Symantec Endpoint Protection version 12.1.4023.4080 suffers from XXE injection, cross site scripting, and arbitrary file write vulnerabilities.

ManageEngine EventLog Analyzer suffers from SQL information and credential disclosure vulnerabilities.

Debian Linux Security Advisory 3065-1 – James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures.

Gentoo Linux Security Advisory 201411-2 – Multiple vulnerabilities have been found in the MySQL and MariaDB, possibly allowing attackers to cause unspecified impact. Versions less than 5.5.40 are affected.

Gentoo Linux Security Advisory 201411-3 – A buffer overflow in TigerVNC could result in execution of arbitrary code or Denial of Service. Versions less than 1.3.1 are affected.

Cisco Security Advisory – The Cisco RV120W Wireless-N VPN Firewall, Cisco RV180 VPN Router, Cisco RV180W Wireless-N Multifunction VPN Router, and Cisco RV220W Wireless Network Security Firewall are affected command injection, file upload, and HTTP Referer header vulnerabilities. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

RSA Web Threat Detection 4.x versions 4.6.1.1 and later contain a fix for SQL injection vulnerability that could be potentially exploited by a malicious user to compromise the affected system.