HP Security Bulletin HPSBGN03569 2 – Potential security vulnerabilities have been identified in the server running HP OneView for VMware vCenter (OV4VC) version 7.8.1 or earlier. The vulnerabilities may lead to remote disclosure of information. Revision 2 of this advisory.

HP Security Bulletin HPSBST03568 1 – A potential security vulnerability has been identified with HP XP7 Command View Advanced Edition Suite and HP XP P9000 Command View Advanced Edition Software including Device Manager and Hitachi Automation Director (HAD). The vulnerability could be remotely exploited resulting in Server-Side Request Forgery (SSRF). Revision 1 of this advisory.

Panda Security URL Filtering versions prior to 4.3.1.9 suffer from a privilege escalation vulnerability.

Panda Endpoint Administration Agent versions prior to 7.50.00 suffer from a privilege escalation vulnerability.

SIDU version 5.3 database web gui suffers from multiple cross site scripting vulnerabilities.

SIDU version 5.2 database web gui suffers from multiple cross site scripting vulnerabilities.

A weakness in the Linux ASLR implementation has been addressed.

One change in Windows 8.1 from Windows 7 is the introduction of the console driver (condrv.sys) which is responsible for handling the management of consoles. It contains a method, CdpLaunchServerProcess which creates an instance of conhost.exe. This method calls ZwCreateUserProcess which means that the system call runs with kernel permissions, it also passes a flag (0x400) to the system call which indicates that the new process should not be assigned to the parent job. This allows for the conhost process to bypass the job restrictions.