TECO TP3-PCLINK version 2.1 has a vulnerability that is caused due to a boundary error in the processing of a project file, which can be exploited to cause a buffer overflow when a user opens e.g. a specially crafted .TPC file. Successful exploitation could allow execution of arbitrary code on the affected machine.

When Kaspersky https inspection is enabled, temporary certificates are created in %PROGRAMDATA% for validation. The naming pattern for files is {CN}.cer and CN can be modified to perform path traversals.

Ubuntu Security Notice 2812-1 – Florian Weimer discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. Michal Zalewski discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. Various other issues were also addressed.

Red Hat Security Advisory 2015-2065-01 – The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A heap buffer overflow flaw was found in the way QEMU’s NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance or potentially execute arbitrary code on the host.

A number of Windows kernel crashes in the win32k.sys driver exist while processing a specific corrupted TTF font file. This finding documents an overflow with a malformed TrueType program.

Fuzzing the ZIP file format found multiple memory corruption issues, some of which are obviously exploitable for remote code execution as NT AUTHORITYSYSTEM on any system with Kaspersky Antivirus.

A use-after-free condition has been encountered in FreeType while fuzzing Type42 fonts. Version 2.5.3 is affected.

Ubuntu Security Notice 2811-1 – It was discovered that the strongSwan eap-mschapv2 plugin incorrectly handled state. A remote attacker could use this issue to bypass authentication.

FreeType version 2.5.3 suffers from an out-of-bounds read vulnerability.

Kaspersky Antivirus suffers from multiple memory corruption issues.