APPLE-SA-2015-12-08-4 watchOS 2.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2015-12-08-4 watchOS 2.1 watchOS 2.1 is now available and addresses the following: AppSandbox Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may maintain access

[SECURITY] [DSA 3415-1] chromium-browser security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3415-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert December 09, 2015

MacOS/iPhone/Apple Watch/Apple TV libc File System Buffer Overflow

Hi @ll, Today Apple fixed buffer overflow issue in LIBC/FTS (CVE-2015-7039). Patch available for: - OS X El Capitan v10.11 and v10.11.1 - iPhone 4s and later, - Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes - Apple TV (4th generation) Impact: Processing a

[CVE-2015-7706] SECURE DATA SPACE API Multiple Non-Persistent Cross-Site Scripting Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 secunet Security Networks AG Security Advisory Advisory: SECURE DATA SPACE API Multiple Non-Persistent Cross-Site Scripting Vulnerabilities 1. DETAILS - -- Product: SECURE DATA SPACE Vendor URL: www.ssp-europe.eu Type: Cross-site

[security bulletin] HPSBMU03520 rev.1 - HP Insight Control server provisioning, Remote Disclosure of Information

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04918653 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04918653 Version: 1

Path Traversal via CSRF in bitrix.xscan Bitrix Module

Advisory ID: HTB23278 Product: bitrix.xscan Bitrix module Vendor: Bitrix Vulnerable Version(s): 1.0.3 and probably prior Tested Version: 1.0.3 Advisory Publication: November 18, 2015 [without technical details] Vendor Notification: November 18, 2015 Vendor Patch: November 24, 2015 Public

PHP File Inclusion in bitrix.mpbuilder Bitrix Module

Advisory ID: HTB23281 Product: bitrix.mpbuilder Bitrix module Vendor: www.1c-bitrix.ru Vulnerable Version(s): 1.0.10 and probably prior Tested Version: 1.0.10 Advisory Publication: November 18, 2015 [without technical details] Vendor Notification: November 18, 2015 Vendor Patch: November 25,

WordPress Users Ultra Plugin [Blind SQL injection] - Update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 * Exploit Title: WordPress Users Ultra Plugin [Blind SQL injection] * Discovery Date: 2015/10/19 * Public Disclosure Date: 2015/12/01 * Exploit Author: Panagiotis Vagenas * Contact: https://twitter.com/panVagenas * Vendor Homepage:

XSS vulnerability in Intellect Core banking software - Polaris

[+] Credits: Mayank Sahu [+] Email: ms...@controlcase.com Vendor: Intellect Design Arena (Polaris) Product: === Intellect Core banking software (Armar module) Vulnerability Type: == Cross site scripting - XSS CVE Reference:

Advisory: Arro and Other Android Taxi Hailing Apps Did Not Use SSL (Mobile Knowledge)

Original: http://securityresearch.shaftek.biz/2015/12/goarro-and-other-taxi-hailing-apps-did-not-use-ssl.html CERT Advisory: https://www.kb.cert.org/vuls/id/439016 Advisory: Arro and Other Android Taxi Hailing Apps Did Not Use SSL (Mobile Knowledge) Overview Arro and possibly over 100 other

APPLE-SA-2015-12-08-1 iOS 9.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2015-12-08-1 iOS 9.2 iOS 9.2 is now available and addresses the following: AppleMobileFileIntegrity Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able

[CORE-2015-0014] - Microsoft Windows Media Center link file incorrectly resolved reference

1. Advisory Information Title: Microsoft Windows Media Center link file incorrectly resolved reference Advisory ID: CORE-2015-0014 Advisory URL: http://www.coresecurity.com/advisories/microsoft-windows-media-center-link-file-incorrectly-resolved-reference Date published: 2015-12-08 Date of last

APPLE-SA-2015-12-08-2 tvOS 9.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2015-12-08-2 tvOS 9.1 tvOS 9.1 is now available and addresses the following: AppleMobileFileIntegrity Available for: Apple TV (4th generation) Impact: A malicious application may be able to execute arbitrary code with system privileges

[security bulletin] HPSBHF03432 rev.1 - HPE Networking Comware 5, Comware 5 Low Encryption SW, Comware 7, VCX Using NTP, Remote Access Restriction Bypass and Code Execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04916783 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04916783 Version: 1 HPSBHF03432

APPLE-SA-2015-12-08-5 Safari 9.0.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2015-12-08-5 Safari 9.0.2 Safari 9.0.2 is now available and addresses the following: WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted

[security bulletin] HPSBHF03433 SSRT102964 rev.1 - HP-UX Running Mozilla Firefox and Thunderbird, Remote Disclosure of Information

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04918839 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04918839 Version: 1 HPSBHF03433

Cisco Security Advisory: Cisco Prime Collaboration Assurance Default Account Credential Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Cisco Security Advisory: Cisco Prime Collaboration Assurance Default Account Credential Vulnerability Advisory ID: cisco-sa-20151209-pca Revision 1.0 For Public Release 2015 December 9 16:00 UTC (GMT)

APPLE-SA-2015-12-08-4 watchOS 2.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2015-12-08-4 watchOS 2.1 watchOS 2.1 is now available and addresses the following: AppSandbox Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may maintain access

[SECURITY] [DSA 3414-1] xen security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian Security Advisory DSA-3414-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 09, 2015

Secunia Research: Microsoft Windows usp10.dll "GetFontDesc()" Integer Underflow Vulnerability

== Secunia Research 08/12/2015 Microsoft Windows usp10.dll "GetFontDesc()" Integer Underflow Vulnerability

APPLE-SA-2015-12-08-6 Xcode 7.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2015-12-08-6 Xcode 7.2 Xcode 7.2 is now available and addresses the following: Git Available for: OS X Yosemite v10.10.5 or later Impact: Multiple vulnerabilities existed in Git Description: Multiple vulnerabilities existed in Git

Cisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco Products

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco Products Advisory ID: cisco-sa-20151209-java-deserialization Revision 1.0 For Public Release: 2015 December 9 16:00 GMT

APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008 OS X El Capitan 10.11.2 and Security Update 2015-008 is now available and addresses the following: apache_mod_php Available for: OS X El Capitan v10.11 and v10.11.1

SEC Consult SA-20151210-0 :: Skybox Platform Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 SEC Consult Vulnerability Lab Security Advisory < 20151210-0 > === title: Multiple Vulnerabilities product: Skybox Platform vulnerable version: <

BFS-SA-2015-003: Internet Explorer CObjectElement Use-After-Free Vulnerability

Blue Frost Security GmbH https://www.bluefrostsecurity.de/ research(at)bluefrostsecurity.de BFS-SA-2015-003 10-December-2015 Vendor: