January 2016 - Bamboo - Critical Security Advisory

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Note: the current version of this advisory can be found at https://confluence.atlassian.com/x/VzlZLw . CVE IDs: * CVE-2014-9757 - Deserialisation in Smack. * CVE-2015-8360 - Deserialisation in Bamboo. * CVE-2015-8361 - Missing authentication checks

[SECURITY] [DSA 3451-1] fuse security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3451-1 secur...@debian.org https://www.debian.org/security/Yves-Alexis Perez January 20, 2016

Executable installers are vulnerable^WEVIL (case 3): WiX Toolset's bootstrapper "burn.exe"

Hi @ll, executable installers [°] created with the WiX Toolset (see , and of course the WiX Toolset installer itself too) resp. using its bootstrapper "burn.exe" are vulnerable: see 1. They load and execute

SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices

more information. SEC Consult Vulnerability Lab Security Advisory < 20160121-0 > === title: Deliberately hidden backdoor account product: Several AMX (HARMAN Professional) device