3108638)
[11/11/2015] Vulnerabilities were identified in the Microsoft Internet
Explorer, Edge, Windows, Office, .NET Framework, Skype for Business and
Microsoft Lync. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:technet.microsoft.com/en-us/library/security/ms15-nov.aspx
URL:technet.microsoft.com/library/security/3108638.aspx
URL:technet.microsoft.com/library/security/MS15-112
URL:technet.microsoft.com/library/security/MS15-113
URL:technet.microsoft.com/library/security/MS15-114
URL:technet.microsoft.com/library/security/MS15-115
URL:technet.microsoft.com/library/security/MS15-116
URL:technet.microsoft.com/library/security/MS15-117
URL:technet.microsoft.com/library/security/MS15-118
URL:technet.microsoft.com/library/security/MS15-119
URL:technet.microsoft.com/library/security/MS15-120
URL:technet.microsoft.com/library/security/MS15-121
URL:technet.microsoft.com/library/security/MS15-122
URL:technet.microsoft.com/library/security/MS15-123
URL:www.hkcert.org/my_url/en/alert/15111101
URL:www.hkcert.org/my_url/en/alert/15111102
URL:www.hkcert.org/my_url/en/alert/15111103
URL:www.hkcert.org/my_url/en/alert/15111104
URL:www.hkcert.org/my_url/en/alert/15111105
URL:www.hkcert.org/my_url/en/alert/15111106
URL:www.hkcert.org/my_url/en/alert/15111107
URL:www.hkcert.org/my_url/en/alert/15111108
URL:www.hkcert.org/my_url/en/alert/15111109
URL:www.hkcert.org/my_url/en/alert/15111110
URL:www.hkcert.org/my_url/en/alert/15111111
URL:www.hkcert.org/my_url/en/alert/15111112
URL:www.us-cert.gov/ncas/current-activity/2015/11/10/Microsoft-Releases-November-2015-Security-Bulletin
16.
Vulnerabilities in Adobe Flash Player
(APSB15-28)
[11/11/2015] Vulnerabilities were identified in the Adobe Flash Player. An
attacker could bypass security restrictions, gain elevated privileges, execute
arbitrary code and compromise the system. These vulnerabilities affect multiple
versions of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:helpx.adobe.com/security/products/flash-player/apsb15-28.html
URL:technet.microsoft.com/library/security/2755801
URL:www.hkcert.org/my_url/en/alert/15111113
URL:www.us-cert.gov/ncas/current-activity/2015/11/10/Adobe-Releases-Security-Updates-Flash-Player
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107923
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107924
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107925
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107926
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107927
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107928
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107929
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107930
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107931
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107932
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107933
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107934
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107935
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107936
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107937
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107938
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107939
17.
Vulnerabilities in Trend Micro
OfficeScan
[11/11/2015]
Vulnerabilities were identified in the Trend
Micro OfficeScan 11. An attacker could bypass security restrictions, obtain
sensitive information, cause a denial of service condition and crash the system.
These vulnerabilities affect versions prior to B2995 R1 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:downloadcenter.trendmicro.com/index.php?regs=NABU&clk=tbl&clkval=4739&cm_mmc=RSS-_-Download%20Center-_-product-_-5
18.
Security Updates in Oracle Products
(ELSA-2015-2019)
[11/11/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the sssd packages for Oracle Linux 6, and Oracle WebLogic Server. An attacker
could bypass security restrictions, gain elevated privileges, execute arbitrary
code, cause a denial of service condition and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-2019.html
URL:www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html
19.
Security Updates in Debian
(DSA-3396-1)
[11/11/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the linux packages for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3396
20.
Security Updates in Mageia
(MGASA-2015-0439, MGASA-2015-0440, MGASA-2015-0441, MGASA-2015-0442,
MGASA-2015-0443)
[11/11/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the kernel-linus, python-curl, libreoffice, putty and sudo packages for multiple
versions of Mageia. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0439.html
URL:advisories.mageia.org/MGASA-2015-0440.html
URL:advisories.mageia.org/MGASA-2015-0441.html
URL:advisories.mageia.org/MGASA-2015-0442.html
URL:advisories.mageia.org/MGASA-2015-0443.html
21.
Security Updates in SUSE
(SUSE-SU-2015:1952-1)
[11/11/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the xen packages of SUSE Linux Enterprise 11. Due to multiple errors, an
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00016.html
22.
Security Updates in Ubuntu GNU/Linux
(USN-2788-2)
[11/11/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the linux, linux-lts-trusty, linux-lts-utopic, linux-lts-vivid, linux-lts-wily
and wpa packages for versions 12.04 LTS, 14.04 LTS, 15.04 and 15.10. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2800-1/
URL:www.ubuntu.com/usn/usn-2801-1/
URL:www.ubuntu.com/usn/usn-2802-1/
URL:www.ubuntu.com/usn/usn-2803-1/
URL:www.ubuntu.com/usn/usn-2804-1/
URL:www.ubuntu.com/usn/usn-2805-1/
URL:www.ubuntu.com/usn/usn-2806-1/
URL:www.ubuntu.com/usn/usn-2807-1/
URL:www.ubuntu.com/usn/usn-2808-1/
23.
Vulnerabilities in Apache
OpenOffice
[10/11/2015]
Vulnerabilities were identified in the Apache
OpenOffice. An attacker could bypass security restrictions, gain elevated
privileges and execute arbitrary code. These vulnerabilities affect versions
prior to 4.1.2 of the mentioned product. Security patches are available to
resolve these
vulnerabilities.
URL:www.openoffice.org/security/cves/CVE-2015-4551.html
URL:www.hkcert.org/my_url/en/alert/15110901
24.
Vulnerability in Cisco Connected Grid
Network Management System (cisco-sa-20151109-cg-nms)
[10/11/2015] Vulnerability was identified in the Cisco Connected Grid
Network Management System. An attacker could bypass security restrictions and
gain elevated privileges. This vulnerability affects firmware versions 3.0(0.35)
and 3.0(0.54) of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms
25.
Vulnerabilities in Symantec Endpoint
Protection (SYM15-011)
[10/11/2015] Vulnerabilities were identified in the Symantec Endpoint
Protection. An attacker could bypass security restrictions, gain elevated
privileges and execute arbitrary code. These vulnerabilities affect versions
prior to 12.1-RU6-MP3 of the mentioned products. Security patches are available
to resolve these
vulnerabilities.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20151109_00
URL:www.us-cert.gov/ncas/current-activity/2015/11/09/Symantec-Releases-Security-Update
26.
Vulnerability in Huawei HG532 routers
(HW-460507)
[10/11/2015] Vulnerability was identified in Huawei HG532 routers. An
attacker could bypass security restrictions and obtain sensitive information.
These vulnerabilities affect multiple firmware versions of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:www1.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-460507.htm
27.
Vulnerabilities in Google AdWords API
client library (107893, 107894)
[10/11/2015] Vulnerabilities were identified in the Google AdWords API
client library. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect versions prior to 6.3.0 of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107893
URL:exchange.xforce.ibmcloud.com/vulnerabilities/107894
28.
Security Updates in SUSE
(openSUSE-SU-2015:1942-1)
[10/11/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the MozillaFirefox, mozilla-nspr, mozilla-nss, xulrunner and seamonkey packages
of openSUSE Leap 42.1, openSUSE 13.1 and 13.2. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html
29.
Security Updates in Ubuntu GNU/Linux
(USN-2788-2)
[10/11/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the unzip packages for versions 12.04 LTS, 14.04 LTS, 15.04 and 15.10. Due to
multiple errors, an attacker could bypass security restrictions, execute
arbitrary code, cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2788-2/
30. Vulnerability in F5 Products
(SOL17551)
[09/11/2015]
Vulnerability was identified in the F5 BIG-IP
LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP
Edge Gateway ,BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, FirePass, BIG-IQ Cloud,
BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC and Traffix SDC. An attacker could
bypass security restrictions and obtain sensitive information. This
vulnerability affects multiple versions of the mentioned products. Security
patches are available to resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/17000/500/sol17551.html
31.
Vulnerabilities in Advantech EKI Products
(ICSA-15-309-01)
[09/11/2015] Vulnerabilities were identified in the Advantech EKI
Products. An attacker could bypass security restrictions and obtain sensitive
information. These vulnerabilities affect multiple firmware versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-309-01
32.
Vulnerabilities in Huawei Products
(Huawei-SA-20151106-01-GPU,
Huawei-SA-20151106-01-Camera)
[09/11/2015] Vulnerabilities were identified in multiple Huawei products.
An attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
system. These vulnerabilities affect multiple firmware versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-460486.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-460489.htm
URL:www.kb.cert.org/vuls/id/438928
33.
Security Updates in Debian
(DSA-3395-1)
[09/11/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the krb5 packages for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, execute arbitrary code,
cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3395-1
34.
Security Updates in Mageia
(MGASA-2015-0435, MGASA-2015-0436, MGASA-2015-0437,
MGASA-2015-0438)
[09/11/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox,
kmod-xtables-addons, kmod-broadcom-wl, kmod-fglrx, kmod-nvidia304,
kmod-nvidia340, kmod-nvidia-current, kernel-firmware-nonfree, krb5, owncloud and
roundcubemail packages for multiple versions of Mageia. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0435.html
URL:advisories.mageia.org/MGASA-2015-0436.html
URL:advisories.mageia.org/MGASA-2015-0437.html
URL:advisories.mageia.org/MGASA-2015-0438.html
35.
Security Updates in SUSE
(SUSE-SU-2015:1926-1, openSUSE-SU-2015:1928-1)
[09/11/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the MozillaFirefox, mozilla-nspr, mozilla-nss and krb5 packages of SUSE Linux
Enterprise 12, openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html
URL:lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html
36.
Security Updates in Slackware
(SSA:2015-310-01, SSA:2015-310-02)
[09/11/2015] Slackware
has released security update packages for fixing the vulnerabilities identified
in the mozilla-firefox and mozilla-nss packages for multiple versions of
Slackware Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.355602
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753
No comments:
Post a Comment