[SECURITY] [DSA 3362-1] qemu-kvm security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3362-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 18, 2015

[SECURITY] [DSA 3363-1] owncloud-client security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3363-1 secur...@debian.org https://www.debian.org/security/Luciano Bello September 20, 2015

CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth

# # # COMPASS SECURITY ADVISORY # http://www.csnc.ch/en/downloads/advisories.html # # # # Product: nevisAuth [1] # Vendor:AdNovum [2] # CVD ID:CVE-2015-5372 # Subject:

SAP Netwaver - XML External Entity Injection

Title: SAP Netwaver - XML External Entity Injection Author: Lukasz Miedzinski GPG: Public key provided in attachment Date: 29/10/2014 CVE: CVE-2015-7241 Affected software : === SAP Netwear : <7.01 Vendor advisories (only for customers): === External ID : 851975

Advisory: Insufficient Parameter Sanitization in login.live.com (Microsoft)

Original at: http://securityresearch.shaftek.biz/2015/09/insufficient-parameter-sanitization-login-live-com.html Overview Web widgets hosted by Microsoft’s online login portal, login.live.com, do not perform sufficient parameter sanitization allowing an attacker to inject arbitrary text.

Defense in depth -- the Microsoft way (part 35): Windows Explorer ignores "Run as administrator" ...

Hi @ll, since Microsoft introduced the security theatre named "user account control" with Windows Vista users cant start (another instance of) the Windows Explorer with elevated rights any more: the "Run as administrator" and the "Run as different user" context menu entries only start another

Jasig CAS server vulnerabilities

Hi, Jasig CAS server version 4.0.1 is prone to xss vulnerabilities Timeline: 20.02.2015 - Vendor notified 11.05.2015 - Patches released 21.09.2015 - Bugtraq disclosure Vulnerable version: 4.0.1 Fixed version: 4.0.2 Vulnerabilities details: 1) XSS in OpenID server Obtain method: Paste

[SECURITY] [DSA 3361-1] qemu security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3361-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 18, 2015

APPLE-SA-2015-09-21-1 watchOS 2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2015-09-21-1 watchOS 2 watchOS 2 is now available and addresses the following: Apple Pay Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: Some cards may allow a terminal to retrieve limited recent