[SECURITY] [DSA 3335-1] request-tracker4 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3335-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 13, 2015

RE: Windows Platform Binary Table (WPBT) - BIOS PE backdoor

Hi Kevin, I too was looking at this, and it does look absolutely horrendous. More so, that Microsoft does not provide a good measure to control WPBT: in the official doc there's some watered down paragraph about "good security measures", but there's no way to enforce binary signing, or CA-like

Cisco Unified Communications Manager Multiple Vulnerabilities (VP2015-001)

Vantage Point Security Advisory 2015-001 Title: Cisco Unified Communications Manager Multiple Vulnerabilities Vendor: Cisco Vendor URL: http://www.cisco.com/ Versions affected: <9.2, <10.5.2, <11.0.1. Severity: Low to medium Vendor notified: Yes Reported:

Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor

Some more info https://www.us-cert.gov/ncas/current-activity/2015/08/12/Lenovo-Service-Engine-LSE-BIOS-Vulnerability 2015-08-12 14:44 GMT+03:00 Kevin Beaumont : > PRECURSOR > > There will be debate about if this is a vulnerability. It affects a > majority of user PCs -- including all Enterprise

Update: Backdoor and RCE found in 8 TOTOLINK router models

Hello, This is an update to: - Backdoor and RCE found in 8 TOTOLINK router models (http://seclists.org/fulldisclosure/2015/Jul/80 ) - Backdoor credentials found in 4 TOTOLINK router models (http://seclists.org/fulldisclosure/2015/Jul/79 ) - 4 TOTOLINK router models vulnerable to CSRF and XSS

[security bulletin] HPSBGN03386 rev.1 - HP Central View Fraud Risk Management, Revenue Leakage Control, Dealer Performance Audit, Credit Risk Control, Roaming Fraud Control, Subscription Fraud Prevent

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04751893 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04751893 Version: 1 HPSBGN03386

[security bulletin] HPSBGN03393 rev.1 - HP Operations Manager i, Remote Code Execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04762687 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04762687 Version: 1 HPSBGN03393

Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor

"Kevin Beaumont" wrote: [...] > Microsoft documented a feature in Windows 8 and above called Windows > Platform Binary Table. Cf. where WPBT is linked to alias

APPLE-SA-2015-08-13-1 Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2015-08-13-1 Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8 Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8 is now available and addresses the following: Safari Application Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, an

APPLE-SA-2015-08-13-3 iOS 8.4.1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2015-08-13-3 iOS 8.4.1 iOS 8.4.1 is now available and addresses the following: AppleFileConduit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted afc command may all

APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006 OS X Yosemite v10.10.5 and Security Update 2015-006 is now available and addresses the following: apache Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.1

APPLE-SA-2015-08-13-4 OS X Server v4.1.5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2015-08-13-4 OS X Server v4.1.5 OS X Server v4.1.5 is now available and addresses the following: BIND Available for: OS X Yosemite v10.10.5 or later Impact: A remote attacker may be able to cause a denial of service Description: An asse

Nuance PowerPDF Advanced Metadata Information Disclosure Vulnerability (low|local)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vendor: === Nuance Communications Product: PowerPDF Advanced Version 1.0 PowerPDF Advanced Version 1.1 Advisory Information: = Local Information Leakage / Disclosure Severity Level: === Low Vulnerabili