Debian Linux Security Advisory 3414-1 - Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure.
78a4693f6a6b43fb82c9d63e085c9afe3e278de9ff692fe7f1d211ef3c565859
HP Security Bulletin HPSBHF03432 1 - Potential security vulnerabilities have been identified with HPE Networking Comware 5, Comware 5, Low Encryption SW, Comware 7, and VCX, Using NTP. The vulnerabilities could be remotely exploited resulting in resulting in remote access restriction bypass and code execution. Revision 1 of this advisory.
678f73403ca3b8273f6c81a3451515dff3b523d9531d109874052b4d1c0be3a4
HPE Security Bulletin HPSBHF03433 SSRT102964 1 - A potential security vulnerability has been identified with HP-UX Running Mozilla Firefox and Thunderbird. This may allow remote disclosure of information. Note: This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
3e81b5eb4278ca6044b20d0deec6038c426e3ae3d970a9d87173dff635aa4758
HP Security Bulletin HPSBMU03520 1 - A potential security vulnerability has been identified with HP Insight Control server provisioning that could be exploited remotely resulting in information disclosure. Revision 1 of this advisory.
dd04ee39aca05468333e84603aecf008d62d53a7cf49f581f3f2038f3d28c236
Debian Linux Security Advisory 3415-1 - Several vulnerabilities have been discovered in the chromium web browser.
277ab7bf454ee5435c2846f79d78aea1abfd54b960a2af4ba6ec25ba4d587ea2
Cisco Security Advisory - A vulnerability in the Java deserialization used by the Apache Commons Collections (ACC) library could allow an unauthenticated, remote attacker to execute arbitrary code. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by submitting crafted input to an application on a targeted system that uses the ACC library. After the vulnerable library on the affected system deserializes the content, the attacker could execute arbitrary code on the system, which could be used to conduct further attacks. Cisco will release software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.
c5a4ebcf1166c860b0b9e2dfffc2c555bd3286e04e16fdc3619f440519651cc1
Cisco Security Advisory - A vulnerability in Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to log in to the system shell with the default cmuser user account and access the shell with a limited set of permissions. The vulnerability is due to an undocumented account that has a default and static password. This account is created during installation and cannot be changed or deleted without impacting the functionality of the system. The first time this account is used the system will request that the user change the default password. An attacker could exploit this vulnerability by remotely connecting to the affected system via SSH by using the undocumented account. Successful exploitation could allow the attacker to access the system with the privileges of the cmuser user. This vulnerability allows the attacker to: access some sensitive data, such as the password file, system logs, and Cisco PCA database information; modify some data; run some internal executables; and potentially make the system unstable or inaccessible. Cisco has released software updates that address this vulnerability. Workarounds are available.
d64e29508c852dfb295d954b6f3d5f1cb35149ab6e04faffe75dc242b23aae6b
Apple Security Advisory 2015-12-08-4 - watchOS 2.1 is now available and addresses 30 security issues.
35e6c7749d96dbf64e523cf50d19919b547c725da825f7a56fc848495736ffe5
Apple Security Advisory 2015-12-08-2 - tvOS 9.1 is now available and addresses 48 security issues.
86a1c0b0064c65e2ba9f9e35f71969a6953435935620d00089199e7d216c3ef8
Apple Security Advisory 2015-12-08-3 - OS X El Capitan 10.11.2 and Security Update 2015-008 is now available and addresses 54 vulnerabilities.
78e2a97a16b2ff481c45ddbbba9833cf2d0f52000284853fc1795caaaf5b2c92
Apple Security Advisory 2015-12-08-6 - Xcode 7.2 is now available and addresses four vulnerabilities.
888d23a76dd87a6d1410e71117dd4acfde735c449c0fafa370a9628e0f9f9fa9
Apple Security Advisory 2015-12-08-5 - Safari 9.0.2 is now available and addresses a dozen vulnerabilities.
faaf3e0fe6e71c38f9144a2dd495d91c2b0f9a58927a98823d0a255b0656d424
Apple Security Advisory 2015-12-08-1 - iOS 9.2 is now available and addresses at least 50 security vulnerabilities.
e95c0155e9a3059625dc58d7286d266927a20daeeadb4db49bcc96e0e4c2eafc
Secunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer underflow error within the "GetFontDesc()" function in usp10.dll when processing font files cmap table and can be exploited to cause a heap-based buffer overflow via a font file containing cmap table data with specially crafted offset within encoding records. Successful exploitation allows execution of arbitrary code.
d65fab95536006f5a8a8545eff4d02524698f63bed04d5515fe21776d1ea97e1
The Arro taxi hailing application failed to use SSL for transit of secrets.
8dcf2660cdb2ece0a5f125068e93da61a9d85afaf0af734dda03f2a9dbb76927
appRain version 4.0.3 suffers from code execution and remote shell upload vulnerabilities.
b014b43098c86f53eda01d8e981d7501de7585a22761e3064f5a3c321fd72ba2
appRain version 4.0.3 suffers from multiple cross site request forgery vulnerabilities.
bc0624e70c181166f2c7d7b035b0a841ed95b529240c3be4138ef02231dc0146
appRain version 4.0.3 suffers from a path traversal vulnerability.
ed7376d3b7c28ede70e48ea7c3aae862305c0fb53ebf749f039c92e8edbdedb3
appRain version 4.0.3 suffers from multiple cross site scripting vulnerabilities.
54b49f563bacb15583f83004717acfdcaaae15e893f1340b353e9182863f9257
redaxscript version 2.5.0 suffers from a code execution vulnerability.
cf5470fd255fbe9de2b3a7762546247b2173f1d01d3fff8aaa9c994caabb0228
redaxscript version 2.5.0 suffers from a persistent cross site scripting vulnerability.
f29644ab6a120c3a87864d21e7ea388a0a0b1f39b536699a05b19f332bd33fe3
7-Zip executable installers suffer from a DLL hijacking vulnerability.
a259b0953e210ae02ad72512f7e8c51dc0cd1cf3d177364e8af93dd658d937b4
Red Hat Security Advisory 2015-2594-01 - The libpng packages contain a library of functions for creating and manipulating PNG image format files. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library.
0a20de8b0299da5566af857a071951410140d34f6aaeb77c80535ea079bde800
Red Hat Security Advisory 2015-2593-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB15-32 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
d5dc0f9a309ed83f88463eaa694276f2a32498032be2764a6f466014f34f56fc
Red Hat Security Advisory 2015-2596-01 - The libpng packages contain a library of functions for creating and manipulating PNG image format files. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library.
0031e7373b39060ea4661594cb1b8dba07adeabfd1c2fccfe7cc824bec5ca1e8