Red Hat Security Advisory 2015-0074-01 – JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.

Red Hat Security Advisory 2015-0079-01 – Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

Ubuntu Security Notice 2482-1 – Alexander Cherepanov discovered that libelf1 incorrectly handled certain filesystem paths while extracting ar archives. An attacker could use this flaw to perform a directory traversal attack on the root directory if the process extracting the ar archive has write access to the root directory.

Red Hat Security Advisory 2015-0080-01 – Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

Program-O version 2.4.6 suffers from http response splitting, cross site scripting, and local file inclusion vulnerabilities.

The USAA Mobile app for Android versions prior to 7.10.1 suffer from an information disclosure vulnerability.

articleFR CMS version 3.0.5 suffers from a cross site scripting vulnerability.

Various Alibaba sites suffer from cross site scripting and open redirect vulnerabilities.

ecommerceMajor suffers from remote SQL injection vulnerabilities.