1. Vulnerability
in F5 ARX (SOL40284849)
[24/12/2015] Vulnerability was identified in the F5 ARX. An attacker could
bypass security restrictions and obtain sensitive information. This
vulnerability affects versions 6.0.0 - 6.4.0 of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/k/40/sol40284849.html
2. Vulnerability in ISC Kea
(AA-01318)
[24/12/2015]
Vulnerability was identified in the ISC Kea. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. This vulnerability affects
versions 0.9.2 and 1.0.0-beta of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:kb.isc.org/article/AA-01318
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109148
3. Vulnerabilities in EMC Products (109134,
109158)
[24/12/2015]
Vulnerabilities were identified in the EMC VPLEX
and EMC Secure Remote Services Virtual Edition (ESRS VE). An attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109134
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109158
4. Vulnerability in giflib
(109149)
[24/12/2015]
Vulnerability was identified in the giflib. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. This vulnerability affects
version 5.1.1 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109149
5. Vulnerability in Wireshark
(109152)
[24/12/2015]
Vulnerability was identified in the Wireshark.
An attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. This vulnerability affects
multiple versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109152
6. Security Updates in Debian
(DSA-3430-1)
[24/12/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the libxml2 packages for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3430
7. Security Updates in Mageia
(MGASA-2015-0482)
[24/12/2015] Mageia has
released security update packages for fixing the vulnerability identified in the
dpkg packages for multiple versions of Mageia. An attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:advisories.mageia.org/MGASA-2015-0482.html
8. Security Updates in Slackware
(SSA:2015-357-01)
[24/12/2015] Slackware
has released security update packages for fixing the vulnerabilities identified
in the mozilla-thunderbird packages for multiple versions of Slackware Linux.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.359890
9. Security Updates in SUSE (openSUSE-SU-2015:2346-1,
openSUSE-SU-2015:2347-1, SUSE-SU-2015:2350-1)
[24/12/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Chromium and Linux Kernel packages of openSUSE Leap 42.1, 13.1 and 13.2,
SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00029.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00030.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html
10.
Vulnerabilities in HP Products
(c04779492, c04926463, c04926482)
[23/12/2015] Vulnerabilities were identified multiple HP products. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04779492
URL:h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926463
URL:h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926482
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109127
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109128
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109129
11.
Vulnerability in EMC VPLEX
(109134)
[23/12/2015]
Vulnerability was identified in the EMC VPLEX.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code and compromise the system. This
vulnerability affects versions prior to 5.4 SP1 P3 or 5.5 Patch 1 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109134
12.
Vulnerability in RSA SecurID Web Agent
(109120)
[23/12/2015]
Vulnerability was identified in the RSA SecurID
Web Agent. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code and compromise the
system. This vulnerability affects versions prior to 8.0 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109120
13.
Vulnerability in Schneider Electric
Modicon M340 (ICSA-15-351-01)
[23/12/2015] Vulnerability was identified in the Schneider Electric
Modicon M340. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and crash the system. This vulnerability affects multiple
firmware versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-351-01
14.
Vulnerabilities in Motorola MOSCAD SCADA
IP Gateway (ICSA-15-351-02)
[23/12/2015] Vulnerabilities were identified in the Motorola MOSCAD SCADA
IP Gateway. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect ALL
versions of the mentioned
product.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-351-02
15.
Vulnerabilities in eWON
(ICSA-15-351-03)
[23/12/2015] Vulnerabilities were identified in the eWON. An attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the system. These vulnerabilities affect firmware versions prior to
10.1s0 of the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-351-03
16.
Vulnerabilities in
Joomla
[23/12/2015]
Vulnerabilities were identified in the Joomla.
An attacker could bypass security restrictions and execute arbitrary code on the
system. These vulnerabilities affect versions prior to 3.4.7 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:www.joomla.org/announcements/release-news/5643-joomla-3-4-7.html
URL:www.us-cert.gov/ncas/current-activity/2015/12/22/Joomla-Releases-Security-Update-CMS
17.
Security Updates in Oracle Linux
(ELSA-2015-2694)
[23/12/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the qemu-kvm package for Oracle Linux 6. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-2694.html
18.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:2694-1)
[23/12/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the qemu-kvm packages for Red Hat Enterprise Linux 6. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-2694.html
19.
Security Updates in SUSE
(SUSE-SU-2015:2339-1, SUSE-SU-2015:2340-1,
SUSE-SU-2015:2341-1)
[23/12/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Linux Kernel and bind packages of SUSE Linux Enterprise 11 and 12. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00027.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00028.html
20.
Vulnerability in Cisco Products
(cisco-sa-2015-1221-iosxe)
[22/12/2015] Vulnerability was identified in the Cisco IOS XE Software. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. This vulnerability affects
firmware version 16.1.1 of the mentioned product. Security patches are available
to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2015-1221-iosxe
21.
Vulnerability in Easy File Sharing Web
Server (109101)
[22/12/2015] Vulnerability was identified in the Easy File Sharing Web
Server. An attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code and compromise the system. This vulnerability
affects version 7.2 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109101
22.
Vulnerabilities in WordPress (109094,
109095, 109096, 109097, 109098, 109099, 109100,
109104)
[22/12/2015]
Vulnerabilities were identified in multiple
plugins for WordPress. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the system. These vulnerabilities
affect multiple versions of the mentioned
products.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109094
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109095
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109096
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109097
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109098
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109099
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109100
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109104
23.
Security Updates in Oracle Linux
(ELSA-2015-2671)
[22/12/2015] Oracle has
released security update packages for fixing the vulnerability identified in the
jakarta-commons-collections package for Oracle Linux 5. An attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges
and execute arbitrary
code.
URL:linux.oracle.com/errata/ELSA-2015-2671.html
24.
Security Updates in Debian (DSA-3427-1,
DSA-3428-1, DSA-3429-1)
[22/12/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the blueman, tomcat8 and foomatic-filters packages for multiple versions of
Debian GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3427
URL:www.debian.org/security/2015/dsa-3428
URL:www.debian.org/security/2015/dsa-3429
25.
Security Updates in Gentoo Linux (GLSA
201512-04, GLSA 201512-05)
[22/12/2015] Gentoo has
released security update packages for fixing the vulnerabilities identified in
the openssh and gdk-pixbuf packages for multiple versions of Gentoo Linux. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:security.gentoo.org/glsa/201512-04
URL:security.gentoo.org/glsa/201512-05
26.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:2671-1, RHSA-2015:2684-1,
RHSA-2015:2685-1)
[22/12/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the jakarta-commons-collections, OpenStack Compute and
openstack-ironic-discoverd packages for Red Hat Enterprise Linux 5, Red Hat
Enterprise Linux OpenStack Platform 5.0 and 6.0 for RHEL 7. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-2671.html
URL:rhn.redhat.com/errata/RHSA-2015-2684.html
URL:rhn.redhat.com/errata/RHSA-2015-2685.html
27.
Security Updates in SUSE
(SUSE-SU-2015:2183-2, SUSE-SU-2015:2334-1, SUSE-SU-2015:2335-1,
SUSE-SU-2015:2336-1, SUSE-SU-2015:2337-1)
[22/12/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the MozillaFirefox, rubygem-passenger and strongswan packages of SUSE Linux
Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00024.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00025.html
28.
Vulnerability in Cisco Products
(cisco-sa-20151218-ios)
[21/12/2015] Vulnerability was identified in Cisco IOS and Cisco IOS XE
Software. An attacker could bypass security restrictions, execute arbitrary
code, cause a denial of service condition and crash the system. This
vulnerability affects multiple firmware versions of the mentioned products.
Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151218-ios
29.
Vulnerability in F5 Products
(SOL76930736)
[21/12/2015] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ
Device, BIG-IQ Security, BIG-IQ ADC, BIG-IQ Centralized Management and BIG-IQ
Cloud and Orchestration. An attacker could bypass security restrictions, cause a
denial of service condition and crash the system. This vulnerability affects
multiple versions of the mentioned products. Security patches are available to
resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/k/76/sol76930736.html?ref=rss
30.
Vulnerability in EMC Isilon OneFS
(109045)
[21/12/2015]
Vulnerability was identified in the EMC Isilon
OneFS. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code and compromise the
system. This vulnerability affects multiple versions of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109045
31.
Vulnerabilities in WordPress (109046,
109047, 109048, 109049, 109050, 109051, 109055, 109056, 109057, 109059, 109062,
109064, 109065, 109068, 109069, 109070, 109071, 109072, 109090, 109091, 109092,
109093)
[21/12/2015]
Vulnerabilities were identified in multiple
plugins for WordPress. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109046
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109047
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109048
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109049
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109050
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109051
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109055
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109056
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109057
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109059
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109062
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109064
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109065
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109068
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109069
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109070
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109071
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109072
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109090
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109091
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109092
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109093
32.
Security Updates in Debian
(DSA-3426-1)
[21/12/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the linux packages for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3426
33.
Security Updates in Gentoo Linux (GLSA
201512-01, GLSA 201512-02, GLSA 201512-03)
[21/12/2015] Gentoo has
released security update packages for fixing the vulnerabilities identified in
the dnsmasq, ipython and grub packages for multiple versions of Gentoo Linux.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:security.gentoo.org/glsa/201512-01
URL:security.gentoo.org/glsa/201512-02
URL:security.gentoo.org/glsa/201512-03
34.
Security Updates in Mageia
(MGASA-2015-0478, MGASA-2015-0479, MGASA-2015-0480,
MGASA-2015-0481)
[21/12/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the python-pygments, chromium-browser-stable, grub2 and bind packages for
multiple versions of Mageia. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0478.html
URL:advisories.mageia.org/MGASA-2015-0479.html
URL:advisories.mageia.org/MGASA-2015-0480.html
URL:advisories.mageia.org/MGASA-2015-0481.html
35.
Security Updates in Slackware
(SSA:2015-351-01, SSA:2015-351-02)
[21/12/2015] Slackware
has released security update packages for fixing the vulnerabilities identified
in the grub and libpng packages for multiple versions of Slackware Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.346050
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.498464
36.
Security Updates in SUSE
(SUSE-SU-2015:2304-1, SUSE-SU-2015:2305-1)
[21/12/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the ldb, samba, talloc, tdb and tevent packages of SUSE Linux Enterprise 12. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html
37.
Security Updates in Ubuntu GNU/Linux
(USN-2840-1, USN-2840-2, USN-2841-1, USN-2841-2, USN-2842-1, USN-2842-2,
USN-2843-1, USN-2843-2, USN-2843-3)
[21/12/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the sosreport, linux, linux-lts-trusty, linux-lts-utopic, linux-raspi2,
linux-lts-wily and linux-lts-vivid packages for versions 12.04 LTS, 14.04 LTS,
15.04 and Ubuntu 15.10. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2845-1/
URL:www.ubuntu.com/usn/usn-2846-1/
URL:www.ubuntu.com/usn/usn-2847-1/
URL:www.ubuntu.com/usn/usn-2848-1/
URL:www.ubuntu.com/usn/usn-2849-1/
URL:www.ubuntu.com/usn/usn-2850-1/
URL:www.ubuntu.com/usn/usn-2851-1/
URL:www.ubuntu.com/usn/usn-2852-1/
URL:www.ubuntu.com/usn/usn-2853-1/
URL:www.ubuntu.com/usn/usn-2854-1/
Sunday, December 27, 2015
Sunday, December 20, 2015
IT Security Alerts Weekly Digest (13 Dec ~ 19 Dec 2015
1. Vulnerabilities in Apache Products (109035,
109037)
[18/12/2015] Vulnerabilities were identified in the Apache Camel and Apache Subversion. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109035
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109037
2. Vulnerability in IBM Notes and Domino (1971751)
[18/12/2015] Vulnerability was identified in the IBM Notes and Domino. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.ibm.com/support/docview.wss?uid=swg21971751
3. Vulnerabilities in Cisco Products (cisco-sa-20151217-fsm, cisco-sa-20151217-gateway, cisco-sa-20151217-pnsc)
[18/12/2015] Vulnerabilities were identified in multiple Cisco products. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code on the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-gateway
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-pnsc
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109039
4. Vulnerabilities in Novell Products (5225150, 5229994)
[18/12/2015] Vulnerabilities were identified in the Novell Identity Manager and Novell Messenger. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=iuNGCHxR7XI~
URL:download.novell.com/Download?buildid=JFXvL2H0KXI~
5. Vulnerabilities in Juniper ScreenOS (JSA10712, JSA10713)
[18/12/2015] Vulnerabilities were identified in the Juniper ScreenOS. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:kb.juniper.net/index?page=content&id=JSA10712
URL:kb.juniper.net/index?page=content&id=JSA10713
URL:www.us-cert.gov/ncas/current-activity/2015/12/17/Juniper-Releases-Out-band-Security-Advisory-ScreenOS
6. Vulnerability in Drupal (DRUPAL-SA-CONTRIB-2015-173)
[18/12/2015] Vulnerability was identified in the Select2 Field Widget module for Drupal. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects versions prior to 7.x-2.9 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.drupal.org/node/2636352
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109021
7. Vulnerability in WinRAR (109011)
[18/12/2015] Vulnerability was identified in the WinRAR. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code on the system. This vulnerability affects versions 5.30 beta 4 32 bit and 64 bit of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109011
8. Vulnerability in Zen Cart (109027)
[18/12/2015] Vulnerability was identified in the Zen Cart. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code on the system. This vulnerability affects version 1.5.4 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109027
9. Security Updates in Debian (DSA-3421-1, DSA-3423-1, DSA-3424-1, DSA-3425-1)
[18/12/2015] Debian has released security update packages for fixing the vulnerabilities identified in the grub2, cacti, subversion and tryton-server packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2015/dsa-3421
URL:www.debian.org/security/2015/dsa-3423
URL:www.debian.org/security/2015/dsa-3424
URL:www.debian.org/security/2015/dsa-3425
10. Security Updates in SUSE (openSUSE-SU-2015:2290-1, openSUSE-SU-2015:2291-1, SUSE-SU-2015:2292-1)
[18/12/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the Chromium and Linux Kernel packages of openSUSE 13.1, 13.2, Leap 42.1 and SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html
11. Security Updates in Red Hat Enterprise Linux (RHSA-2015:2665-1, RHSA-2015:2666-1)
[18/12/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the chromium-browser packages for Red Hat Enterprise Linux 6, and Red Hat OpenShift Enterprise 2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-2665.html
URL:rhn.redhat.com/errata/RHSA-2015-2666.html
12. Security Updates in Ubuntu GNU/Linux (USN-2840-1, USN-2840-2, USN-2841-1, USN-2841-2, USN-2842-1, USN-2842-2, USN-2843-1, USN-2843-2, USN-2843-3)
[18/12/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux, linux-ti-omap4, linux-lts-trusty, linux-lts-vivid, linux-lts-wily, linux-raspi2 and linux-lts-utopic packages for versions 12.04 LTS, 14.04 LTS, 15.04 and Ubuntu 15.10. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2840-1/
URL:www.ubuntu.com/usn/usn-2840-2/
URL:www.ubuntu.com/usn/usn-2841-1/
URL:www.ubuntu.com/usn/usn-2841-2/
URL:www.ubuntu.com/usn/usn-2842-1/
URL:www.ubuntu.com/usn/usn-2842-2/
URL:www.ubuntu.com/usn/usn-2843-1/
URL:www.ubuntu.com/usn/usn-2843-2/
URL:www.ubuntu.com/usn/usn-2843-3/
URL:www.ubuntu.com/usn/usn-2844-1/
13. Vulnerability in Cisco Application Policy Infrastructure Controller (cisco-sa-20151216-apic)
[17/12/2015] Vulnerability was identified in the Cisco Application Policy Infrastructure Controller (APIC). An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise the system. This vulnerability affects version 1.1(0.920a) of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151216-apic
14. Vulnerabilities in IBM WebSphere Application Server (1969251)
[17/12/2015] Vulnerabilities were identified in the Apache HTTP Components used in IBM WebSphere Application Server. An attacker could bypass security restrictions, execute arbitrary code and perform spoofing attacks. These vulnerabilities affect versions 8.0, 8.5 and 8.5.5 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21969251
URL:www.hkcert.org/my_url/en/alert/15121701
15. Vulnerabilities in Novell Products (5229870, 5229994, 5230133)
[17/12/2015] Vulnerabilities were identified in the Novell NetIQ Sentinel, Novell Messenger and Novell Filr. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=HN3Bit9V_zo~
URL:download.novell.com/Download?buildid=JFXvL2H0KXI~
URL:download.novell.com/Download?buildid=lu4l-OPupGE~
16. Vulnerability in F5 Products (SOL34250741)
[17/12/2015] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC, BIG-IQ Centralized Management and BIG-IQ Cloud and Orchestration. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/k/34/sol34250741.html
17. Security Updates in Oracle Linux (ELSA-2015-2655, ELSA-2015-2656, ELSA-2015-2657, ELSA-2015-2658)
[17/12/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the bind, bind97 and firefox packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-2655.html
URL:linux.oracle.com/errata/ELSA-2015-2656.html
URL:linux.oracle.com/errata/ELSA-2015-2657.html
URL:linux.oracle.com/errata/ELSA-2015-2658.html
18. Security Updates in Debian (DSA-3420-1, DSA-3422-1)
[17/12/2015] Debian has released security update packages for fixing the vulnerabilities identified in the bind9 and iceweasel packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2015/dsa-3420
URL:www.debian.org/security/2015/dsa-3422
19. Security Updates in FreeBSD (FreeBSD-SA-15:27.bind)
[17/12/2015] FreeBSD has released security update packages for fixing the vulnerability identified in the bind packages for multiple versions of FreeBSD Linux. A an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:27.bind.asc
20. Security Updates in Mageia (MGASA-2015-0472, MGASA-2015-0473, MGASA-2015-0474, MGASA-2015-0475, MGASA-2015-0476, MGASA-2015-0477)
[17/12/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the redis, libpng12, libpng, potrace, quassel, cups-filters, nspr, nss, firefox and firefox-l10n packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0472.html
URL:advisories.mageia.org/MGASA-2015-0473.html
URL:advisories.mageia.org/MGASA-2015-0474.html
URL:advisories.mageia.org/MGASA-2015-0475.html
URL:advisories.mageia.org/MGASA-2015-0476.html
URL:advisories.mageia.org/MGASA-2015-0477.html
21. Security Updates in Red Hat Enterprise Linux (RHSA-2015:2620-1, RHSA-2015:2655-1, RHSA-2015:2656-1, RHSA-2015:2657-1, RHSA-2015:2658-1)
[17/12/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the cfme, bind, firefox and bind97 packages for Red Hat CloudForms 3.2, Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-2620.html
URL:rhn.redhat.com/errata/RHSA-2015-2655.html
URL:rhn.redhat.com/errata/RHSA-2015-2656.html
URL:rhn.redhat.com/errata/RHSA-2015-2657.html
URL:rhn.redhat.com/errata/RHSA-2015-2658.html
22. Security Updates in Slackware (SSA:2015-349-01, SSA:2015-349-02, SSA:2015-349-03, SSA:2015-349-04)
[17/12/2015] Slackware has released security update packages for fixing the vulnerabilities identified in the mozilla-firefox, libpng, bind and openssl packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.356015
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.504203
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
23. Security Updates in Ubuntu GNU/Linux (USN-2838-1, USN-2838-2, USN-2839-1)
[17/12/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the cups-filters, foomatic-filters and cups packages for versions 12.04 LTS, 14.04 LTS, 15.04 and Ubuntu 15.10. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code on the system.
URL:www.ubuntu.com/usn/usn-2838-1/
URL:www.ubuntu.com/usn/usn-2838-2/
URL:www.ubuntu.com/usn/usn-2839-1/
24. Vulnerability in Apache TomEE
[16/12/2015] Vulnerability was identified in the Apache TomEE. An attacker could bypass security restrictions and execute arbitrary code on the system. The affected version was not specified.
URL:www.hkcert.org/my_url/en/alert/15121604
25. Vulnerabilities in BIND (AA-01317, AA-01319)
[16/12/2015] Vulnerabilities were identified in the BIND 9. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:kb.isc.org/article/AA-01317
URL:kb.isc.org/article/AA-01319
URL:www.hkcert.org/my_url/en/alert/15121602
URL:www.us-cert.gov/ncas/current-activity/2015/12/15/Internet-Systems-Consortium-ISC-Releases-Security-Updates-BIND
26. Vulnerabilities in Mozilla Firefox (MFSA 2015-133, MFSA 2015-134, MFSA 2015-135, MFSA 2015-136, MFSA 2015-137, MFSA 2015-138, MFSA 2015-139, MFSA 2015-140, MFSA 2015-141, MFSA 2015-142, MFSA 2015-143, MFSA 2015-144, MFSA 2015-145, MFSA 2015-146, MFSA 2015-147, MFSA 2015-148, MFSA 2015-149)
[16/12/2015] Vulnerabilities were identified in the Mozilla Firefox and Firefox ESR. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-133/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-134/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-135/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-136/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-137/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-138/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-139/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-140/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-141/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-142/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-143/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-144/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-145/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-146/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-147/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-148/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-149/
URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox43
URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr38.5
URL:www.hkcert.org/my_url/en/alert/15121603
URL:www.us-cert.gov/ncas/current-activity/2015/12/15/Mozilla-Releases-Security-Updates-Firefox-and-Firefox-ESR
27. Vulnerability in Cisco Products (cisco-sa-20151215-ucmim)
[16/12/2015] Vulnerability was identified in the Cisco Unified Communications Manager (UCM). An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects version 10.5(0.98000.88) of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151215-ucmim
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108935
28. Vulnerabilities in HPE Network Switches (c04920918)
[16/12/2015] Vulnerabilities were identified in the HPE Network Switches. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions prior to v15.18.0007 of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04920918
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108946
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108947
29. Vulnerabilities in F5 Products (SOL30518307, SOL59010802)
[16/12/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX and Enterprise Manager. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/k/30/sol30518307.html
URL:support.f5.com/kb/en-us/solutions/public/k/59/sol59010802.html
30. Vulnerabilities in Huawei Products (HW-408044)
[16/12/2015] Vulnerabilities were identified in multiple Huawei Products. An attacker could bypass security restrictions and execute arbitrary code on the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www1.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-408044.htm
31. Vulnerability in Juniper JunosE (JSA10651)
[16/12/2015] Vulnerability was identified in the Juniper JunosE. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects versions prior to 13.3.3p0-1, 14.3.1p0-0-1, 14.3.2 or 15.1.0 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10651
32. Vulnerabilities in Adcon Telemetry A840 (ICSA-15-349-01)
[16/12/2015] Vulnerabilities were identified in the Adcon Telemetry A840. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect all versions of the mentioned product.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-349-01
33. Vulnerabilities in Google Chrome
[16/12/2015] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 47.0.2526.106 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.hk/search/label/Stable%20updates
URL:www.hkcert.org/my_url/en/alert/15121601
URL:www.us-cert.gov/ncas/current-activity/2015/12/15/Google-Releases-Security-Update-Chrome
34. Security Updates in Oracle Linux (ELSA-2015-2623, ELSA-2015-2636)
[16/12/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the grub2 and kernel packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-2623.html
URL:linux.oracle.com/errata/ELSA-2015-2636.html
35. Security Updates in Debian (DSA-3418-1, DSA-3419-1)
[16/12/2015] Debian has released security update packages for fixing the vulnerabilities identified in the chromium-browser and cups-filters packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3418
URL:www.debian.org/security/2015/dsa-3419
36. Security Updates in Red Hat Enterprise Linux (RHSA-2015:2623-1)
[16/12/2015] Red Hat has released security update packages for fixing the vulnerability identified in the grub2 packages for Red Hat Enterprise Linux 7. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-2623.html
37. Security Updates in Ubuntu GNU/Linux (USN-2833-1, USN-2835-1, USN-2836-1, USN-2837-1)
[16/12/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the firefox, git, grub2 and bind9 packages for versions 12.04 LTS, 14.04 LTS, 15.04 and Ubuntu 15.10. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2833-1/
URL:www.ubuntu.com/usn/usn-2835-1/
URL:www.ubuntu.com/usn/usn-2836-1/
URL:www.ubuntu.com/usn/usn-2837-1/
38. Vulnerabilities in Cisco Products (cisco-sa-20151214-ios, cisco-sa-20151214-ucm)
[15/12/2015] Vulnerabilities were identified in the Cisco IOS XE Software and Cisco Unified Communications Manager (UCM). An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ios
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ucm
39. Vulnerability in Symantec Endpoint Encryption Client (SYM15-012)
[15/12/2015] Vulnerability was identified in the Symantec Endpoint Encryption Client. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects versions prior to 11.1.0 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20151214_00
40. Vulnerabilities in F5 Products (SOL08039035, SOL91245485)
[15/12/2015] Vulnerabilities were identified in the F5 Enterprise Manager and Traffix SDC. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/k/08/sol08039035.html
URL:support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html
41. Vulnerability in Joomla
[15/12/2015] Vulnerability was identified in the Joomla. An attacker could bypass security restrictions and execute arbitrary code on the system. These vulnerabilities affect versions prior to 3.4.6 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html
URL:www.hkcert.org/my_url/en/alert/15121401
42. Security Updates in Oracle Linux (ELSA-2015-2616, ELSA-2015-2617, ELSA-2015-2619)
[15/12/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the openssl and libreoffice packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-2616.html
URL:linux.oracle.com/errata/ELSA-2015-2617.html
URL:linux.oracle.com/errata/ELSA-2015-2619.html
43. Security Updates in Debian (DSA-3417-1)
[15/12/2015] Debian has released security update packages for fixing the vulnerability identified in the bouncycastle packages for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code.
URL:www.debian.org/security/2015/dsa-3417
44. Security Updates in Red Hat Enterprise Linux (RHSA-2015:2616-1, RHSA-2015:2617-1, RHSA-2015:2618-1, RHSA-2015:2619-1)
[15/12/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the openssl, chromium-browser and libreoffice packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-2616.html
URL:rhn.redhat.com/errata/RHSA-2015-2617.html
URL:rhn.redhat.com/errata/RHSA-2015-2618.html
URL:rhn.redhat.com/errata/RHSA-2015-2619.html
45. Security Updates in SUSE (SUSE-SU-2015:2268-1, SUSE-SU-2015:2168-2)
[15/12/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the java-1_8_0-ibm and java-1_7_1-ibm packages of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00015.html
46. Security Updates in Ubuntu GNU/Linux (USN-2834-1)
[15/12/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the libxml2 packages for versions 12.04 LTS, 14.04 LTS, 15.04 and Ubuntu 15.10. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2834-1/
47. Vulnerabilities in Apple iTunes (HT205636)
[14/12/2015] Vulnerabilities were identified in the Apple iTunes. An attacker could bypass security restrictions, execute arbitrary code and compromise the system. These vulnerabilities affect version 12.3.2 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-us/HT205636
URL:www.us-cert.gov/ncas/current-activity/2015/12/11/Apple-Releases-Security-Update-iTunes
48. Vulnerabilities in Cisco Products (cisco-sa-20151211-fmc, cisco-sa-20151211-imc, cisco-sa-20151211-ucdm)
[14/12/2015] Vulnerabilities were identified in the Cisco FireSIGHT Management Center, Cisco Integrated Management Controller (IMC) and Cisco Unified Communications Domain Manager (CUCDM). An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-fmc
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-imc
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-ucdm
49. Vulnerability in F5 Traffix SDC (SOL49233165)
[14/12/2015] Vulnerability was identified in the F5 Traffix SDC. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/k/49/sol49233165.html
50. Security Updates in Oracle Linux (ELSA-2015-3107)
[14/12/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-3107.html
51. Security Updates in Debian (DSA-3416-1)
[14/12/2015] Debian has released security update packages for fixing the vulnerability identified in the libphp-phpmailer packages for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code.
URL:www.debian.org/security/2015/dsa-3416
52. Security Updates in SUSE (openSUSE-SU-2015:2257-1)
[14/12/2015] SUSE has released security update packages for fixing the vulnerability identified in the mbedtls packages of openSUSE Leap 42.1. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html
[18/12/2015] Vulnerabilities were identified in the Apache Camel and Apache Subversion. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109035
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109037
2. Vulnerability in IBM Notes and Domino (1971751)
[18/12/2015] Vulnerability was identified in the IBM Notes and Domino. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:www.ibm.com/support/docview.wss?uid=swg21971751
3. Vulnerabilities in Cisco Products (cisco-sa-20151217-fsm, cisco-sa-20151217-gateway, cisco-sa-20151217-pnsc)
[18/12/2015] Vulnerabilities were identified in multiple Cisco products. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code on the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-gateway
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-pnsc
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109039
4. Vulnerabilities in Novell Products (5225150, 5229994)
[18/12/2015] Vulnerabilities were identified in the Novell Identity Manager and Novell Messenger. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=iuNGCHxR7XI~
URL:download.novell.com/Download?buildid=JFXvL2H0KXI~
5. Vulnerabilities in Juniper ScreenOS (JSA10712, JSA10713)
[18/12/2015] Vulnerabilities were identified in the Juniper ScreenOS. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:kb.juniper.net/index?page=content&id=JSA10712
URL:kb.juniper.net/index?page=content&id=JSA10713
URL:www.us-cert.gov/ncas/current-activity/2015/12/17/Juniper-Releases-Out-band-Security-Advisory-ScreenOS
6. Vulnerability in Drupal (DRUPAL-SA-CONTRIB-2015-173)
[18/12/2015] Vulnerability was identified in the Select2 Field Widget module for Drupal. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. This vulnerability affects versions prior to 7.x-2.9 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.drupal.org/node/2636352
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109021
7. Vulnerability in WinRAR (109011)
[18/12/2015] Vulnerability was identified in the WinRAR. An attacker could bypass security restrictions, gain elevated privileges and execute arbitrary code on the system. This vulnerability affects versions 5.30 beta 4 32 bit and 64 bit of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109011
8. Vulnerability in Zen Cart (109027)
[18/12/2015] Vulnerability was identified in the Zen Cart. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code on the system. This vulnerability affects version 1.5.4 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109027
9. Security Updates in Debian (DSA-3421-1, DSA-3423-1, DSA-3424-1, DSA-3425-1)
[18/12/2015] Debian has released security update packages for fixing the vulnerabilities identified in the grub2, cacti, subversion and tryton-server packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2015/dsa-3421
URL:www.debian.org/security/2015/dsa-3423
URL:www.debian.org/security/2015/dsa-3424
URL:www.debian.org/security/2015/dsa-3425
10. Security Updates in SUSE (openSUSE-SU-2015:2290-1, openSUSE-SU-2015:2291-1, SUSE-SU-2015:2292-1)
[18/12/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the Chromium and Linux Kernel packages of openSUSE 13.1, 13.2, Leap 42.1 and SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html
11. Security Updates in Red Hat Enterprise Linux (RHSA-2015:2665-1, RHSA-2015:2666-1)
[18/12/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the chromium-browser packages for Red Hat Enterprise Linux 6, and Red Hat OpenShift Enterprise 2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:rhn.redhat.com/errata/RHSA-2015-2665.html
URL:rhn.redhat.com/errata/RHSA-2015-2666.html
12. Security Updates in Ubuntu GNU/Linux (USN-2840-1, USN-2840-2, USN-2841-1, USN-2841-2, USN-2842-1, USN-2842-2, USN-2843-1, USN-2843-2, USN-2843-3)
[18/12/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the linux, linux-ti-omap4, linux-lts-trusty, linux-lts-vivid, linux-lts-wily, linux-raspi2 and linux-lts-utopic packages for versions 12.04 LTS, 14.04 LTS, 15.04 and Ubuntu 15.10. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2840-1/
URL:www.ubuntu.com/usn/usn-2840-2/
URL:www.ubuntu.com/usn/usn-2841-1/
URL:www.ubuntu.com/usn/usn-2841-2/
URL:www.ubuntu.com/usn/usn-2842-1/
URL:www.ubuntu.com/usn/usn-2842-2/
URL:www.ubuntu.com/usn/usn-2843-1/
URL:www.ubuntu.com/usn/usn-2843-2/
URL:www.ubuntu.com/usn/usn-2843-3/
URL:www.ubuntu.com/usn/usn-2844-1/
13. Vulnerability in Cisco Application Policy Infrastructure Controller (cisco-sa-20151216-apic)
[17/12/2015] Vulnerability was identified in the Cisco Application Policy Infrastructure Controller (APIC). An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise the system. This vulnerability affects version 1.1(0.920a) of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151216-apic
14. Vulnerabilities in IBM WebSphere Application Server (1969251)
[17/12/2015] Vulnerabilities were identified in the Apache HTTP Components used in IBM WebSphere Application Server. An attacker could bypass security restrictions, execute arbitrary code and perform spoofing attacks. These vulnerabilities affect versions 8.0, 8.5 and 8.5.5 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:www.ibm.com/support/docview.wss?uid=swg21969251
URL:www.hkcert.org/my_url/en/alert/15121701
15. Vulnerabilities in Novell Products (5229870, 5229994, 5230133)
[17/12/2015] Vulnerabilities were identified in the Novell NetIQ Sentinel, Novell Messenger and Novell Filr. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:download.novell.com/Download?buildid=HN3Bit9V_zo~
URL:download.novell.com/Download?buildid=JFXvL2H0KXI~
URL:download.novell.com/Download?buildid=lu4l-OPupGE~
16. Vulnerability in F5 Products (SOL34250741)
[17/12/2015] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC, BIG-IQ Centralized Management and BIG-IQ Cloud and Orchestration. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/k/34/sol34250741.html
17. Security Updates in Oracle Linux (ELSA-2015-2655, ELSA-2015-2656, ELSA-2015-2657, ELSA-2015-2658)
[17/12/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the bind, bind97 and firefox packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-2655.html
URL:linux.oracle.com/errata/ELSA-2015-2656.html
URL:linux.oracle.com/errata/ELSA-2015-2657.html
URL:linux.oracle.com/errata/ELSA-2015-2658.html
18. Security Updates in Debian (DSA-3420-1, DSA-3422-1)
[17/12/2015] Debian has released security update packages for fixing the vulnerabilities identified in the bind9 and iceweasel packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.debian.org/security/2015/dsa-3420
URL:www.debian.org/security/2015/dsa-3422
19. Security Updates in FreeBSD (FreeBSD-SA-15:27.bind)
[17/12/2015] FreeBSD has released security update packages for fixing the vulnerability identified in the bind packages for multiple versions of FreeBSD Linux. A an attacker could bypass security restrictions, cause a denial of service condition and crash the system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:27.bind.asc
20. Security Updates in Mageia (MGASA-2015-0472, MGASA-2015-0473, MGASA-2015-0474, MGASA-2015-0475, MGASA-2015-0476, MGASA-2015-0477)
[17/12/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the redis, libpng12, libpng, potrace, quassel, cups-filters, nspr, nss, firefox and firefox-l10n packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:advisories.mageia.org/MGASA-2015-0472.html
URL:advisories.mageia.org/MGASA-2015-0473.html
URL:advisories.mageia.org/MGASA-2015-0474.html
URL:advisories.mageia.org/MGASA-2015-0475.html
URL:advisories.mageia.org/MGASA-2015-0476.html
URL:advisories.mageia.org/MGASA-2015-0477.html
21. Security Updates in Red Hat Enterprise Linux (RHSA-2015:2620-1, RHSA-2015:2655-1, RHSA-2015:2656-1, RHSA-2015:2657-1, RHSA-2015:2658-1)
[17/12/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the cfme, bind, firefox and bind97 packages for Red Hat CloudForms 3.2, Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-2620.html
URL:rhn.redhat.com/errata/RHSA-2015-2655.html
URL:rhn.redhat.com/errata/RHSA-2015-2656.html
URL:rhn.redhat.com/errata/RHSA-2015-2657.html
URL:rhn.redhat.com/errata/RHSA-2015-2658.html
22. Security Updates in Slackware (SSA:2015-349-01, SSA:2015-349-02, SSA:2015-349-03, SSA:2015-349-04)
[17/12/2015] Slackware has released security update packages for fixing the vulnerabilities identified in the mozilla-firefox, libpng, bind and openssl packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.356015
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.504203
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
23. Security Updates in Ubuntu GNU/Linux (USN-2838-1, USN-2838-2, USN-2839-1)
[17/12/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the cups-filters, foomatic-filters and cups packages for versions 12.04 LTS, 14.04 LTS, 15.04 and Ubuntu 15.10. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code on the system.
URL:www.ubuntu.com/usn/usn-2838-1/
URL:www.ubuntu.com/usn/usn-2838-2/
URL:www.ubuntu.com/usn/usn-2839-1/
24. Vulnerability in Apache TomEE
[16/12/2015] Vulnerability was identified in the Apache TomEE. An attacker could bypass security restrictions and execute arbitrary code on the system. The affected version was not specified.
URL:www.hkcert.org/my_url/en/alert/15121604
25. Vulnerabilities in BIND (AA-01317, AA-01319)
[16/12/2015] Vulnerabilities were identified in the BIND 9. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:kb.isc.org/article/AA-01317
URL:kb.isc.org/article/AA-01319
URL:www.hkcert.org/my_url/en/alert/15121602
URL:www.us-cert.gov/ncas/current-activity/2015/12/15/Internet-Systems-Consortium-ISC-Releases-Security-Updates-BIND
26. Vulnerabilities in Mozilla Firefox (MFSA 2015-133, MFSA 2015-134, MFSA 2015-135, MFSA 2015-136, MFSA 2015-137, MFSA 2015-138, MFSA 2015-139, MFSA 2015-140, MFSA 2015-141, MFSA 2015-142, MFSA 2015-143, MFSA 2015-144, MFSA 2015-145, MFSA 2015-146, MFSA 2015-147, MFSA 2015-148, MFSA 2015-149)
[16/12/2015] Vulnerabilities were identified in the Mozilla Firefox and Firefox ESR. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-133/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-134/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-135/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-136/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-137/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-138/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-139/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-140/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-141/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-142/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-143/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-144/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-145/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-146/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-147/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-148/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-149/
URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox43
URL:www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr38.5
URL:www.hkcert.org/my_url/en/alert/15121603
URL:www.us-cert.gov/ncas/current-activity/2015/12/15/Mozilla-Releases-Security-Updates-Firefox-and-Firefox-ESR
27. Vulnerability in Cisco Products (cisco-sa-20151215-ucmim)
[16/12/2015] Vulnerability was identified in the Cisco Unified Communications Manager (UCM). An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects version 10.5(0.98000.88) of the mentioned product. Security patches are available to resolve this vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151215-ucmim
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108935
28. Vulnerabilities in HPE Network Switches (c04920918)
[16/12/2015] Vulnerabilities were identified in the HPE Network Switches. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect versions prior to v15.18.0007 of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04920918
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108946
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108947
29. Vulnerabilities in F5 Products (SOL30518307, SOL59010802)
[16/12/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX and Enterprise Manager. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/k/30/sol30518307.html
URL:support.f5.com/kb/en-us/solutions/public/k/59/sol59010802.html
30. Vulnerabilities in Huawei Products (HW-408044)
[16/12/2015] Vulnerabilities were identified in multiple Huawei Products. An attacker could bypass security restrictions and execute arbitrary code on the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:www1.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-408044.htm
31. Vulnerability in Juniper JunosE (JSA10651)
[16/12/2015] Vulnerability was identified in the Juniper JunosE. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects versions prior to 13.3.3p0-1, 14.3.1p0-0-1, 14.3.2 or 15.1.0 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:kb.juniper.net/InfoCenter/index?page=content&id=JSA10651
32. Vulnerabilities in Adcon Telemetry A840 (ICSA-15-349-01)
[16/12/2015] Vulnerabilities were identified in the Adcon Telemetry A840. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect all versions of the mentioned product.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-349-01
33. Vulnerabilities in Google Chrome
[16/12/2015] Vulnerabilities were identified in the Google Chrome. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 47.0.2526.106 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:googlechromereleases.blogspot.hk/search/label/Stable%20updates
URL:www.hkcert.org/my_url/en/alert/15121601
URL:www.us-cert.gov/ncas/current-activity/2015/12/15/Google-Releases-Security-Update-Chrome
34. Security Updates in Oracle Linux (ELSA-2015-2623, ELSA-2015-2636)
[16/12/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the grub2 and kernel packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-2623.html
URL:linux.oracle.com/errata/ELSA-2015-2636.html
35. Security Updates in Debian (DSA-3418-1, DSA-3419-1)
[16/12/2015] Debian has released security update packages for fixing the vulnerabilities identified in the chromium-browser and cups-filters packages for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.debian.org/security/2015/dsa-3418
URL:www.debian.org/security/2015/dsa-3419
36. Security Updates in Red Hat Enterprise Linux (RHSA-2015:2623-1)
[16/12/2015] Red Hat has released security update packages for fixing the vulnerability identified in the grub2 packages for Red Hat Enterprise Linux 7. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-2623.html
37. Security Updates in Ubuntu GNU/Linux (USN-2833-1, USN-2835-1, USN-2836-1, USN-2837-1)
[16/12/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the firefox, git, grub2 and bind9 packages for versions 12.04 LTS, 14.04 LTS, 15.04 and Ubuntu 15.10. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:www.ubuntu.com/usn/usn-2833-1/
URL:www.ubuntu.com/usn/usn-2835-1/
URL:www.ubuntu.com/usn/usn-2836-1/
URL:www.ubuntu.com/usn/usn-2837-1/
38. Vulnerabilities in Cisco Products (cisco-sa-20151214-ios, cisco-sa-20151214-ucm)
[15/12/2015] Vulnerabilities were identified in the Cisco IOS XE Software and Cisco Unified Communications Manager (UCM). An attacker could bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ios
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ucm
39. Vulnerability in Symantec Endpoint Encryption Client (SYM15-012)
[15/12/2015] Vulnerability was identified in the Symantec Endpoint Encryption Client. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects versions prior to 11.1.0 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20151214_00
40. Vulnerabilities in F5 Products (SOL08039035, SOL91245485)
[15/12/2015] Vulnerabilities were identified in the F5 Enterprise Manager and Traffix SDC. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/k/08/sol08039035.html
URL:support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html
41. Vulnerability in Joomla
[15/12/2015] Vulnerability was identified in the Joomla. An attacker could bypass security restrictions and execute arbitrary code on the system. These vulnerabilities affect versions prior to 3.4.6 of the mentioned product. Security patches are available to resolve this vulnerability.
URL:developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html
URL:www.hkcert.org/my_url/en/alert/15121401
42. Security Updates in Oracle Linux (ELSA-2015-2616, ELSA-2015-2617, ELSA-2015-2619)
[15/12/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the openssl and libreoffice packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:linux.oracle.com/errata/ELSA-2015-2616.html
URL:linux.oracle.com/errata/ELSA-2015-2617.html
URL:linux.oracle.com/errata/ELSA-2015-2619.html
43. Security Updates in Debian (DSA-3417-1)
[15/12/2015] Debian has released security update packages for fixing the vulnerability identified in the bouncycastle packages for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code.
URL:www.debian.org/security/2015/dsa-3417
44. Security Updates in Red Hat Enterprise Linux (RHSA-2015:2616-1, RHSA-2015:2617-1, RHSA-2015:2618-1, RHSA-2015:2619-1)
[15/12/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the openssl, chromium-browser and libreoffice packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:rhn.redhat.com/errata/RHSA-2015-2616.html
URL:rhn.redhat.com/errata/RHSA-2015-2617.html
URL:rhn.redhat.com/errata/RHSA-2015-2618.html
URL:rhn.redhat.com/errata/RHSA-2015-2619.html
45. Security Updates in SUSE (SUSE-SU-2015:2268-1, SUSE-SU-2015:2168-2)
[15/12/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the java-1_8_0-ibm and java-1_7_1-ibm packages of SUSE Linux Enterprise 12. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00015.html
46. Security Updates in Ubuntu GNU/Linux (USN-2834-1)
[15/12/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the libxml2 packages for versions 12.04 LTS, 14.04 LTS, 15.04 and Ubuntu 15.10. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:www.ubuntu.com/usn/usn-2834-1/
47. Vulnerabilities in Apple iTunes (HT205636)
[14/12/2015] Vulnerabilities were identified in the Apple iTunes. An attacker could bypass security restrictions, execute arbitrary code and compromise the system. These vulnerabilities affect version 12.3.2 of the mentioned product. Security patches are available to resolve these vulnerabilities.
URL:support.apple.com/en-us/HT205636
URL:www.us-cert.gov/ncas/current-activity/2015/12/11/Apple-Releases-Security-Update-iTunes
48. Vulnerabilities in Cisco Products (cisco-sa-20151211-fmc, cisco-sa-20151211-imc, cisco-sa-20151211-ucdm)
[14/12/2015] Vulnerabilities were identified in the Cisco FireSIGHT Management Center, Cisco Integrated Management Controller (IMC) and Cisco Unified Communications Domain Manager (CUCDM). An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-fmc
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-imc
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-ucdm
49. Vulnerability in F5 Traffix SDC (SOL49233165)
[14/12/2015] Vulnerability was identified in the F5 Traffix SDC. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/k/49/sol49233165.html
50. Security Updates in Oracle Linux (ELSA-2015-3107)
[14/12/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel packages for Oracle Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial of service condition and crash the system.
URL:linux.oracle.com/errata/ELSA-2015-3107.html
51. Security Updates in Debian (DSA-3416-1)
[14/12/2015] Debian has released security update packages for fixing the vulnerability identified in the libphp-phpmailer packages for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, obtain sensitive information and execute arbitrary code.
URL:www.debian.org/security/2015/dsa-3416
52. Security Updates in SUSE (openSUSE-SU-2015:2257-1)
[14/12/2015] SUSE has released security update packages for fixing the vulnerability identified in the mbedtls packages of openSUSE Leap 42.1. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html
Subscribe to:
Posts (Atom)