Debian Linux Security Advisory 3023-1 – Jared Mauch reported a denial of service flaw in the way BIND, a DNS server, handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash.

Debian Linux Security Advisory 3024-1 – Genkin, Pipman and Tromer discovered a side-channel attack on Elgamal encryption subkeys.

Rooted SSH/SFTP Daemon installs with static default root credentials and does not prompt the user to change them.

Joomla Spider Form Maker versions 4.3 and below suffer from a remote SQL injection vulnerability.

Food Order Portal version 8.3 suffers from a cross site request forgery vulnerability. Note that this finding houses site-specific data.

WordPress Photo Album plugin versions 5.4.3 through 5.4.4 suffer from multiple cross site scripting vulnerabilities.

Travel Portal II version 6.0 suffers from a cross site request forgery vulnerability.