1. Vulnerabilities in Trend Micro
OfficeScan
[08/01/2016]
Vulnerabilities were identified in the Trend
Micro OfficeScan 11 Patch 1. An attacker could bypass security restrictions,
obtain sensitive information, cause a denial of service condition and crash the
system. These vulnerabilities affect versions prior to Server Build 4268 and
Agent Module Build 3944 of the mentioned products. Security patches are
available to resolve these
vulnerabilities.
URL:files.trendmicro.com/documentation/readme/officescan/osce_11_patch1_win_all_criticalpatch_4268_readme.txt
URL:downloadcenter.trendmicro.com/index.php?regs=NABU&clk=tbl&clkval=4569&cm_mmc=RSS-_-Download%20Center-_-product-_-5
2. Vulnerabilities in Apple QuickTime
(HT205638)
[08/01/2016]
Vulnerabilities were identified in the Apple
QuickTime. An attacker could bypass security restrictions, execute arbitrary
code, cause a denial of service condition and crash the system. These
vulnerabilities affect versions prior to 7.7.9 of the mentioned product.
Security patches are available to resolve these
vulnerabilities.
URL:support.apple.com/en-hk/HT205638
3. Vulnerabilities in F5 Products (SOL05272632,
SOL22843911, SOL75136237)
[08/01/2016] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP
AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP
Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP
WebAccelerator, BIG-IP WOM, Enterprise Manager, BIG-IQ Cloud, BIG-IQ Device,
BIG-IQ Security, BIG-IQ ADC, BIG-IQ Centralized Management, BIG-IQ Cloud and
Orchestration. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and crash the system. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/k/05/sol05272632.html
URL:support.f5.com/kb/en-us/solutions/public/k/22/sol22843911.html
URL:support.f5.com/kb/en-us/solutions/public/k/75/sol75136237.html
4. Vulnerability in HPE UCMDB Browser
(c04924053)
[08/01/2016] Vulnerability was identified in the HPE UCMDB Browser. An
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and compromise the
system. This vulnerability affects versions prior to v4.02 of the mentioned
product. Security patches are available to resolve this
vulnerability.
URL:h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04924053
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109466
5. Vulnerability in IBM Tealeaf Customer Experience
(1968868)
[08/01/2016]
Vulnerability was identified in the IBM Tealeaf
Customer Experience. An attacker could bypass security restrictions, obtain
sensitive information, execute arbitrary code, cause a denial of service
condition and compromise the system. This vulnerability affects versions
v8.0-v9.0.2 of the mentioned product. Security patches are available to resolve
this
vulnerability.
URL:www-01.ibm.com/support/docview.wss?uid=swg21968868
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105899
6. Vulnerability in VMware Products
(VMSA-2016-0001)
[08/01/2016] Vulnerability was identified in multiple VMware Products. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the system. This vulnerability affects multiple versions of the
mentioned products. Security patches are available to resolve this
vulnerability.
URL:www.vmware.com/security/advisories/VMSA-2016-0001.html
URL:lists.vmware.com/pipermail/security-announce/2016/000316.html
7. Vulnerabilities in dhcpd
[08/01/2016] Vulnerabilities were identified in the dhcpd. An attacker
could bypass security restrictions, execute arbitrary code, cause a denial of
service condition and crash the system. These vulnerabilities affect multiple
versions of the mentioned product. Security patches are available to resolve
these
vulnerabilities.
URL:www.hkcert.org/my_url/en/alert/16010802
8. Vulnerabilities in PHP
[08/01/2016] Vulnerabilities were identified in the PHP. An attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the system. These vulnerabilities affect versions prior to 5.5.31,
5.6.17 or 7.0.2 of the mentioned product. Security patches are available to
resolve these
vulnerabilities.
URL:www.php.net/ChangeLog-5.php
URL:www.php.net/ChangeLog-7.php
URL:www.hkcert.org/my_url/en/alert/16010801
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109468
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109469
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109470
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109471
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109472
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109473
9. Vulnerability in TLS protocol
(109415)
[08/01/2016]
Vulnerability was identified in the TLS
protocol. An attacker could bypass security restrictions and obtain sensitive
information. This vulnerability affects version 1.2 of the mentioned product.
Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109415
10.
Security Updates in Oracle Linux
(ELSA-2016-0005, ELSA-2016-0006, ELSA-2016-0007, ELSA-2016-0008, ELSA-2016-0009,
ELSA-2016-0010, ELSA-2016-0011, ELSA-2016-0012)
[08/01/2016] Oracle has released security update packages for fixing the
vulnerabilities identified in the rpcbind, samba, nss, openssl, libldb, samba4
and gnutls packages for Oracle Linux 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2016-0005.html
URL:linux.oracle.com/errata/ELSA-2016-0006.html
URL:linux.oracle.com/errata/ELSA-2016-0007.html
URL:linux.oracle.com/errata/ELSA-2016-0008.html
URL:linux.oracle.com/errata/ELSA-2016-0009.html
URL:linux.oracle.com/errata/ELSA-2016-0010.html
URL:linux.oracle.com/errata/ELSA-2016-0011.html
URL:linux.oracle.com/errata/ELSA-2016-0012.html
11.
Security Updates in Red Hat Enterprise
Linux (RHSA-2016-0004, RHSA-2016-0005, RHSA-2016-0006, RHSA-2016-0007,
RHSA-2016-0008, RHSA-2016-0009, RHSA-2016-0010, RHSA-2016-0011,
RHSA-2016-0012)
[08/01/2016] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the kernel, rpcbind, samba, nss, openssl, libldb, samba4 and gnutls packages
for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2016-0004.html
URL:rhn.redhat.com/errata/RHSA-2016-0005.html
URL:rhn.redhat.com/errata/RHSA-2016-0006.html
URL:rhn.redhat.com/errata/RHSA-2016-0007.html
URL:rhn.redhat.com/errata/RHSA-2016-0008.html
URL:rhn.redhat.com/errata/RHSA-2016-0009.html
URL:rhn.redhat.com/errata/RHSA-2016-0010.html
URL:rhn.redhat.com/errata/RHSA-2016-0011.html
URL:rhn.redhat.com/errata/RHSA-2016-0012.html
12.
Security Updates in Ubuntu GNU/Linux
(USN-2862-1, USN-2863-1, USN-2864-1)
[08/01/2016] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the pygments, openssl and nss packages for versions 12.04 LTS, 14.04 LTS, 15.04
and Ubuntu 15.10. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information and execute arbitrary code on the
system.
URL:www.ubuntu.com/usn/usn-2862-1/
URL:www.ubuntu.com/usn/usn-2863-1/
URL:www.ubuntu.com/usn/usn-2864-1/
13.
Vulnerability in Apache Directory Studio
(109410)
[07/01/2016]
Vulnerability was identified in the Apache
Directory Studio. An attacker could bypass security restrictions, execute
arbitrary code and compromise the system. This vulnerability affects versions
prior to 2.0.0-M10 of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109410
14.
Vulnerabilities in F5 Products
(SOL13405416, SOL43552605)
[07/01/2016] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP
Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link
Controller, BIG-IP PSM, BIG-IP WebAccelerator and BIG-IP WOM. An attacker could
bypass security restrictions, obtain sensitive information, gain elevated
privileges, execute arbitrary code, cause a denial of service condition and
crash the system. These vulnerabilities affect multiple versions of the
mentioned products. Security patches are available to resolve these
vulnerabilities.
URL:support.f5.com/kb/en-us/solutions/public/k/13/sol13405416.html
URL:support.f5.com/kb/en-us/solutions/public/k/43/sol43552605.html
15.
Vulnerability in DX Library
(109405)
[07/01/2016]
Vulnerability was identified in the DX Library.
An attacker could bypass security restrictions, execute arbitrary code and
compromise the system. This vulnerability affects versions prior to 3.16 of the
mentioned product. Security patches are available to resolve this
vulnerability.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109405
16.
Vulnerability in Huawei HG253s
(HW-462987)
[07/01/2016] Vulnerability was identified in the Huawei HG253s. An
attacker could bypass security restrictions and obtain sensitive information.
This vulnerability affects version v2 of the mentioned product. Security patches
are available to resolve this
vulnerability.
URL:www.huawei.com/en/psirt/security-notices/hw-462987
17.
Vulnerabilities in Office Document Reader
Pro (109401, 109402)
[07/01/2016] Vulnerabilities were identified in the Office Document Reader
Pro. An attacker could bypass security restrictions, obtain sensitive
information, execute arbitrary code, cause a denial of service condition and
compromise the system. These vulnerabilities affect version 5.1.13 of the
mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109401
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109402
18.
Vulnerabilities in Google Products
(109403)
[07/01/2016]
Vulnerabilities were identified in the Google
Android and Google Chrome. An attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the system. These
vulnerabilities affect multiple versions of the mentioned products. Security
patches are available to resolve these vulnerabilities identified in Google
Android.
URL:www.hkcert.org/my_url/en/alert/16010701
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109403
19.
Vulnerabilities in
WordPress
[07/01/2016]
Vulnerabilities were identified in the
WordPress. An attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the system. These vulnerabilities affect
versions prior to 4.4.1 of the mentioned product. Security patches are available
to resolve these
vulnerabilities.
URL:wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
URL:www.us-cert.gov/ncas/current-activity/2016/01/06/WordPress-Releases-Security-Update
20.
Security Updates in Debian
(DSA-3435-1)
[07/01/2016] Debian has
released security update packages for fixing the vulnerability identified in the
git packages for multiple versions of Debian GNU/Linux. An attacker could bypass
security restrictions and execute arbitrary
code.
URL:www.debian.org/security/2016/dsa-3435
21.
Security Updates in SUSE
(openSUSE-SU-2016:0036-1)
[07/01/2016] SUSE has
released security update packages for fixing the vulnerability identified in the
grub2 packages of openSUSE Leap 42.1. An attacker could bypass security
restrictions and obtain sensitive
information.
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html
22.
Security Updates in Ubuntu GNU/Linux
(USN-2861-1)
[07/01/2016] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the libpng packages for versions 12.04 LTS, 14.04 LTS, 15.04 and Ubuntu 15.10.
Due to multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2861-1/
23. Information Updates on Microsoft Security Advisory
(2755801)
[06/01/2016]
Microsoft has updated information on the
Security Advisory for Adobe Flash Player in Internet Explorer on all supported
editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows
Server 2012 R2, Windows RT 8.1 and Windows 10; and Adobe Flash Player in
Microsoft Edge on all supported editions of Windows 10. KB2755801 added the
3133431 update to the Current Update
section.
URL:technet.microsoft.com/en-us/library/security/2755801
24.
Vulnerabilities in Mozilla Firefox OS
(MFSA 2015-151, MFSA 2015-152, MFSA 2015-153)
[06/01/2016] Vulnerabilities were identified in the Mozilla Firefox OS. An
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the system. These vulnerabilities affect versions prior to 2.5 of
the mentioned product. Security patches are available to resolve these
vulnerabilities.
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-151/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-152/
URL:www.mozilla.org/en-US/security/advisories/mfsa2015-153/
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109396
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109397
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109398
25.
Vulnerability in Trend Micro Antivirus
(109380)
[06/01/2016]
Vulnerability was identified in the Trend Micro
Antivirus. An attacker could bypass security restrictions, execute arbitrary
code, cause a denial of service condition and crash the system. The affected
version was not
specified.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109380
26.
Vulnerabilities in Cisco Products
(cisco-sa-20160105-cucm, cisco-sa-20160105-pi)
[06/01/2016] Vulnerabilities were identified in the Cisco Unified
Communications Manager and Cisco Prime Infrastructure. An attacker could bypass
security restrictions, execute arbitrary code, perform code injection and
cross-frame scripting (XFS) attacks. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160105-cucm
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160105-pi
27.
Vulnerabilities in Huawei Smart Phones
(Huawei-SA-20160105-01-SmartPhone)
[06/01/2016] Vulnerabilities were identified in the Huawei Smart Phones.
An attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. These vulnerabilities affect
multiple versions of the mentioned products. Security patches are available to
resolve these
vulnerabilities.
URL:www.huawei.com/en/psirt/security-advisories/huawei-sa-20160105-01-smartphone-en
28.
Vulnerabilities in
Samba
[06/01/2016]
Vulnerabilities were identified in the Samba. An
attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
system. These vulnerabilities affect versions prior to 2:3.6.6-6+deb7u6,
2:4.1.17+dfsg-2+deb8u1 or 2:4.1.22+dfsg-1 of the mentioned product. Security
patches are available to resolve these
vulnerabilities.
URL:www.hkcert.org/my_url/en/alert/16010504
29.
Vulnerability in PCRE
(109363)
[06/01/2016]
Vulnerability was identified in the PCRE. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system. This vulnerability affects
version 8.38 of the mentioned
product.
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109363
30.
Vulnerabilities in
Wireshark
[06/01/2016]
Vulnerabilities were identified in the
Wireshark. An attacker could bypass security restrictions, execute arbitrary
code, cause a denial of service condition and crash the system. These
vulnerabilities affect versions prior to 1.12.9 or 2.0.1 of the mentioned
product. Security patches are available to resolve these
vulnerabilities.
URL:www.hkcert.org/my_url/en/alert/16010503
31.
Security Updates in Oracle Linux
(ELSA-2016-0001)
[06/01/2016] Oracle has
released security update packages for fixing the vulnerabilities identified in
the thunderbird package for Oracle Linux 5, 6 and 7. Due to multiple errors, an
attacker could bypass security restrictions, obtain sensitive information, gain
elevated privileges, execute arbitrary code, cause a denial of service condition
and compromise the
system.
URL:linux.oracle.com/errata/ELSA-2016-0001.html
32.
Security Updates in Debian (DSA-3431-1,
DSA-3432-1, DSA-3434-1)
[06/01/2016] Debian has
released security update packages for fixing the vulnerabilities identified in
the ganeti, icedove and linux packages for multiple versions of Debian
GNU/Linux. Due to multiple errors, an attacker could bypass security
restrictions, obtain sensitive information, gain elevated privileges, execute
arbitrary code, cause a denial of service condition and compromise the
system.
URL:www.debian.org/security/2016/dsa-3431
URL:www.debian.org/security/2016/dsa-3432
URL:www.debian.org/security/2016/dsa-3434
33.
Security Updates in Red Hat Enterprise
Linux (RHSA-2016-0001)
[06/01/2016] Red Hat
has released security update packages for fixing the vulnerabilities identified
in the thunderbird packages for Red Hat Enterprise Linux 5, 6 and 7. Due to
multiple errors, an attacker could bypass security restrictions, obtain
sensitive information, gain elevated privileges, execute arbitrary code, cause a
denial of service condition and compromise the
system.
URL:rhn.redhat.com/errata/RHSA-2016-0001.html
34.
Security Updates in SUSE
(SUSE-SU-2016:0020-1, SUSE-SU-2016:0032-1)
[06/01/2016] SUSE has
released security update packages for fixing the vulnerabilities identified in
the kvm and samba packages of SUSE Linux Enterprise 11. Due to multiple errors,
an attacker could bypass security restrictions, obtain sensitive information,
execute arbitrary code, cause a denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00001.html
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html
35.
Security Updates in Ubuntu GNU/Linux
(USN-2855-1, USN-2856-1, USN-2857-1, USN-2857-2, USN-2858-1, USN-2858-2,
USN-2858-3)
[06/01/2016] Ubuntu has
released security update packages for fixing the vulnerabilities identified in
the samba, ldb, linux, linux-lts-vivid,linux-lts-wily and linux-raspi2 packages
for versions 12.04 LTS, 14.04 LTS, 15.04 and Ubuntu 15.10. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and compromise the
system.
URL:www.ubuntu.com/usn/usn-2855-1/
URL:www.ubuntu.com/usn/usn-2856-1/
URL:www.ubuntu.com/usn/usn-2857-1/
URL:www.ubuntu.com/usn/usn-2857-2/
URL:www.ubuntu.com/usn/usn-2858-1/
URL:www.ubuntu.com/usn/usn-2858-2/
URL:www.ubuntu.com/usn/usn-2858-3/
36.
Vulnerability in Cisco IOS XR Software
(cisco-sa-20160104-iosxr)
[05/01/2016] Vulnerability was identified in the Cisco IOS XR Software. An
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the system.. This vulnerability affects
multiple versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160104-iosxr
URL:exchange.xforce.ibmcloud.com/vulnerabilities/109353
37.
Vulnerability in Novell Identity Manager
(5230811)
[05/01/2016]
Vulnerability was identified in the Novell
Identity Manager. An attacker could bypass security restrictions, obtain
sensitive information and execute arbitrary code. This vulnerability affects
multiple versions of the mentioned product. Security patches are available to
resolve this
vulnerability.
URL:download.novell.com/Download?buildid=HsE3grsz-TU~
38.
Vulnerabilities in Huawei Smart Phones
(Huawei-SA-20160104-01-SmartPhone, Huawei-SA-20160104-02-SmartPhone,
Huawei-SA-20160104-03-SmartPhone,
Huawei-SA-20160104-04-SmartPhone)
[05/01/2016] Vulnerabilities were identified in the Huawei Smart Phones.
An attacker could bypass security restrictions, obtain sensitive information,
gain elevated privileges, execute arbitrary code, cause a denial of service
condition and compromise the system. These vulnerabilities affect multiple
versions of the mentioned products. Security patches are available to resolve
these
vulnerabilities.
URL:www.huawei.com/en/psirt/security-advisories/huawei-sa-20160104-01-smartphone-en
URL:www.huawei.com/en/psirt/security-advisories/huawei-sa-20160104-02-smartphone-en
URL:www.huawei.com/en/psirt/security-advisories/huawei-sa-20160104-03-smartphone-en
URL:www.huawei.com/en/psirt/security-advisories/huawei-sa-20160104-04-smartphone-en
39.
Security Updates in SUSE
(SUSE-SU-2016:0010-1)
[05/01/2016] SUSE has
released security update packages for fixing the vulnerabilities identified in
the kvm packages of SUSE Linux Enterprise 11. Due to multiple errors, an
attacker could bypass security restrictions, execute arbitrary code, cause a
denial of service condition and crash the
system.
URL:lists.opensuse.org/opensuse-security-announce/2016-01/msg00000.html
40.
Security Updates in Debian
(DSA-3433-1)
[04/01/2016] Debian has
released security update packages for fixing the vulnerabilities identified in
the samba packages for multiple versions of Debian GNU/Linux. Due to multiple
errors, an attacker could bypass security restrictions, obtain sensitive
information, gain elevated privileges, execute arbitrary code, cause a denial of
service condition and crash the
system.
URL:www.debian.org/security/2016/dsa-3433
41.
Security Updates in SUSE
(openSUSE-SU-2015:2406-1)
[04/01/2016] SUSE has
released security update packages for fixing the vulnerabilities identified in
the Mozilla Thunderbird packages of openSUSE 13.1 and 13.2, openSUSE Evergreen
11.4. Due to multiple errors, an attacker could bypass security restrictions,
obtain sensitive information, gain elevated privileges, execute arbitrary code,
cause a denial of service condition and compromise the
system.
URL:lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html
No comments:
Post a Comment