Cisco Security Advisory – A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic.

Exponent version 2.3.7 suffers from a remote code execution vulnerability.

Yeager CMS version 1.2.1 suffers from cross site scripting, remote file upload, server-side request forgery, and remote SQL injection vulnerabilities.

File Replication Pro versions 7.2.0 and below suffers from remote command execution, file disclosure, and directory traversal vulnerabilities.

PivotX CMS version 2.3.10 suffers from cross site request forgery and cross site scripting vulnerabilities.

Mihalism Multi Host version 5.0.3 suffers from cross site request forgery and cross site scripting vulnerabilities.

ManageEngine EventLog Analyzer version 10.8 suffers from a privilege escalation vulnerability.

Node.js suffers from an HTTP response splitting vulnerability. Node.js versions 5.6.0, 4.3.0, 0.12.10, and 0.10.42 contain a fix for this vulnerability.

EMC Documentum xCP contains fixes for multiple security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. Versions 2.1 and 2.2 are affected.

Sophos UTM version 9.350-12 with pattern version 92405 (potentially lower) suffers from a cross site scripting vulnerability.