Redis has eloquently explained how it can be used for remote command execution if not securely configured to mitigate arbitrary access.

HP Security Bulletin HPSBMU03518 1 – A potential security vulnerability has been identified with HP Vertica. The vulnerability could be exploited remotely resulting in code execution. Revision 1 of this advisory.

Debian Linux Security Advisory 3355-2 – The previous update for libvdpau, DSA-3355-1, introduced a regression in the stable distribution (jessie) causing a segmentation fault when the DRI_PRIME environment variable is set.

HP Security Bulletin HPSBGN03426 1 – A potential security vulnerability has been identified with HP Mobility Software (MSM). This is the GNU C Library (glibc) vulnerability known as “GHOST” which could be exploited remotely resulting in execution of arbitrary code. Revision 1 of this advisory.

Gentoo Linux Security Advisory 201511-1 – An attacker who already had access to the environment could so append values to parameters passed through programs. Versions less than 50c are affected.

Debian Linux Security Advisory 3390-1 – It was discovered that the code to validate level 2 page table entries is bypassed when certain conditions are satisfied. A malicious PV guest administrator can take advantage of this flaw to gain privileges via a crafted superpage mapping.

A vulnerability has been discovered in the TR069 protocol that can potentially affect all Automatic Configuration Servers (ACS). The issue has been fixed in the Home Device Manager (HDM) product from Alcatel-Lucent with an anti-spoofing filter. HDM allows service providers to remotely manage CPEs, such as residential gateways, IP set-top boxes, and VoIP terminal adapters that comprise a home networking environment. The vulnerability allows an attacker to perform impersonation attacks by spoofing CPE using tr-069 (cwmp) Protocol. An attacker could gain unauthorized access to third-party SIP Credentials for the spoofed device and perform illegal activities (phone fraud). The vulnerability has been tested and confirmed. Versions prior to 4.1.10 may be affected.

Chyrp CMS version 2.5.2 suffers from a cross site scripting vulnerability.

SQL Buddy version 1.3.3 suffers from a cross site request forgery vulnerability.

SQL Buddy version 1.3.3 suffers from a cross site scripting vulnerability.