1. Vulnerabilities in Cisco Products (cisco-sa-20151209-cers,
cisco-sa-20151209-ert, cisco-sa-20151209-erw, cisco-sa-20151210-cer,
cisco-sa-20151210-dwvr, cisco-sa-20151210-hcm, cisco-sa-20151210-tvcs,
cisco-sa-20151210-ucs, cisco-sa-20151210-uim,
cisco-sa-20151210-vdssm)
[11/12/2015] Vulnerabilities were identified in multiple Cisco products.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the system. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-cers
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ert
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-erw
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-cer
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-dwvr
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-hcm
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-tvcs
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-ucs
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-uim
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-vdssm
2. Vulnerabilities in Huawei Products
(Huawei-SA-20151210-01-JPU)
[11/12/2015] Vulnerabilities were identified in multiple Huawei products.
An attacker could bypass security restrictions, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and crash the
system. These vulnerabilities affect multiple firmware versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-465532.htm
3. Vulnerabilities in Advantech EKI
(ICSA-15-344-01)
[11/12/2015] Vulnerabilities were identified in the Advantech EKI. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the system. These vulnerabilities affect version EKI-132x of the
mentioned
product.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-344-01
4. Vulnerabilities in multiple WiFi
Routers
[11/12/2015]
Vulnerabilities were identified in the ReadyNet
WRT300N-DD wireless router, ZyXEL NBG-418N router, Netgear G54/N150 wireless
router, Buffalo AirStation Extreme N600 router, Amped Wireless R10000 router and
ASUS WL-330NUL wireless LAN router. At attackers could gain privileged access,
execute arbitrary code, spoof DNS responses, perform cross-site scripting and
cross-site request forgery attacks, and take complete control of the devices.
These vulnerabilities affect multiple firmware versions of the mentioned
products. Security patches are available to resolve the vulnerability in ASUS
WL-330NUL wireless LAN
router.
URL:www.kb.cert.org/vuls/id/167992
URL:www.kb.cert.org/vuls/id/330000
URL:www.kb.cert.org/vuls/id/403568
URL:www.kb.cert.org/vuls/id/646008
URL:www.kb.cert.org/vuls/id/763576
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108771
5. Vulnerability in Open Automation Software OPC Systems
NET (ICSA-15-344-02)
[11/12/2015] Vulnerability was identified in the Open Automation Software
OPC Systems NET. An attacker could bypass security restrictions, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the system. This vulnerability affects versions 8.00.0023 and prior
of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-344-02
6. Security Updates in Debian
(DSA-3415-1)
[11/12/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the chromium-browser packages for multiple versions of Debian GNU/Linux. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.debian.org/security/2015/dsa-3415
7. Security Updates in Mageia (MGASA-2015-0469,
MGASA-2015-0470, MGASA-2015-0471)
[11/12/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the libraw, chromium-browser-stable and imagemagick packages for multiple
versions of Mageia. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0469.html
URL:advisories.mageia.org/MGASA-2015-0470.html
URL:advisories.mageia.org/MGASA-2015-0471.html
8. Security Updates in SUSE (openSUSE-SU-2015:2239-1,
openSUSE-SU-2015:2243-1, openSUSE-SU-2015:2244-1, openSUSE-SU-2015:2246-1,
SUSE-SU-2015:2247-1)
[11/12/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the flash-player, MySQL 5.6.27, MariaDB 10.0.22 and MariaDB 5.5.46 packages of
openSUSE 13.1 and 13.2, openSUSE Leap 42.1 and SUSE Linux Enterprise 12. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html
9. Security Updates in Ubuntu GNU/Linux
(USN-2825-1)
[11/12/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the oxide-qt packages for 14.04 LTS, 15.04 and Ubuntu 15.10. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2825-1/
10. Vulnerabilities in Cisco Products
(cisco-sa-20151209-fmc, cisco-sa-20151209-ipp,
cisco-sa-20151209-java-deserialization, cisco-sa-20151209-pca,
cisco-sa-20151209-tvc, cisco-sa-20151209-uc,
cisco-sa-20151209-ucm)
[10/12/2015] Vulnerabilities were identified in multiple Cisco products.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the system. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-fmc
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-pca
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-tvc
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-uc
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ucm
11.
Vulnerabilities in F5 Products
(SOL31372672)
[10/12/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device,
BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and crash the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/k/31/sol31372672.html
12.
Vulnerabilities in Huawei Products
(Huawei-SA-20151209-01-HIFI,
Huawei-SA-20151209-01-WormHole)
[10/12/2015] Vulnerabilities were identified in the Huawei mobile phones
and smart phones. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the system. These vulnerabilities
affect multiple firmware versions of the mentioned products. Security patches
are available to resolve these
vulnerabilities.
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-465302.htm
URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-465304.htm
13.
Vulnerabilities in Epiphany Cardio Server
(VU#630239)
[10/12/2015] Vulnerabilities were identified in the Epiphany Cardio
Server. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code and compromise the
system. These vulnerabilities affect multiple versions of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:www.kb.cert.org/vuls/id/630239
14.
Security Updates in Oracle Linux
(ELSA-2015-2552, ELSA-2015-2561, ELSA-2015-2594, ELSA-2015-2595,
ELSA-2015-2596)
[10/12/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the kernel, git packages, libpng and libpng12 for Oracle Linux 6 and 7. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-2552.html
URL:linux.oracle.com/errata/ELSA-2015-2561.html
URL:linux.oracle.com/errata/ELSA-2015-2594.html
URL:linux.oracle.com/errata/ELSA-2015-2595.html
URL:linux.oracle.com/errata/ELSA-2015-2596.html
15.
Security Updates in Debian
(DSA-3414-1)
[10/12/2015] Debian has
released security update packages for fixing the vulnerabilities identified in
the xen packages for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the
system.
URL:www.debian.org/security/2015/dsa-3414
16.
Security Updates in Mageia
(MGASA-2015-0467, MGASA-2015-0468)
[10/12/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the chromium-browser-stable and flash-player-plugin packages for multiple
versions of Mageia. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0467.html
URL:advisories.mageia.org/MGASA-2015-0468.html
17.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:2593-1, RHSA-2015:2594-1, RHSA-2015:2595-1,
RHSA-2015:2596-1)
[10/12/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the Adobe Flash Player, libpng and libpng2 packages for Red Hat Enterprise
Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-2593.html
URL:rhn.redhat.com/errata/RHSA-2015-2594.html
URL:rhn.redhat.com/errata/RHSA-2015-2595.html
URL:rhn.redhat.com/errata/RHSA-2015-2596.html
18.
Security Updates in SUSE
(SUSE-SU-2015:2236-1)
[10/12/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the flash-player packages of SUSE Linux Enterprise 11. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html
19.
Vulnerabilities in Microsoft Products
(3100465, 3104503, 3106614, 3108669, 3108670, 3116111, 3116130, 3116162,
3116178, 3116180, 3116184, 3119075)
[09/12/2015] Vulnerabilities were identified in the Microsoft Internet
Explorer, Edge, Windows, Silverlight and Office. An attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system. These vulnerabilities affect multiple versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:technet.microsoft.com/en-us/library/security/ms15-dec.aspx
URL:technet.microsoft.com/library/security/MS15-124
URL:technet.microsoft.com/library/security/MS15-125
URL:technet.microsoft.com/library/security/MS15-126
URL:technet.microsoft.com/library/security/MS15-127
URL:technet.microsoft.com/library/security/MS15-128
URL:technet.microsoft.com/library/security/MS15-129
URL:technet.microsoft.com/library/security/MS15-130
URL:technet.microsoft.com/library/security/MS15-131
URL:technet.microsoft.com/library/security/MS15-132
URL:technet.microsoft.com/library/security/MS15-133
URL:technet.microsoft.com/library/security/MS15-134
URL:technet.microsoft.com/library/security/MS15-135
URL:www.hkcert.org/my_url/en/alert/15120901
URL:www.hkcert.org/my_url/en/alert/15120902
URL:www.hkcert.org/my_url/en/alert/15120903
URL:www.hkcert.org/my_url/en/alert/15120904
URL:www.hkcert.org/my_url/en/alert/15120905
URL:www.hkcert.org/my_url/en/alert/15120906
URL:www.hkcert.org/my_url/en/alert/15120907
URL:www.hkcert.org/my_url/en/alert/15120908
URL:www.hkcert.org/my_url/en/alert/15120909
URL:www.hkcert.org/my_url/en/alert/15120910
URL:www.hkcert.org/my_url/en/alert/15120911
URL:www.hkcert.org/my_url/en/alert/15120912
URL:www.us-cert.gov/ncas/current-activity/2015/12/08/Microsoft-Releases-December-2015-Security-Bulletin
20.
Information Updates on Microsoft Security
Advisories (3057154, 3123040)
[09/12/2015] Microsoft
has updated information on the Security Advisories for Microsoft Windows and
Windows Phone. (a) KB3057154 was updated to include more information about
disabling DES by default in Windows 7 and Windows Server 2008 R2 and later
operating systems. The update allows DES to be used between client and server to
address scenarios in which DES is still required for application compatibility
reasons. (b) KB3123040 was published to help protect customers from potentially
fraudulent use of the SSL/TLS digital certificate, the certificate has been
deemed no longer valid and Microsoft is updating the Certificate Trust list
(CTL) for all supported releases of Microsoft Windows to remove the trust of the
certificate.
URL:technet.microsoft.com/library/security/3057154.aspx
URL:technet.microsoft.com/library/security/3123040.aspx
21.
Vulnerabilities in Adobe Flash Player
(APSB15-32)
[09/12/2015] Vulnerabilities were identified in the Adobe Flash Player. An
attacker could bypass security restrictions, execute arbitrary code and
compromise the system. These vulnerabilities affect multiple versions of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:helpx.adobe.com/security/products/flash-player/apsb15-32.html
URL:technet.microsoft.com/library/security/2755801.aspx
URL:www.hkcert.org/my_url/en/alert/15120913
URL:www.us-cert.gov/ncas/current-activity/2015/12/08/Adobe-Releases-Security-Updates-Flash-Player
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108618
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108620
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108621
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108622
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108623
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108624
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108627
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108628
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108629
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108630
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108631
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108632
22. Vulnerabilities in
Apple Products (HT205635, HT205637, HT205639, HT205640, HT205641,
HT205642)
[09/12/2015]
Vulnerabilities were identified in the Apple
iOS, OS X El Capitan 10.11.2 and Security Update 2015-008, Safari, tvOS, watchOS
and Xcode. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:support.apple.com/en-hk/HT205635
URL:support.apple.com/en-hk/HT205637
URL:support.apple.com/en-hk/HT205639
URL:support.apple.com/en-hk/HT205640
URL:support.apple.com/en-hk/HT205641
URL:support.apple.com/en-hk/HT205642
URL:www.hkcert.org/my_url/en/alert/15120914
URL:www.us-cert.gov/ncas/current-activity/2015/12/08/Apple-Releases-Multiple-Security-Updates
23.
Vulnerabilities in Cisco Products
(cisco-sa-20151208-wrg, cisco-sa-20151208-cwr, cisco-sa-20151208-gateway,
cisco-sa-20151208-xb3)
[09/12/2015] Vulnerabilities were identified in the Cisco EPC3928 Wireless
Residential Gateway, Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential
Gateway and Cisco DPC3939 (XB3) router. An attacker could bypass security
restrictions, execute arbitrary code, perform cross-site scripting and code
injection attacks. These vulnerabilities affect multiple firmware versions of
the mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-wrg
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-cwr
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-gateway
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-xb3
24.
Vulnerabilities in Rockwell Automation
Micrologix 1100 and 1400 PLC Systems
(ICSA-15-300-03A)
[09/12/2015] Vulnerabilities were identified in the Rockwell Automation
Micrologix 1100 and 1400 PLC Systems. An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the system.
These vulnerabilities affect multiple firmware versions of the mentioned
products. Security patches are available to resolve these
vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-300-03A
25.
Vulnerabilities in TaxiHail
(VU#439016)
[09/12/2015] Vulnerabilities were identified in the TaxiHail. An attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code and compromise the system. These
vulnerabilities affect versions prior to 3.1.26 of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:www.kb.cert.org/vuls/id/439016
26.
Vulnerabilities in Up.time agent for
Windows (VU#377260)
[09/12/2015] Vulnerabilities were identified in the Up.time agent for
Windows. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect multiple versions of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:www.kb.cert.org/vuls/id/377260
27.
Vulnerability in XZERES 442SR Wind
Turbine (ICSA-15-342-01)
[09/12/2015] Vulnerability was identified in the XZERES 442SR Wind
Turbine. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. This vulnerability affects multiple version of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-342-01
28.
Vulnerability in LOYTEC Router
(ICSA-15-342-02)
[09/12/2015] Vulnerability was identified in the LOYTEC Router. An
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and compromise the
system. This vulnerability affects firmware versions prior to V6.02 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-342-02
29.
Vulnerabilities in Pacom 1000 CCU GMS
System (ICSA-15-337-03)
[09/12/2015] Vulnerabilities were identified in the Pacom 1000 CCU GMS
System. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
firmware versions prior to v1.3 of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-15-337-03
30.
Vulnerabilities in Google
Chrome
[09/12/2015]
Vulnerabilities were identified in the Google
Chrome. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect versions prior to 47.0.2526.80 of
the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:googlechromereleases.blogspot.hk/search/label/Stable%20updates
URL:www.us-cert.gov/ncas/current-activity/2015/12/08/Google-Releases-Security-Update-Chrome
31.
Vulnerability in Cisco Prime Service
Catalog (cisco-sa-20151207-psc)
[08/12/2015] Vulnerability was identified in the Cisco Prime Service
Catalog. An attacker could bypass security restrictions and execute arbitrary
code. This vulnerability affects multiple versions 10.0(R2), 10.0, 10.1, and
11.0 of the mentioned product. Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151207-psc
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108561
32.
Vulnerabilities in F5 Products
(SOL12824341, SOL55540723)
[08/12/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP
GTM, BIG-IP Link Controller, BIG-IP PEM and ARX. An attacker could bypass
security restrictions, obtain sensitive information, execute arbitrary code,
cause a denial of service condition and crash the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/k/12/sol12824341.html
URL:support.f5.com/kb/en-us/solutions/public/k/55/sol55540723.html
33.
Vulnerabilities in ASUS RT-N15U router
(108522, 108523, 108524)
[08/12/2015] Vulnerabilities were identified in the ASUS RT-N15U router.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the system. These vulnerabilities affect firmware
version 1.9.2.7 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108522
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108523
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108524
34.
Vulnerability in Linksys EA6100 Wireless
Router (108545)
[08/12/2015] Vulnerability was identified in the Linksys EA6100 Wireless
Router. An attacker could bypass security restrictions. The affected version was
not
specified.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108545
35.
Security Updates in Oracle Linux
(ELSA-2015-2549, ELSA-2015-2550)
[08/12/2015] Oracle has
released security update packages for fixing the vulnerabilities identified in
the libxml2 packages for Oracle Linux 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2015-2549.html
URL:linux.oracle.com/errata/ELSA-2015-2550.html
36.
Security Updates in FreeBSD
(FreeBSD-SA-15:26.openssl)
[08/12/2015] FreeBSD
has released security update packages for fixing the vulnerabilities identified
in the openssl packages for multiple versions of FreeBSD Linux. A an attacker
could bypass security restrictions, cause a denial of service condition and
crash the
system.
URL:security.freebsd.org/advisories/FreeBSD-SA-15:26.openssl.asc
37.
Security Updates in Mageia
(MGASA-2015-0463, MGASA-2015-0464, MGASA-2015-0465,
MGASA-2015-0466)
[08/12/2015] Mageia has
released security update packages for fixing the vulnerabilities identified in
the python-django, moodle, cups-filters and openssl packages for multiple
versions of Mageia. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2015-0463.html
URL:advisories.mageia.org/MGASA-2015-0464.html
URL:advisories.mageia.org/MGASA-2015-0465.html
URL:advisories.mageia.org/MGASA-2015-0466.html
38.
Security Updates in Red Hat Enterprise
Linux (RHSA-2015:2549-1, RHSA-2015:2550-1)
[08/12/2015] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the libxml2 packages for Red Hat Enterprise Linux 6 and 7. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2015-2549.html
URL:rhn.redhat.com/errata/RHSA-2015-2550.html
39.
Security Updates in SUSE
(SUSE-SU-2015:2216-1)
[08/12/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the java-1_7_0-ibm Kernel packages of SUSE Linux Enterprise 11. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html
40.
Security Updates in Ubuntu GNU/Linux
(USN-2830-1, USN-2831-1, USN-2831-2, USN-2832-1)
[08/12/2015] Ubuntu has released security update packages for fixing the
vulnerabilities identified in the openssl, cups-filters, foomatic-filters and
libsndfile packages for versions 12.04 LTS, 14.04 LTS, 15.04 and Ubuntu 15.10.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2830-1/
URL:www.ubuntu.com/usn/usn-2831-1/
URL:www.ubuntu.com/usn/usn-2831-2/
URL:www.ubuntu.com/usn/usn-2832-1/
41.
Vulnerabilities in Cisco Products
(cisco-sa-20151204-nexus, cisco-sa-20151204-openssl)
[07/12/2015] Vulnerabilities were identified in multiple Cisco products.
An attacker could cause a denial of service condition. These vulnerabilities
affect multiple versions of the mentioned
products.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-nexus
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108538
42.
Vulnerability in IBM WebSphere
Application Server (1966638)
[07/12/2015] Vulnerability was identified in the Edge Component Caching
Proxy in IBM WebSphere Application Server. An attacker could obtain sensitive
information. This vulnerability affects versions 8.0 and 8.5 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:www-01.ibm.com/support/docview.wss?uid=swg21966638
43.
Vulnerabilities in Lenovo Solution Center
application (VU#294607)
[07/12/2015] Vulnerabilities were identified in the Lenovo Solution Center
application. An attacker could execute arbitrary code with system privileges.
The affected version was not
specified.
URL:www.kb.cert.org/vuls/id/294607
44.
Vulnerability in EMC NetWorker
(108508)
[07/12/2015]
Vulnerability was identified in the EMC
NetWorker. An attacker could cause a denial of service condition. This
vulnerability affects multiple versions of the mentioned product. Security
patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108508
45.
Vulnerability in OpenStack Ironic
(108510)
[07/12/2015]
Vulnerability was identified in the OpenStack
Ironic. An attacker could obtain sensitive information. This vulnerability
affects versions 4.2.0 and 4.2.1 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108510
46.
Security Updates in SUSE
(SUSE-SU-2015:2182-1, SUSE-SU-2015:2192-1,
SUSE-SU-2015:2194-1)
[07/12/2015] SUSE has
released security update packages for fixing the vulnerabilities identified in
the java-1_6_0-ibm, java-1_7_1-ibm and Linux Kernel packages of SUSE Linux
Enterprise 11 and 12. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, cause a denial of service condition
and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html
47.
Security Updates in Debian (DSA-3412-1,
DSA-3413-1)
[07/12/2015] Debian has
released security update packages for fixing the vulnerability identified in the
redis and openssl packages for multiple versions of Debian GNU/Linux. An
attacker could cause a denial of service, crash the application and obtain
sensitive
information.
URL:www.debian.org/security/2015/dsa-3412
URL:www.debian.org/security/2015/dsa-3413
48.
Security Updates in Ubuntu GNU/Linux
(USN-2829-1, USN-2829-2)
[07/12/2015] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the Linux Kernel packages for versions 14.04 LTS and 15.04. Due to multiple
errors, an attacker could cause a denial of service condition and crash the
system.
URL:www.ubuntu.com/usn/usn-2829-1/
URL:www.ubuntu.com/usn/usn-2829-2/
No comments:
Post a Comment