Debian Linux Security Advisory 3491-1 – Multiple security issues have been found in Icedove, Debian’s version of integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service.

The Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial of service attack in many applications by an unauthenticated attacker, and could conceivably result in remote code execution. Apache Xerces-C XML Parser library versions prior to 3.1.3 are affected.

Open Web Analytics version 1.5.7 suffers from a cross site scripting vulnerability.

A Linux IPv4 firewall and traffic shaper for single hosts to small and mid-sized networks. It allows flexible rule creation, while also shipping with presets for common needs. Rules are written in simple XML, allowing various ways to group and nest the iptables arguments. An interactive mode is available in order to build configuration files in a wizard based manner. Extensive documentation is also included.

JSN PowerAdmin Joomla! extension version 2.3.0 suffers from cross site request forgery, code execution, and cross site scripting vulnerabilities.

WordPress User Submitted Posts plugin version 20151113 suffers from a persistent cross site scripting vulnerability.