Debian Linux Security Advisory 3450-1 – Jann Horn discovered that the setuid-root mount.ecryptfs_private helper in the ecryptfs-utils would mount over any target directory that the user owns, including a directory in procfs. A local attacker could use this flaw to escalate his privileges.

OpenVAS Greenbone Security Assistant versions 6.x below 6.0.8 suffer from a cross site scripting vulnerability.

Apple Security Advisory 2016-01-19-3 – Safari 9.0.3 is now available and addresses privacy and multiple memory corruption vulnerabilities.

Apple Security Advisory 2016-01-19-2 – OS X El Capitan 10.11.3 and Security Update 2016-001 are now available and address memory corruption, code execution, and privilege escalation vulnerabilities.

Apple Security Advisory 2016-01-19-1 – iOS 9.2.1 is now available and addresses memory corruption and privacy issues.

LiteSpeed Web Server version 5.1.0 suffers from an HTTP header injection vulnerability.

Ubuntu Security Notice 2876-1 – Jann Horn discovered that mount.ecryptfs_private would mount over certain directories in the proc filesystem. A local attacker could use this to escalate their privileges.

Cisco Security Advisory – A vulnerability in a CGI script in the Cisco UCS Manager and the Cisco Firepower 9000 Series appliance could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco Unified Computing System (UCS) Manager or the Cisco Firepower 9000 Series appliance. The vulnerability is due to unprotecting calling of shell commands in the CGI script. An attacker could exploit this vulnerability by sending a crafted HTTP request to the Cisco UCS Manager or the Cisco Firepower 9000 Series appliance. An exploit could allow the attacker to execute arbitrary commands on the Cisco UCS Manager or the Cisco Firepower 9000 Series appliance. Cisco has released software updates that address this vulnerability.

Debian Linux Security Advisory 3449-1 – It was discovered that specific APL RR data could trigger an INSIST failure in apl_42.c and cause the BIND DNS server to exit, leading to a denial-of-service.

HP Security Bulletin HPSBGN03534 1 – A vulnerability in Microsoft Report Viewer was addressed by HPE Performance Center. This is a Cross-Site scripting (XSS) vulnerability that could allow remote information disclosure. Revision 1 of this advisory.