VLC for iOS was vulnerable to an unauthenticated insecure direct object reference vulnerability allowing for an attacker to compromise media. This issue was patched in the March, 2020 release.

Secunia Security Advisory - A vulnerability has been reported in MirBSD Korn Shell, which can be exploited by malicious, local users to gain escalated privileges.

Ubuntu Security Notice 4184-2 - USN-4184-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables are disabled or not supported. This update addresses both issues. Various other issues were also addressed.

Ubuntu Security Notice 4183-2 - USN-4183-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 was incomplete on 64-bit Intel x86 systems. This update addresses the issue. Various other issues were also addressed.

Ubuntu Security Notice 4185-3 - USN-4185-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables are disabled or not supported. This update addresses both issues. Various other issues were also addressed.

Ubuntu Security Notice 4186-3 - USN-4186-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 was incomplete on 64-bit Intel x86 systems. This update addresses the issue. Various other issues were also addressed.

FreeBSD Security Advisory - Crypto-NAK packets can be used to cause ntpd(8) to accept time from an unauthenticated ephemeral symmetric peer by bypassing the authentication required to mobilize peer associations. FreeBSD 9.3 and 10.1 are not affected. Various other issues have also been addressed.

Debian Linux Security Advisory 3417-1 - Tibor Jager, Jorg Schwenk, and Juraj Somorovsky, from Horst Gortz Institute for IT Security, published a paper in ESORICS 2015 where they describe an invalid curve attack in Bouncy Castle Crypto, a Java library for cryptography. An attacker is able to recover private Elliptic Curve keys from different applications, for example, TLS servers.

XMB - eXtreme Message Board version 1.9.11.13 suffers from weak crypto and insecure password storage vulnerabilities.

Debian Linux Security Advisory 3457-1 - Multiple security issues have been found in Iceweasel, Debian's version buffer overflow may lead to the execution of arbitrary code. In addition the bundled NSS crypto library addresses the SLOTH attack on TLS 1.2.

Apple Security Advisory 2016-03-21-7 - OS X Server 5.1 is now available and addresses RC4 crypto weaknesses, file access, and information disclosure vulnerabilities.

Ubuntu Security Notice 3199-3 - USN-3199-1 fixed a vulnerability in Python Crypto. This update provides the corresponding update for Ubuntu 12.04 ESM. A It was discovered that the ALGnew function in block_templace.c in the A Python Cryptography Toolkit contained a heap-based buffer overflow A vulnerability. A remote attacker could use this flaw to execute A arbitrary code by using a crafted initialization vector parameter. Various other issues were also addressed.

Debian Linux Security Advisory 3967-1 - An authentication bypass vulnerability was discovered in mbed TLS, a lightweight crypto and SSL/TLS library, when the authentication mode is configured as 'optional'. A remote attacker can take advantage of this flaw to mount a man-in-the-middle attack and impersonate an intended peer via an X.509 certificate chain with many intermediates.

Debian Linux Security Advisory 4138-1 - Several vulnerabilities were discovered in mbed TLS, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code.

Debian Linux Security Advisory 4147-1 - Several vulnerabilities were discovered in PolarSSL, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code.

Ubuntu Security Notice 3616-1 - It was discovered that Python Crypto incorrectly generated ElGamal key parameters. A remote attacker could possibly use this issue to obtain sensitive information.

Ubuntu Security Notice 3616-2 - USN-3616-1 fixed a vulnerability in Python Crypto. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Python Crypto incorrectly generated ElGamal key parameters. A remote attacker could possibly use this issue to obtain sensitive information. Various other issues were also addressed.

Ubuntu Security Notice 3727-1 - It was discovered that Bouncy Castle incorrectly handled certain crypto algorithms. A remote attacker could possibly use these issues to obtain sensitive information, including private keys.

Debian Linux Security Advisory 4296-1 - Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks.

Whitepaper called Android Security Research: Crypto Wallet Local Storage Attack.

Ubuntu Security Notice 3901-1 - Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. It was discovered that the crypto subsystem of the Linux kernel leaked uninitialized memory to user space in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

UPLoad version 7.0 suffers from an insecure cookie handling vulnerability.

Newbie CMS suffers from an insecure cookie handling vulnerability.

CuteNews version 1.4.6 suffers from an insecure cookie handling vulnerability.

Islamic Voice suffers from an insecure cookie handling vulnerability.

Denapars Shop Script suffers from administrative bypass, shell upload, and insecure cookie handling vulnerabilities.

velBox version 1.2 suffers from an insecure cookie handling vulnerability.

Memorial Web Site Script suffers from password reset and insecure cookie handling vulnerabilities.

[whem]-UPLoad version 7.0 suffers from an insecure cookie handling vulnerability.

My Book suffers from an insecure cookie handling vulnerability.

AV Arcade version 3 suffers from insecure cookie and SQL injection vulnerabilities.

Open Cart version 0.6.5 suffers from an insecure cookie handling vulnerability.

Tornado version 1.0 suffers from an insecure cookie vulnerability.

Aleza Portal version 1.6 suffers from an insecure cookie handling vulnerability that allows for SQL injection.

xWeblog version 2.2 suffers from an insecure cookie handling vulnerability.

PHP Hosting Directory version 2.0 suffers from an insecure cookie vulnerability that allows for administrative bypass.

WikiWebHelp version 0.3.3 suffers from an insecure cookie handling vulnerability.

Babil CMS suffers from an insecure cookie handling vulnerability.

web.go suffers from an insecure cookie vulnerability. Their cookie is modeled after Tornado which had the same issue reported on in 2010.