RSA OneStep is potentially affected by a path traversal vulnerability. Attackers could potentially exploit this vulnerability to access unauthorized information by supplying specially crafted strings in input parameters of the application. Versions 6.9 prior to build 559 are affected.

FreeBSD Security Advisory – In rpcbind(8), netbuf structures are copied directly, which would result in two netbuf structures that reference to one shared address buffer. When one of the two netbuf structures is freed, access to the other netbuf structure would result in an undefined result that may crash the rpcbind(8) daemon. A remote attacker who can send specifically crafted packets to the rpcbind(8) daemon can cause it to crash, resulting in a denial of service condition.

Kaseya Virtual System Administrator suffers from multiple code execution vulnerabilities and a privilege escalation vulnerability. VSA versions 7.0.0.0 through 7.0.0.32, 8.0.0.0 through 8.0.0.22, 9.0.0.0 through 9.0.0.18, and 9.1.0.0 through 9.1.0.8 are affected.

Mitsubishi Melsec FX3G-24M suffers from a denial of service vulnerability.

RSA Web Threat Detection versions prior to 5.1 SP1 suffer from information disclosure and privilege escalation vulnerabilities.

Western Digital My Cloud with firmware versions 04.01.03-421 and 04.01.04-422 suffer from a command injection vulnerability.

Ubuntu Security Notice 2749-1 – Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.

Ubuntu Security Notice 2751-1 – Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.

Ubuntu Security Notice 2752-1 – Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.

Red Hat Security Advisory 2015-1840-01 – OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A flaw was found in the way the OpenLDAP server daemon parsed certain Basic Encoding Rules data. A remote attacker could use this flaw to crash slapd via a specially crafted packet. All openldap users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.