It’s time to update Flash once again, and don’t forget to reduce the attack surface by enabling “Click to Play”… or uninstall it altogether.
The post Update Flash now! Adobe releases patch, fixing critical security holes appeared first on We Live Security.
From: Apple Product Security
Reply to list
APPLE-SA-2015-09-21-1 watchOS 2 watchOS 2 is now available and addresses the following: Apple Pay Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment [...]
CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth
Advisory: Insufficient Parameter Sanitization in login.live.com (Microsoft)
Jasig CAS server vulnerabilities
APPLE-SA-2015-09-21-1 watchOS 2
Red Hat Enterprise Linux: Updated lvm2 packages that fix one bug are now available for Red Hat Enterprise
Linux 6.6 Extended Update Support.
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to “Velocity Template Injection Vulnerability.”
Multiple cross-site scripting (XSS) vulnerabilities in the Google Analyticator plugin before 6.4.9.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) ga_adsense, (2) ga_admin_disable_DimentionIndex, (3) ga_downloads_prefix, (4) ga_downloads, or (5) ga_outbound_prefix parameter in the google-analyticator page to wp-admin/admin.php.
Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file.