SEC Consult SA-20170510-0 :: Insecure Handling Of URI Schemes in Microsoft OneDrive iOS App

A short demo video is available here: https://youtu.be/0jZdM9peVSk SEC Consult Vulnerability Lab Security Advisory < 20170510-0 > === title: Insecure Handling Of URI Schemes product: Microsoft On

[SECURITY] [DSA 3848-1] git security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3848-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 10, 2017

Multiple Vulnerabilities in ASUS Routers [CVE-2017-5891 and CVE-2017-5892]

[Original post here: https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabilities-in-asus-routers/] Summary Various models of ASUS RT routers have several CSRF vulnerabilities allowing malicious sites to login and change settings in the router; multiple JSONP vulnerabilities

[SECURITY] [DSA 3847-1] xen security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian Security Advisory DSA-3847-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 09, 2017

[security bulletin] HPESBST03739 rev.1 - HPE StoreFabric B-series Switches, Remote Elevation of Privilege

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbst03739en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbst03739en_us Version: 1

CVE-2016-6799: Internal system information leak

CVE-2016-6799: Internal system information leak Severity: High Vendor: The Apache Software Foundation Versions Affected: Cordova Android (5.2.2 and below) Description: The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and