[security bulletin] HPSBGN03527 rev.1 - HPE Helion Eucalyptus, Remote Access Restriction Bypass

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04926482 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04926482 Version: 1 HPSBGN03527

[SECURITY] [DSA 3429-1] foomatic-filters security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3429-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 21, 2015

[security bulletin] HPSBGN03526 rev.1 - HPE Helion Eucalyptus, Remote Access Restriction Bypass, Unauthorized Modification

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04926463 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04926463 Version: 1 HPSBGN03526

giflib: heap overflow in giffix (CVE-2015-7555)

About = giflib[1] is a library for working with GIF images. It also provides several command-line utilities. CVE-2015-7555 = A heap overflow may occur in the giffix utility included in giflib-5.1.1 when processing records of the type `IMAGE_DESC_RECORD_TYPE' due to the

[SECURITY] [DSA 3427-1] blueman security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3427-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 18, 2015

KL-001-2015-007 : Seagate GoFlex Satellite Remote Telnet Default Password

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 KL-001-2015-007 : Seagate GoFlex Satellite Remote Telnet Default Password Title: Seagate GoFlex Satellite Remote Telnet Default Password Advisory ID: KL-001-2015-007 Publication Date: 2015.12.18 Publication URL:

Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege

Hi @ll, the executable installer [°] of ESET's NOD32 antivirus, eset_nod32_antivirus_live_installer_.exe, loads and executes (at least) the rogue/bogus/malicious Cabinet.dll and DbgHelp.dll eventually found in the directory it is started from ['] (the "application directory"). For software

Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies

Hi @ll, in I showed general mitigations for DLL hijacking via runtime dependencies (). DLL hijacking is but also possible via load-time dependencies

ESA-2015-177: RSA SecurID(r) Web Agent Authentication Bypass Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ESA-2015-177: RSA SecurID® Web Agent Authentication Bypass Vulnerability EMC Identifier: ESA-2015-177 CVE Identifier: CVE-2015-6851 Severity Rating: 6.6 (AV:L/AC:L/Au:N/C:C/I:C/A:N) Affected Products: - RSA SecurID® Web Agent versions prior