-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2015-12-08-4 watchOS 2.1
watchOS 2.1 is now available and addresses the following:
AppSandbox
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may maintain access
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-3415-1 secur...@debian.org
https://www.debian.org/security/ Michael Gilbert
December 09, 2015
Hi @ll,
Today Apple fixed buffer overflow issue in LIBC/FTS (CVE-2015-7039).
Patch available for:
- OS X El Capitan v10.11 and v10.11.1
- iPhone 4s and later,
- Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes
- Apple TV (4th generation)
Impact: Processing a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
secunet Security Networks AG Security Advisory
Advisory: SECURE DATA SPACE API Multiple Non-Persistent Cross-Site Scripting
Vulnerabilities
1. DETAILS
- --
Product: SECURE DATA SPACE
Vendor URL: www.ssp-europe.eu
Type: Cross-site
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04918653
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04918653
Version: 1
Advisory ID: HTB23278
Product: bitrix.xscan Bitrix module
Vendor: Bitrix
Vulnerable Version(s): 1.0.3 and probably prior
Tested Version: 1.0.3
Advisory Publication: November 18, 2015 [without technical details]
Vendor Notification: November 18, 2015
Vendor Patch: November 24, 2015
Public
Advisory ID: HTB23281
Product: bitrix.mpbuilder Bitrix module
Vendor: www.1c-bitrix.ru
Vulnerable Version(s): 1.0.10 and probably prior
Tested Version: 1.0.10
Advisory Publication: November 18, 2015 [without technical details]
Vendor Notification: November 18, 2015
Vendor Patch: November 25,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
* Exploit Title: WordPress Users Ultra Plugin [Blind SQL injection]
* Discovery Date: 2015/10/19
* Public Disclosure Date: 2015/12/01
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage:
[+] Credits: Mayank Sahu
[+] Email: ms...@controlcase.com
Vendor:
Intellect Design Arena (Polaris)
Product:
===
Intellect Core banking software (Armar module)
Vulnerability Type:
==
Cross site scripting - XSS
CVE Reference:
Original:
http://securityresearch.shaftek.biz/2015/12/goarro-and-other-taxi-hailing-apps-did-not-use-ssl.html
CERT Advisory:
https://www.kb.cert.org/vuls/id/439016
Advisory: Arro and Other Android Taxi Hailing Apps Did Not Use SSL (Mobile
Knowledge)
Overview
Arro and possibly over 100 other
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2015-12-08-1 iOS 9.2
iOS 9.2 is now available and addresses the following:
AppleMobileFileIntegrity
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able
1. Advisory Information
Title: Microsoft Windows Media Center link file incorrectly resolved reference
Advisory ID: CORE-2015-0014
Advisory URL:
http://www.coresecurity.com/advisories/microsoft-windows-media-center-link-file-incorrectly-resolved-reference
Date published: 2015-12-08
Date of last
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2015-12-08-2 tvOS 9.1
tvOS 9.1 is now available and addresses the following:
AppleMobileFileIntegrity
Available for: Apple TV (4th generation)
Impact: A malicious application may be able to execute arbitrary
code with system privileges
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04916783
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04916783
Version: 1
HPSBHF03432
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2015-12-08-5 Safari 9.0.2
Safari 9.0.2 is now available and addresses the following:
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04918839
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04918839
Version: 1
HPSBHF03433
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Cisco Security Advisory: Cisco Prime Collaboration Assurance Default Account
Credential Vulnerability
Advisory ID: cisco-sa-20151209-pca
Revision 1.0
For Public Release 2015 December 9 16:00 UTC (GMT)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2015-12-08-4 watchOS 2.1
watchOS 2.1 is now available and addresses the following:
AppSandbox
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may maintain access
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-3414-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
December 09, 2015
==
Secunia Research 08/12/2015
Microsoft Windows usp10.dll "GetFontDesc()"
Integer Underflow Vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2015-12-08-6 Xcode 7.2
Xcode 7.2 is now available and addresses the following:
Git
Available for: OS X Yosemite v10.10.5 or later
Impact: Multiple vulnerabilities existed in Git
Description: Multiple vulnerabilities existed in Git
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco
Products
Advisory ID: cisco-sa-20151209-java-deserialization
Revision 1.0
For Public Release: 2015 December 9 16:00 GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008
OS X El Capitan 10.11.2 and Security Update 2015-008 is now available
and addresses the following:
apache_mod_php
Available for: OS X El Capitan v10.11 and v10.11.1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
SEC Consult Vulnerability Lab Security Advisory < 20151210-0 >
===
title: Multiple Vulnerabilities
product: Skybox Platform
vulnerable version: <
Blue Frost Security GmbH
https://www.bluefrostsecurity.de/ research(at)bluefrostsecurity.de
BFS-SA-2015-003 10-December-2015
Vendor:
25 matches
Mail list logo