ATutor versions 2.2 and below suffer from a remote unrestricted file upload vulnerability.

HP Security Bulletin HPSBGN03425 1 – Potential security vulnerabilities have been identified with HP ArcSight SmartConnectors. The vulnerabilities could be exploited remotely to allow disclosure of information, and locally to allow escalation of privilege. Revision 1 of this advisory.

HP Security Bulletin HPSBGN03429 2 – A potential security vulnerability has been identified with HP ArcSight Logger. The vulnerability could be exploited remotely to disclose information. Revision 2 of this advisory.

Red Hat Security Advisory 2015-1979-01 – Libreswan is an implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network. A flaw was discovered in the way Libreswan’s IKE daemon processed IKE KE payloads. A remote attacker could send specially crafted IKE payload with a KE payload of g^x=0 that, when processed, would lead to a denial of service.

Debian Linux Security Advisory 3392-1 – Pengsu Cheng discovered that FreeImage, a library for graphic image formats, contained multiple integer underflows that could lead to a supplying a specially crafted image.

Red Hat Security Advisory 2015-1980-01 – Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based buffer overflow flaw were found in the way NSS parsed certain ASN.1 structures. An attacker could use these flaws to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library.

Red Hat Security Advisory 2015-1981-01 – Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based buffer overflow flaw were found in the way NSS parsed certain ASN.1 structures. An attacker could use these flaws to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library.

HP Security Bulletin HPSBGN03386 2 – A potential security vulnerability has been identified with HP Central View Fraud Risk Management, Revenue Leakage Control, Dealer Performance Audit, Credit Risk Control, Roaming Fraud Control, and Subscription Fraud Prevention. The vulnerabilities could be exploited remotely and locally to allow disclosure of information. Revision 2 of this advisory.

Debian Linux Security Advisory 3391-1 – It was discovered that the web-based administration interface in the Horde Application Framework did not guard against Cross-Site Request Forgery (CSRF) attacks. As a result, other, malicious web pages could cause Horde applications to perform actions as the Horde user.

HP Security Bulletin HPSBGN03430 1 – A potential security vulnerability has been identified with ArcSight Management Center ArcSight Connector Appliance ArcSight Logger and ArcSight SmartConnectors. The vulnerability could be exploited locally to allow elevation of privilege. Revision 1 of this advisory.