1. Vulnerabilities in HP Arcsight Logger
(c04941487)
[15/01/2016] Vulnerabilities were identified in the HP Arcsight Logger. An
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
system. These vulnerabilities affect versions prior to v6.1P1 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04941487
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109638
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109639
2. Vulnerability in F5 Products
(SOL00032124)
[15/01/2016] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway,
BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device,
BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions,
execute arbitrary code, cause a denial of service condition and crash the
system. This vulnerability affects multiple versions of the mentioned products.
Security patches are available to resolve this
vulnerability.
URL:support.f5.com/kb/en-us/solutions/public/k/00/sol00032124.html
3. Vulnerabilities in Huawei Products
(Huawei-SA-20160113-01-Switch, Huawei-SA-20160113-02-Switch,
Huawei-SA-20160113-03-Switch)
[15/01/2016] Vulnerabilities was identified in multiple Huawei switches.
An attacker could bypass security restrictions, obtain sensitive information,
cause a denial of service condition and crash the system. These vulnerabilities
affect multiple firmware versions of the mentioned products. Security patches
are available to resolve these
vulnerabilities.
URL:www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-01-switch-en
URL:www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-02-switch-en
URL:www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-03-switch-en
4. Vulnerabilities in Advantech WebAccess
(ICSA-16-014-01)
[15/01/2016] Vulnerabilities were identified in the Advantech WebAccess.
An attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and compromise the
system. These vulnerabilities affect versions prior to 8.1 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:ics-cert.us-cert.gov/advisories/ICSA-16-014-01
5. Vulnerabilities in OpenSSH
[15/01/2016] Vulnerabilities were identified in the OpenSSH. An attacker
could bypass security restrictions, obtain sensitive information, execute
arbitrary code, cause a denial of service condition and crash the system. These
vulnerabilities affect versions prior to 7.1p2 of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:www.openssh.com/txt/release-7.1p2
URL:www.hkcert.org/my_url/en/alert/16011501
URL:www.us-cert.gov/ncas/current-activity/2016/01/14/OpenSSH-Client-Vulnerability
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109635
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109636
6. Security Updates in Oracle Linux
(ELSA-2016-0043)
[15/01/2016] Oracle has
released security update packages for fixing the vulnerabilities identified in
the openssh packages for Oracle Linux 7. Due to multiple errors, an attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:linux.oracle.com/errata/ELSA-2016-0043.html
7. Security Updates in Debian (DSA-3443-1, DSA-3444-1,
DSA-3445-1, DSA-3446-1)
[15/01/2016] Debian has
released security update packages for fixing the vulnerability identified in the
libpng, wordpress, pygments and openssh packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.debian.org/security/2016/dsa-3443
URL:www.debian.org/security/2016/dsa-3444
URL:www.debian.org/security/2016/dsa-3445
URL:www.debian.org/security/2016/dsa-3446
8. Security Updates in FreeBSD (FreeBSD-SA-16:01.sctp,
FreeBSD-SA-16:02.ntp, FreeBSD-SA-16:03.linux, FreeBSD-SA-16:04.linux,
FreeBSD-SA-16:05.tcp, FreeBSD-SA-16:06.bsnmpd)
[15/01/2016] FreeBSD
has released security update packages for fixing the vulnerabilities identified
in the sctp, ntp, kernel and bsnmpd packages for multiple versions of FreeBSD
Linux. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:www.freebsd.org/security/advisories/FreeBSD-SA-16:01.sctp.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-16:03.linux.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-16:04.linux.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-16:05.tcp.asc
URL:www.freebsd.org/security/advisories/FreeBSD-SA-16:06.bsnmpd.asc
9. Security Updates in Mageia (MGASA-2016-0018,
MGASA-2016-0019, MGASA-2016-0020, MGASA-2016-0021)
[15/01/2016] Mageia has released security update packages for fixing the
vulnerabilities identified in the ffmpeg, ruby-mail, giflib and librsvg packages
for multiple versions of Mageia. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:advisories.mageia.org/MGASA-2016-0018.html
URL:advisories.mageia.org/MGASA-2016-0019.html
URL:advisories.mageia.org/MGASA-2016-0020.html
URL:advisories.mageia.org/MGASA-2016-0021.html
10.
Security Updates in Red Hat Enterprise
Linux (RHSA-2016:0043-1)
[15/01/2016] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the openssh packages for Red Hat Enterprise Linux 7. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2016-0043.html
11.
Security Updates in SUSE
(SUSE-SU-2016:0117-1, SUSE-SU-2016:0118-1, SUSE-SU-2016:0119-1,
SUSE-SU-2016:0120-1, openSUSE-SU-2016:0123-1, openSUSE-SU-2016:0124-1,
openSUSE-SU-2016:0126-1, openSUSE-SU-2016:0127-1,
openSUSE-SU-2016:0128-1)
[15/01/2016] SUSE has
released security update packages for fixing the vulnerabilities identified in
the openssh-openssl1, openssh and xen packages of SUSE Linux Enterprise Server
11 and 12, openSUSE 13.1, 13.2 and Leap 42.1. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00010.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
12.
Security Updates in Ubuntu GNU/Linux
(USN-2869-1)
[15/01/2016] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the openssh packages for versions 12.04 LTS, 14.04 LTS, 15.04 and 15.10. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2869-1/
13. Vulnerabilities in Cisco Products
(cisco-sa-20160113-air, cisco-sa-20160113-aironet, cisco-sa-20160113-ise,
cisco-sa-20160113-ise2, cisco-sa-20160113-wlc)
[14/01/2016] Vulnerabilities were identified in the Cisco Aironet 1800
Series Access Point devices, Cisco Identity Services Engine (ISE) software and
Cisco Wireless LAN Controller (WLC) software. An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the system.
These vulnerabilities affect multiple versions of the mentioned products.
Security patches are available to resolve these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-air
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-aironet
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-wlc
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109609
14.
Vulnerabilities in F5 Products
(SOL25901386, SOL31026324, SOL94105604)
[14/01/2016] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device,
BIG-IQ Security, BIG-IQ ADC, BIG-IQ Centralized Management, BIG-IQ Cloud and
Orchestration and Traffix SDC. An attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and crash the system. These vulnerabilities
affect multiple versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/k/25/sol25901386.html
URL:support.f5.com/kb/en-us/solutions/public/k/31/sol31026324.html
URL:support.f5.com/kb/en-us/solutions/public/k/94/sol94105604.html
15.
Vulnerabilities in Huawei Products
(Huawei-SA-20160113-01-SmartPhone,
Huawei-SA-20160113-01-Switch)
[14/01/2016] Vulnerabilities was identified in the Huawei smart phones and
Huawei CE series switches. An attacker could bypass security restrictions, cause
a denial of service condition and crash the system. These vulnerabilities affect
multiple firmware versions of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-01-smartphone-en
URL:www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-01-switch-en
16.
Vulnerabilities in Juniper Products
(JSA10714, JSA10715, JSA10718, JSA10719, JSA10720,
JSA10721)
[14/01/2016]
Vulnerabilities was identified in multiple
Juniper product running Junos. An attacker could bypass security restrictions,
cause a denial of service condition and crash the system. These vulnerabilities
affect multiple firmware versions of the mentioned products. Security patches
are available to resolve these
vulnerabilities.
URL:kb.juniper.net/index?page=content&id=JSA10714
URL:kb.juniper.net/index?page=content&id=JSA10715
URL:kb.juniper.net/index?page=content&id=JSA10718
URL:kb.juniper.net/index?page=content&id=JSA10719
URL:kb.juniper.net/index?page=content&id=JSA10720
URL:kb.juniper.net/index?page=content&id=JSA10721
17.
Vulnerability in Fortinet
Products
[14/01/2016]
Vulnerability was identified in the Fortinet
FortiGate/FortiOS. An attacker could bypass security restrictions, execute
arbitrary code and compromise the system. This vulnerability affects versions
prior to 4.3.17 or 5.0.8 of the mentioned products. Security patches are
available to resolve this
vulnerability.
URL:www.fortiguard.com/advisory/fortios-ssh-undocumented-interactive-login-vulnerability
URL:www.hkcert.org/my_url/en/alert/16011401
18.
Vulnerabilities in Samsung SRN-1670D
Network Video Recorder (VU#913000)
[14/01/2016] Vulnerabilities were identified in the Samsung SRN-1670D
Network Video Recorder. An attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code and
compromise the system. These vulnerabilities affect multiple firmware versions
of the mentioned
product.
URL:www.kb.cert.org/vuls/id/913000
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109593
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109594
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109595
19.
Security Updates in Debian
(DSA-3442-1)
[14/01/2016] Debian has
released security update packages for fixing the vulnerability identified in the
isc-dhcp packages for multiple versions of Debian GNU/Linux. An attacker could
bypass security restrictions, cause a denial of service condition and crash the
system.
URL:www.debian.org/security/2016/dsa-3442
20.
Security Updates in Mageia
(MGASA-2016-0012, MGASA-2016-0013, MGASA-2016-0014, MGASA-2016-0015,
MGASA-2016-0016, MGASA-2016-0017)
[14/01/2016] Mageia has
released security update packages for fixing the vulnerabilities identified in
the apache-commons-collections, mono, kernel-linus, kernel-tmb, roundcubemail
and libtiff packages for multiple versions of Mageia. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:advisories.mageia.org/MGASA-2016-0012.html
URL:advisories.mageia.org/MGASA-2016-0013.html
URL:advisories.mageia.org/MGASA-2016-0014.html
URL:advisories.mageia.org/MGASA-2016-0015.html
URL:advisories.mageia.org/MGASA-2016-0016.html
URL:advisories.mageia.org/MGASA-2016-0017.html
21.
Security Updates in SUSE
(SUSE-SU-2016:0113-1)
[14/01/2016] SUSE has
released security update packages for fixing the vulnerabilities identified in
the java-1_6_0-ibm packages of SUSE Linux Enterprise Server 10. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
22.
Security Updates in Slackware
(SSA:2016-012-01)
[14/01/2016] Slackware
has released security update packages for fixing the vulnerability identified in
the dhcp packages for multiple versions of Slackware Linux. An attacker could
bypass security restrictions, cause a denial of service condition and crash the
system.
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.494213
23.
Security Updates in Ubuntu GNU/Linux
(USN-2859-1, USN-2868-1)
[14/01/2016] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the thunderbird and isc-dhcp packages for versions 12.04 LTS, 14.04 LTS, 15.04
and 15.10. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2859-1/
URL:www.ubuntu.com/usn/usn-2868-1/
24.
Vulnerabilities in Microsoft Products
(3109853, 3118753, 3123479, 3124557, 3124584, 3124585, 3124605, 3124901,
3124903, 3124904, 3125540, 3126036)
[13/01/2016] Vulnerabilities were identified in the Microsoft Internet
Explorer, Edge, Windows, Office, Silverlight and Exchange Server. An attacker
could bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:technet.microsoft.com/library/security/ms16-jan
URL:technet.microsoft.com/library/security/MS16-001
URL:technet.microsoft.com/library/security/MS16-002
URL:technet.microsoft.com/library/security/MS16-003
URL:technet.microsoft.com/library/security/MS16-004
URL:technet.microsoft.com/library/security/MS16-005
URL:technet.microsoft.com/library/security/MS16-006
URL:technet.microsoft.com/library/security/MS16-007
URL:technet.microsoft.com/library/security/MS16-008
URL:technet.microsoft.com/library/security/MS16-010
URL:technet.microsoft.com/en-us/library/security/3109853
URL:technet.microsoft.com/en-us/library/security/3118753
URL:technet.microsoft.com/en-us/library/security/3123479
URL:www.hkcert.org/my_url/en/alert/16011301
URL:www.hkcert.org/my_url/en/alert/16011302
URL:www.hkcert.org/my_url/en/alert/16011303
URL:www.hkcert.org/my_url/en/alert/16011304
URL:www.hkcert.org/my_url/en/alert/16011305
URL:www.hkcert.org/my_url/en/alert/16011306
URL:www.hkcert.org/my_url/en/alert/16011307
URL:www.hkcert.org/my_url/en/alert/16011308
URL:www.hkcert.org/my_url/en/alert/16011309
URL:www.us-cert.gov/ncas/current-activity/2016/01/12/Microsoft-Releases-January-2016-Security-Bulletin
URL:exchange.xforce.ibmcloud.com/vulnerabilities/108254
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109283
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109284
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109286
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109287
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109289
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109290
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109291
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109292
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109293
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109294
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109297
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109299
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109305
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109427
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109428
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109429
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109430
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109431
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109432
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109433
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109504
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109515
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109516
25.
Vulnerabilities in Adobe Acrobat and
Reader (APSB16-02)
[13/01/2016] Vulnerabilities were identified in the Adobe Acrobat and
Reader. An attacker could bypass security restrictions, execute arbitrary code
and compromise the system. These vulnerabilities affect multiple versions of the
mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:helpx.adobe.com/security/products/acrobat/apsb16-02.html
URL:www.hkcert.org/my_url/en/alert/16011310
URL:www.us-cert.gov/ncas/current-activity/2016/01/12/Adobe-Releases-Security-Updates-Acrobat-and-Reader
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109568
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109569
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109570
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109571
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109572
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109573
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109574
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109575
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109576
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109577
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109578
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109579
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109580
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109581
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109582
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109583
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109584
26.
Vulnerability in Apple watchOS on IOS
(109587)
[13/01/2016]
Vulnerability was identified in the Apple
watchOS on IOS. An attacker could bypass security restrictions, cause a denial
of service condition and crash the system. This vulnerability affects version
9.0.1 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109587
27.
Vulnerability in Huawei Ethernet Switch
(Huawei-SA-20160112-01-Switch)
[13/01/2016] Vulnerability was identified in the Huawei Ethernet Switch
S5300. An attacker could bypass security restrictions and obtain sensitive
information. This vulnerability affects firmware versions prior to
V200R005SPH008 of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:www.huawei.com/en/psirt/security-advisories/huawei-sa-20160112-01-switch-en
28.
Vulnerability in ISC DHCP
(AA-01334)
[13/01/2016]
Vulnerability was identified in the ISC DHCP. An
attacker could bypass security restrictions, cause a denial of service condition
and crash the system. This vulnerability affects multiple versions of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:kb.isc.org/article/AA-01334
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109586
29.
Vulnerability in TrueCrypt
(109547)
[13/01/2016]
Vulnerability was identified in the TrueCrypt.
An attacker could bypass security restrictions and execute arbitrary code on the
system. This vulnerability affects versions 7.1a and 7.2 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109547
30.
Vulnerabilities in WP Symposium Pro
Social Network plugin for WordPress (109543, 109544)
[13/01/2016] Vulnerabilities were identified in the WP Symposium Pro
Social Network plugin for WordPress. An attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the system.
These vulnerabilities affect versions prior to 16.1 of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109543
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109544
31.
Security Updates in Mageia
(MGASA-2016-0006, MGASA-2016-0007, MGASA-2016-0008, MGASA-2016-0009,
MGASA-2016-0010, MGASA-2016-0011)
[13/01/2016] Mageia has
released security update packages for fixing the vulnerabilities identified in
the bugzilla, ruby, claws-mail, mariadb, openvpn and python-rsa packages for
multiple versions of Mageia. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2016-0006.html
URL:advisories.mageia.org/MGASA-2016-0007.html
URL:advisories.mageia.org/MGASA-2016-0008.html
URL:advisories.mageia.org/MGASA-2016-0009.html
URL:advisories.mageia.org/MGASA-2016-0010.html
URL:advisories.mageia.org/MGASA-2016-0011.html
32.
Security Updates in Red Hat Enterprise
Linux (RHSA-2016:0024-1)
[13/01/2016] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the kernel packages for Red Hat Enterprise Linux 6. Due to multiple errors,
an attacker could bypass security restrictions, cause a denial of service
condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2016-0024.html
33.
Security Updates in SUSE
(openSUSE-SU-2016:0089-1)
[13/01/2016] SUSE has
released security update packages for fixing the vulnerability identified in the
ffmpeg packages of openSUSE Leap 42.1. An attacker could bypass security
restrictions, cause a denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00004.html
34.
Security Updates in Ubuntu GNU/Linux
(USN-2867-1)
[13/01/2016] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the libvirt packages for versions 12.04 LTS, 14.04 LTS, 15.04 and 15.10. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2867-1/
35. Vulnerability in Cisco Adaptive Security Appliance
(cisco-sa-20160111-asa)
[12/01/2016] Vulnerability was identified in the Cisco Adaptive Security
Appliance (ASA). An attacker could bypass security restrictions. This
vulnerability affects versions 9.4.1 up to 9.5.1 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160111-asa
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109532
36.
Vulnerability in Symantec Endpoint
Protection (109533)
[12/01/2016] Vulnerability was identified in the Symantec Endpoint
Protection. An attacker could bypass security restrictions, cause a denial of
service condition and crash the system. This vulnerability affects version
12.1.4013 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109533
37.
Security Updates in Debian (DSA-3438-1,
DSA-3440-1, DSA-3441-1)
[12/01/2016] Debian has
released security update packages for fixing the vulnerabilities identified in
the xscreensaver, sudo and perl packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.debian.org/security/2016/dsa-3438
URL:www.debian.org/security/2016/dsa-3440
URL:www.debian.org/security/2016/dsa-3441
38.
Security Updates in Mageia
(MGASA-2016-0005)
[12/01/2016] Mageia has
released security update packages for fixing the vulnerabilities identified in
the kernel, kernel-userspace-headers, kmod-xtables-addons, kmod-broadcom-wl,
kmod-fglrx, kmod-nvidia304, kmod-nvidia340 and kmod-nvidia-current packages for
multiple versions of Mageia. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information, gain elevated privileges,
execute arbitrary code, cause a denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2016-0005.html
39.
Security Updates in Red Hat Enterprise
Linux (RHSA-2016:0017-1, RHSA-2016:0018-1)
[12/01/2016] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the openstack-nova packages for Red Hat Enterprise Linux OpenStack Platform
for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, execute arbitrary
code, cause a denial of service condition and crash the
system.
URL:rhn.redhat.com/errata/RHSA-2016-0017.html
URL:rhn.redhat.com/errata/RHSA-2016-0018.html
40.
Security Updates in Ubuntu GNU/Linux
(USN-2860-1)
[12/01/2016] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the oxide-qt packages for versions 14.04 LTS, 15.04 and 15.10. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2860-1/
41. Vulnerability in Mozilla Firefox (MFSA
2015-150)
[11/01/2016]
Vulnerability was identified in the Mozilla
Firefox and Firefox ESR. An attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and crash the system. This vulnerability affects versions prior to
Firefox 43.0.2 and Firefox ESR 38.5.2 of the mentioned products. Security
patches are available to resolve this
vulnerability.
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-150/
URL:www.us-cert.gov/ncas/current-activity/2016/01/08/Mozilla-Releases-Security-Updates
42.
Vulnerability in Emsisoft Anti Malware
(109499)
[11/01/2016]
Vulnerability was identified in the Emsisoft
Anti Malware. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. The affected version was not
specified.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109499
43.
Vulnerability in IPSwitch WhatsUp Gold
(VU#753264)
[11/01/2016] Vulnerability was identified in the IPSwitch WhatsUp Gold. An
attacker could bypass security restrictions, execute arbitrary code and perform
code injection attacks. This vulnerability affects versions prior to 16.4 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:www.kb.cert.org/vuls/id/753264
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109514
44.
Vulnerability in ZoneAlarm
(109500)
[11/01/2016]
Vulnerability was identified in the ZoneAlarm.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the system. The affected version was not
specified.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109500
45.
Security Updates in Oracle Linux
(ELSA-2016-3501, ELSA-2016-3502, ELSA-2016-3503)
[11/01/2016] Oracle has released security update packages for fixing the
vulnerabilities identified in the kernel packages for Oracle Linux 5, 6 and 7.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2016-3501.html
URL:linux.oracle.com/errata/ELSA-2016-3502.html
URL:linux.oracle.com/errata/ELSA-2016-3503.html
46.
Security Updates in Debian (DSA-3436-1,
DSA-3437-1, DSA-3439-1)
[11/01/2016] Debian has
released security update packages for fixing the vulnerability identified in the
git packages for multiple versions of Debian GNU/Linux. An attacker could bypass
security restrictions and execute arbitrary
code.
URL:www.debian.org/security/2016/dsa-3436
URL:www.debian.org/security/2016/dsa-3437
URL:www.debian.org/security/2016/dsa-3439
47.
Security Updates in Mageia
(MGASA-2016-0001, MGASA-2016-0002, MGASA-2016-0003,
MGASA-2016-0004)
[11/01/2016] Mageia has
released security update packages for fixing the vulnerabilities identified in
the pitivi, phpmyadmin, armagetron and rtmpdump packages for multiple versions
of Mageia. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:advisories.mageia.org/MGASA-2016-0001.html
URL:advisories.mageia.org/MGASA-2016-0002.html
URL:advisories.mageia.org/MGASA-2016-0003.html
URL:advisories.mageia.org/MGASA-2016-0004.html
48.
Security Updates in Red Hat Enterprise
Linux (RHSA-2016-0014, RHSA-2016-0016)
[11/01/2016] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the libldb and samba packages for Red Hat Gluster Storage 3.1 for Red Hat
Enterprise Linux 7. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information and execute arbitrary
code.
URL:rhn.redhat.com/errata/RHSA-2016-0014.html
URL:rhn.redhat.com/errata/RHSA-2016-0016.html
49.
Security Updates in Ubuntu GNU/Linux
(USN-2865-1, USN-2866-1)
[11/01/2016] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the gnutls26, gnutls28 and firefox packages for versions 12.04 LTS, 14.04 LTS,
15.04 and Ubuntu 15.10. Due to multiple errors, an attacker could bypass
security restrictions, obtain sensitive information and execute arbitrary code
on the
system.
URL:www.ubuntu.com/usn/usn-2865-1/
URL:www.ubuntu.com/usn/usn-2866-1/
No comments:
Post a Comment