HP Security Bulletin HPSBPI03546 1 - A potential security vulnerability has been identified with certain HP LaserJet Printers and MFPs, and certain HP OfficeJet Enterprise printers and MFPs, which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
db9fa0aaa519130f69d0a3334e16ce41d0c763e84b355f7fa9bc8c588445252f
HP Security Bulletin HPSBHF03439 1 - HP has identified a potential security vulnerability with the Sure Start implementation on certain 2015 commercial platforms. This vulnerability could be exploited locally by administrator or root level privileges and if compromised, the Sure Start systems could fail to recover the BIOS. Revision 1 of this advisory.
3f85453b4a238744be2fc526bc164b41df544116d4d399101f7907fc1bfa37d0
HP Security Bulletin HPSBGN03550 2 - A security vulnerability in Apache Flex BlazeDS was addressed by HP Operations Manager i (OMi) and Business Service Manager (BSM). The vulnerability could be exploited remotely resulting in disclosure of information. Note : OMi v10.10 is NOT affected by this vulnerability. Revision 2 of this advisory.
27a92a5d40551b9d1b66e19a06398f5aaeda2de982126868c4b21cbd744ed72a
Debian Linux Security Advisory 3503-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leak or data loss.
25d671ba26bfc929fa9034f00895f1f88acf0c87420ac9187d367f3130e8b078
HTTPS Only is a tool that ensures specific sites visited from your browser only transit over HTTPS.
2b41b72668be296cc01a1a4278a7b7f165d368d3afe6d6729c1eea9ca2e22d2a
ESET NOD32 is affected by a heap overflow vulnerability while unpacking EPOC installation files. By creating a file record with type SIS_FILE_MULTILANG (meaning a different file is provided for every supported language), and then claiming to support a very large number of languages, a 16-bit calculation overflows. This leads to a nice clean heap overflow.
2ddb32b00ad827a94327941703ae9b58ae4291fd5a72a65024a689e350a62ff5
The Shakacon 2016 Call For Papers has been announced. It will take place July 11th through the 12th, 2016, in Honolulu, Hawaii.
c8375c4b62d36256cb9ad30088beeb687f7fe15d9c2d703f301a6dd782145926
EuskalHack Security Congress is the first Ethical Hacking association in Euskadi, with the aim of promoting the community and culture in digital security to anyone who may be interested. It will be held June 18th, 2016 in Donostia - San Sebastian.
c629a26f592ab72b0ada2d03ffa9788baa63775a44b9017b65323ba499c78684
Vipps by DNB for Android versions 1.1.33, 1.2.18, 1.2.20, 1.2.44, and 1.2.45 suffer from improperly implementing use of AES.
9f9ef0dd16cf460193dbef5572a392eb06eea407aac758a331dd3041f9aaa571
Schneider Electric Building Operation Automation Server version 1.6.1.5000 suffers from OS command injection, weak credential management, and privilege escalation vulnerabilities.
f4f4f183bd0512baf741708e2db936118942d5fd0e8f508b8e54c0c983fad7d4
WAGO IO PLC versions 758-870 and 750-849 suffer from weak credential management, lack of privilege separation, insecure ftp configuration, and weak filesystem permissions.
265cf836fd5bdb1c9a761033ead4a4c5910c3662908c88aa5076eb097dc54122
Red Hat Security Advisory 2016-0354-01 - OpenStack Image Service provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw to silently replace owned image data, regardless of its original creator or visibility settings. Only environments with show_multiple_locations set to true were affected.
7fd6e946071d354d4c20a6d65219c91a5f531708c70993712e898390ee1ca2c0
Red Hat Security Advisory 2016-0352-01 - OpenStack Image Service provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw to silently replace owned image data, regardless of its original creator or visibility settings. Only environments with show_multiple_locations set to true were affected.
3ae80b46224c223e23da85f3ebaa94ebdb4373d7bd2b543218edb6637b85ec1b
Debian Linux Security Advisory 3426-2 - The update for linux issued as DSA-3426-1 and DSA-3434-1 to address CVE-2015-8543 uncovered a bug in ctdb, a clustered database to store temporary data, leading to broken clusters. Updated packages are now available to address this problem.
87b7bb7ba85fe0b53836000013fe8a9aafc27e0ad6f8997851c8eb6799c16ecc
Debian Linux Security Advisory 3502-1 - Ralf Schlatterbeck discovered an information leak in roundup, a web-based issue tracking system. An authenticated attacker could use it to see sensitive details about other users, including their hashed password.
783b99ece6eadfaa0c8a05583cb9cafd408831e2343e51aa29fcd780d7dea37e