HP Security Bulletin HPSBMU03392 2 – Potential security vulnerabilities have been identified with HP ArcSight Logger. These vulnerabilities could be exploited remotely to allow users to bypass certain authorization restrictions. Revision 2 of this advisory.

Debian Linux Security Advisory 3359-1 – This update fixes an unspecified security issue in VirtualBox related to guests using bridged networking via WiFi. Oracle no longer provides information on specific security vulnerabilities in VirtualBox.

HP Security Bulletin HPSBHF03408 2 – Potential security vulnerabilities have been identified in certain HP notebook PCs with the HP lt4112 LTE/HSPA+ Gobi 4G Module. The vulnerabilities could be exploited remotely to allow execution of arbitrary code. Revision 2 of this advisory.

Debian Linux Security Advisory 3356-1 – Denis Andzakovic discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, does not properly handle BER data. An unauthenticated remote attacker can use this flaw to cause a denial of service (slapd daemon crash) via a specially crafted packet.

Red Hat Security Advisory 2015-1772-01 – KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap-based buffer overflow issue was found in the QEMU emulator’s VNC display driver. It could occur while refreshing the VNC server’s display surface using the vnc_refresh_server_surface() routine. A privileged guest user could use this flaw to corrupt the heap memory and crash the QEMU process instance, or to potentially use it to execute arbitrary code on the host.

Debian Linux Security Advisory 3357-1 – It was discovered that vzctl, a set of control tools for the OpenVZ server virtualization solution, determined the storage layout of containers based on the presence of an XML file inside the container. An attacker with local root privileges in a simfs-based container could gain control over ploop-based containers.

NC220 and NC200 utilizes hard-coded credentials within its Linux distribution image. These sets of credentials (root:root) are never exposed to the end-user and cannot be changed through any normal operation of the camera.