Ubuntu Security Notice 4251-1 - It was discovered that Tomcat incorrectly handled the RMI registry when configured with the JMX Remote Lifecycle Listener. A local attacker could possibly use this issue to obtain credentials and gain complete control over the Tomcat instance. It was discovered that Tomcat incorrectly handled FORM authentication. A remote attacker could possibly use this issue to perform a session fixation attack. Various other issues were also addressed.

Edimax EW-7438RPn version 1.13 suffers from a remote code execution vulnerability.

Source Engine CS:GO BuildID: 4937372 arbitrary code execution exploit.

Secunia Security Advisory - A vulnerability has been reported in NetBSD, which can be exploited by malicious, local users to gain escalated privileges.

Secunia Security Advisory - A vulnerability has been reported in NetBSD, which can be exploited by malicious, local users to gain escalated privileges.

Secunia Security Advisory - NetBSD has issued an update for BIND. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.

Secunia Security Advisory - NetBSD has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.

Secunia Security Advisory - NetBSD has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) of the application using the library.

Secunia Security Advisory - A vulnerability has been reported in NetBSD, which can be exploited by malicious, local users to gain escalated privileges.

Secunia Security Advisory - NetBSD has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

This toolkit houses various IPv6 tools that have been tested to compile and run on Debian GNU/Linux 6.0, FreeBSD 9.0, NetBSD 5.1, OpenBSD 5.0, Mac OS 10.8.0, and Ubuntu 11.10.

Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.

Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.

Debian Linux Security Advisory 4606-1 - Several vulnerabilities have been discovered in the chromium web browser.

Debian Linux Security Advisory 4608-1 - Multiple integer overflows have been discovered in the libtiff library and the included tools.

Debian Linux Security Advisory 4609-1 - Two security issues were found in the Python interface to the apt package manager; package downloads from unsigned repositories were incorrectly rejected and the hash validation relied on MD5.

Debian Linux Security Advisory 4611-1 - Qualys discovered that the OpenSMTPD SMTP server performed insufficient validation of email addresses which could result in the execution of arbitrary commands as root. In addition this update fixes a denial of service by triggering an opportunistic TLS downgrade.

Debian Linux Security Advisory 4610-1 - Multiple code execution vulnerabilities have been addressed in the webkit2gtk web engine.

Debian Linux Security Advisory 4612-1 - It was discovered that the LDAP authentication modules for the Prosody Jabber/XMPP server incorrectly validated the XMPP address when checking whether a user has admin access.

Debian Linux Security Advisory 4613-1 - A heap-based buffer overflow vulnerability was discovered in the idn2_to_ascii_4i() function in libidn2, the GNU library for Internationalized Domain Names (IDNs), which could result in denial of service, or the execution of arbitrary code when processing a long domain string.

Debian Linux Security Advisory 4614-1 - Joe Vennix discovered a stack-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users, triggerable when configured with the "pwfeedback" option enabled. An unprivileged user can take advantage of this flaw to obtain full root privileges.

Debian Linux Security Advisory 4615-1 - Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. Malicious rule or configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios.

Debian Linux Security Advisory 4616-1 - Two security issues have been found in the SLiRP networking implementation of QEMU, a fast processor emulator, which could result in the execution of arbitrary code or denial of service.

Debian Linux Security Advisory 4617-1 - Two security issues were found in the Qt library, which could result in plugins and libraries being loaded from the current working directory, resulting in potential code execution.

Debian Linux Security Advisory 4619-1 - Guillaume Teissier reported that the XMLRPC client in libxmlrpc3-java, an XML-RPC implementation in Java, does perform deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious XMLRPC server can take advantage of this flaw to execute arbitrary code with the privileges of an application using the Apache XMLRPC client library.

Debian Linux Security Advisory 4618-1 - An out-of-bounds write vulnerability due to an integer overflow was reported in libexif, a library to parse EXIF files, which could result in denial of service, or potentially the execution of arbitrary code if specially crafted image files are processed.

Debian Linux Security Advisory 4622-1 - Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks.

Debian Linux Security Advisory 4623-1 - Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks.

Debian Linux Security Advisory 4620-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

Debian Linux Security Advisory 4621-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.

Debian Linux Security Advisory 4624-1 - Several vulnerabilities were discovered in evince, a simple multi-page document viewer.

Debian Linux Security Advisory 4625-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.

Debian Linux Security Advisory 4627-1 - Cross site scripting, denial of service, and various other vulnerabilities have been discovered in the webkit2gtk web engine.

Debian Linux Security Advisory 4629-1 - Simon Charette discovered that Django, a high-level Python web development framework, did not properly handle input in its PostgreSQL module. A remote attacker could leverage this to perform SQL injection attacks.

Debian Linux Security Advisory 4633-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.

Debian Linux Security Advisory 4604-1 - Multiple issues have been found in cacti, a server monitoring system, potentially resulting in SQL code execution or information disclosure by authenticated users.

Jira version 8.3.4 suffers from a username enumeration information disclosure vulnerability.

Verodin Director Web Console version 3.5.4.0 remote authenticated password disclosure proof of concept exploit.

Debian Linux Security Advisory 4626-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.

Debian Linux Security Advisory 4628-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.

MicroStrategy Intelligence Server and Web version 10.4 suffers from remote code execution, cross site scripting, server-side request forgery, and information disclosure vulnerabilities.

Edimax EW-7438RPn suffers from an information disclosure vulnerability.

File Explorer version 1.4 for iOS suffers from an information disclosure vulnerability.

webERP version 4.15.1 suffers from an unauthenticated backup file disclosure vulnerability.

Cisco C690 Email Security Appliance version 11.0.2-044 IronPort remote host header injection exploit.

Debian Linux Security Advisory 4535-1 - Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of arbitrary code.

Cisco WLC 2504 version 8.9 suffers from a denial of service vulnerability.

Cisco DCNM JBoss version 10.4 suffers from a credential leakage vulnerability.

Debian Linux Security Advisory 4607-1 - Lukas Kupczyk reported a vulnerability in the handling of chunked HTTP in openconnect, an open client for Cisco AnyConnect, Pulse and GlobalProtect VPN. A malicious HTTP server (after having accepted its identity certificate), can provide bogus chunk lengths for chunked HTTP encoding and cause a heap-based buffer overflow.