Joomla! CMS versions 3.4.0 through 3.4.3 suffer from a cross site scripting vulnerability.

Veeam Backup and Replications versions 6 through 8 suffer from log disclosure and broken password security vulnerabilities.

Red Hat Security Advisory 2015-1876-01 – Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.login_required. A remote attacker could use this flaw to fill up the session store or cause other users’ session records to be evicted by requesting a large number of new sessions.

Red Hat Security Advisory 2015-1862-01 – Red Hat Enterprise Linux OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service cloud based on Red Hat Enterprise Linux OpenStack Platform. A flaw was discovered in the pipeline ordering of OpenStack Object Storage’s staticweb middleware in the swiftproxy configuration generated from the openstack-tripleo-heat-templates package. The staticweb middleware was incorrectly configured before the Identity Service, and under some conditions an attacker could use this flaw to gain unauthenticated access to private data.

An authentication bypass vulnerability in the web interface of a Buffalo LinkStation Duo Network Attached Storage (NAS) device allows unauthenticated attackers to gain administrative privileges. This puts the confidentiality and integrity of the stored data as well as the integrity of the device configuration at high risk.