1. Vulnerability
in F5 ARX (SOL40284849)
[24/12/2015] Vulnerability was identified in the F5 ARX. An attacker could
bypass security restrictions and obtain sensitive information. This
vulnerability affects versions 6.0.0 - 6.4.0 of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/k/40/sol40284849.html
2. Vulnerability in ISC Kea
(AA-01318)
[24/12/2015]
Vulnerability was identified in the ISC Kea. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. This vulnerability affects
versions 0.9.2 and 1.0.0-beta of the mentioned product. Security patches are
available to resolve this
vulnerability.
URL:kb.isc.org/article/AA-01318
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109148
3. Vulnerabilities in EMC Products (109134,
109158)
[24/12/2015]
Vulnerabilities were identified in the EMC VPLEX
and EMC Secure Remote Services Virtual Edition (ESRS VE). An attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109134
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109158
4. Vulnerability in giflib
(109149)
[24/12/2015]
Vulnerability was identified in the giflib. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. This vulnerability affects
version 5.1.1 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109149
5. Vulnerability in Wireshark
(109152)
[24/12/2015]
Vulnerability was identified in the Wireshark.
An attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. This vulnerability affects
multiple versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109152
6. Security Updates in Debian
(DSA-3430-1)
[24/12/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the libxml2 packages for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and crash the
system.
URL:www.debian.org/security/2015/dsa-3430
7. Security Updates in Mageia
(MGASA-2015-0482)
[24/12/2015] Mageia has
released security update packages for fixing the vulnerability identified in the
dpkg packages for multiple versions of Mageia. An attacker could bypass security
restrictions, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:advisories.mageia.org/MGASA-2015-0482.html
8. Security Updates in Slackware
(SSA:2015-357-01)
[24/12/2015] Slackware
has released security update packages for fixing the vulnerabilities identified
in the mozilla-thunderbird packages for multiple versions of Slackware Linux.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.359890
9. Security Updates in SUSE (openSUSE-SU-2015:2346-1,
openSUSE-SU-2015:2347-1, SUSE-SU-2015:2350-1)
[24/12/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Chromium and Linux Kernel packages of openSUSE Leap 42.1, 13.1 and 13.2,
SUSE Linux Enterprise 11 and 12. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00029.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00030.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html
10.
Vulnerabilities in HP Products
(c04779492, c04926463, c04926482)
[23/12/2015] Vulnerabilities were identified multiple HP products. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04779492
URL:h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926463
URL:h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926482
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109127
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109128
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109129
11.
Vulnerability in EMC VPLEX
(109134)
[23/12/2015]
Vulnerability was identified in the EMC VPLEX.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code and compromise the system. This
vulnerability affects versions prior to 5.4 SP1 P3 or 5.5 Patch 1 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109134
12.
Vulnerability in RSA SecurID Web Agent
(109120)
[23/12/2015]
Vulnerability was identified in the RSA SecurID
Web Agent. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code and compromise the
system. This vulnerability affects versions prior to 8.0 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109120
13.
Vulnerability in Schneider Electric
Modicon M340 (ICSA-15-351-01)
[23/12/2015] Vulnerability was identified in the Schneider Electric
Modicon M340. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and crash the system. This vulnerability affects multiple
firmware versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-351-01
14.
Vulnerabilities in Motorola MOSCAD SCADA
IP Gateway (ICSA-15-351-02)
[23/12/2015] Vulnerabilities were identified in the Motorola MOSCAD SCADA
IP Gateway. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect ALL
versions of the mentioned
product.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-351-02
15.
Vulnerabilities in eWON
(ICSA-15-351-03)
[23/12/2015] Vulnerabilities were identified in the eWON. An attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the system. These vulnerabilities affect firmware versions prior to
10.1s0 of the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-351-03
16.
Vulnerabilities in
Joomla
[23/12/2015]
Vulnerabilities were identified in the Joomla.
An attacker could bypass security restrictions and execute arbitrary code on the
system. These vulnerabilities affect versions prior to 3.4.7 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:www.joomla.org/announcements/release-news/5643-joomla-3-4-7.html
URL:www.us-cert.gov/ncas/current-activity/2015/12/22/Joomla-Releases-Security-Update-CMS
17.
Security Updates in Oracle Linux
(ELSA-2015-2694)
[23/12/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the qemu-kvm package for Oracle Linux 6. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-2694.html
18.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:2694-1)
[23/12/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the qemu-kvm packages for Red Hat Enterprise Linux 6. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-2694.html
19.
Security Updates in SUSE
(SUSE-SU-2015:2339-1, SUSE-SU-2015:2340-1,
SUSE-SU-2015:2341-1)
[23/12/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Linux Kernel and bind packages of SUSE Linux Enterprise 11 and 12. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00027.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00028.html
20.
Vulnerability in Cisco Products
(cisco-sa-2015-1221-iosxe)
[22/12/2015] Vulnerability was identified in the Cisco IOS XE Software. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. This vulnerability affects
firmware version 16.1.1 of the mentioned product. Security patches are available
to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2015-1221-iosxe
21.
Vulnerability in Easy File Sharing Web
Server (109101)
[22/12/2015] Vulnerability was identified in the Easy File Sharing Web
Server. An attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code and compromise the system. This vulnerability
affects version 7.2 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109101
22.
Vulnerabilities in WordPress (109094,
109095, 109096, 109097, 109098, 109099, 109100,
109104)
[22/12/2015]
Vulnerabilities were identified in multiple
plugins for WordPress. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the system. These vulnerabilities
affect multiple versions of the mentioned
products.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109094
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109095
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109096
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109097
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109098
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109099
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109100
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109104
23.
Security Updates in Oracle Linux
(ELSA-2015-2671)
[22/12/2015] Oracle has
released security update packages for fixing the vulnerability identified in the
jakarta-commons-collections package for Oracle Linux 5. An attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges
and execute arbitrary
code.
URL:linux.oracle.com/errata/ELSA-2015-2671.html
24.
Security Updates in Debian (DSA-3427-1,
DSA-3428-1, DSA-3429-1)
[22/12/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the blueman, tomcat8 and foomatic-filters packages for multiple versions of
Debian GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3427
URL:www.debian.org/security/2015/dsa-3428
URL:www.debian.org/security/2015/dsa-3429
25.
Security Updates in Gentoo Linux (GLSA
201512-04, GLSA 201512-05)
[22/12/2015] Gentoo has
released security update packages for fixing the vulnerabilities identified in
the openssh and gdk-pixbuf packages for multiple versions of Gentoo Linux. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:security.gentoo.org/glsa/201512-04
URL:security.gentoo.org/glsa/201512-05
26.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:2671-1, RHSA-2015:2684-1,
RHSA-2015:2685-1)
[22/12/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the jakarta-commons-collections, OpenStack Compute and
openstack-ironic-discoverd packages for Red Hat Enterprise Linux 5, Red Hat
Enterprise Linux OpenStack Platform 5.0 and 6.0 for RHEL 7. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-2671.html
URL:rhn.redhat.com/errata/RHSA-2015-2684.html
URL:rhn.redhat.com/errata/RHSA-2015-2685.html
27.
Security Updates in SUSE
(SUSE-SU-2015:2183-2, SUSE-SU-2015:2334-1, SUSE-SU-2015:2335-1,
SUSE-SU-2015:2336-1, SUSE-SU-2015:2337-1)
[22/12/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the MozillaFirefox, rubygem-passenger and strongswan packages of SUSE Linux
Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00024.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00025.html
28.
Vulnerability in Cisco Products
(cisco-sa-20151218-ios)
[21/12/2015] Vulnerability was identified in Cisco IOS and Cisco IOS XE
Software. An attacker could bypass security restrictions, execute arbitrary
code, cause a denial of service condition and crash the system. This
vulnerability affects multiple firmware versions of the mentioned products.
Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151218-ios
29.
Vulnerability in F5 Products
(SOL76930736)
[21/12/2015] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, BIG-IQ Cloud, BIG-IQ
Device, BIG-IQ Security, BIG-IQ ADC, BIG-IQ Centralized Management and BIG-IQ
Cloud and Orchestration. An attacker could bypass security restrictions, cause a
denial of service condition and crash the system. This vulnerability affects
multiple versions of the mentioned products. Security patches are available to
resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/k/76/sol76930736.html?ref=rss
30.
Vulnerability in EMC Isilon OneFS
(109045)
[21/12/2015]
Vulnerability was identified in the EMC Isilon
OneFS. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code and compromise the
system. This vulnerability affects multiple versions of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109045
31.
Vulnerabilities in WordPress (109046,
109047, 109048, 109049, 109050, 109051, 109055, 109056, 109057, 109059, 109062,
109064, 109065, 109068, 109069, 109070, 109071, 109072, 109090, 109091, 109092,
109093)
[21/12/2015]
Vulnerabilities were identified in multiple
plugins for WordPress. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109046
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109047
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109048
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109049
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109050
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109051
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109055
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109056
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109057
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109059
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109062
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109064
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109065
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109068
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109069
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109070
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109071
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109072
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109090
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109091
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109092
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109093
32.
Security Updates in Debian
(DSA-3426-1)
[21/12/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the linux packages for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3426
33.
Security Updates in Gentoo Linux (GLSA
201512-01, GLSA 201512-02, GLSA 201512-03)
[21/12/2015] Gentoo has
released security update packages for fixing the vulnerabilities identified in
the dnsmasq, ipython and grub packages for multiple versions of Gentoo Linux.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:security.gentoo.org/glsa/201512-01
URL:security.gentoo.org/glsa/201512-02
URL:security.gentoo.org/glsa/201512-03
34.
Security Updates in Mageia
(MGASA-2015-0478, MGASA-2015-0479, MGASA-2015-0480,
MGASA-2015-0481)
[21/12/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the python-pygments, chromium-browser-stable, grub2 and bind packages for
multiple versions of Mageia. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0478.html
URL:advisories.mageia.org/MGASA-2015-0479.html
URL:advisories.mageia.org/MGASA-2015-0480.html
URL:advisories.mageia.org/MGASA-2015-0481.html
35.
Security Updates in Slackware
(SSA:2015-351-01, SSA:2015-351-02)
[21/12/2015] Slackware
has released security update packages for fixing the vulnerabilities identified
in the grub and libpng packages for multiple versions of Slackware Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.346050
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.498464
36.
Security Updates in SUSE
(SUSE-SU-2015:2304-1, SUSE-SU-2015:2305-1)
[21/12/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the ldb, samba, talloc, tdb and tevent packages of SUSE Linux Enterprise 12. Due
to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html
37.
Security Updates in Ubuntu GNU/Linux
(USN-2840-1, USN-2840-2, USN-2841-1, USN-2841-2, USN-2842-1, USN-2842-2,
USN-2843-1, USN-2843-2, USN-2843-3)
[21/12/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the sosreport, linux, linux-lts-trusty, linux-lts-utopic, linux-raspi2,
linux-lts-wily and linux-lts-vivid packages for versions 12.04 LTS, 14.04 LTS,
15.04 and Ubuntu 15.10. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2845-1/
URL:www.ubuntu.com/usn/usn-2846-1/
URL:www.ubuntu.com/usn/usn-2847-1/
URL:www.ubuntu.com/usn/usn-2848-1/
URL:www.ubuntu.com/usn/usn-2849-1/
URL:www.ubuntu.com/usn/usn-2850-1/
URL:www.ubuntu.com/usn/usn-2851-1/
URL:www.ubuntu.com/usn/usn-2852-1/
URL:www.ubuntu.com/usn/usn-2853-1/
URL:www.ubuntu.com/usn/usn-2854-1/
No comments:
Post a Comment