Red Hat Security Advisory 2016-1374-01 – JBoss Portal Platform provides an integrated open source platform for hosting and serving a portal’s web interface, aggregating, publishing, and managing its content, and personalizing its experience. This asynchronous patch is a security update for JGroups package in Red Hat JBoss Portal Platform 6.2. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

Debian Linux Security Advisory 3609-1 – Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service.

Debian Linux Security Advisory 3608-1 – Aleksandar Nikolic discovered that missing input sanitising in the RTF parser in Libreoffice may result in the execution of arbitrary code if a malformed documented is opened.

Symantec Endpoint Protection Manager and Client version 12.1 suffers from cross site request forgery, cross site scripting, and open redirection vulnerabilities.

WordPress Ultimate Membership Pro plugin version 3.3 suffers from a remote SQL injection vulnerability.

This code exploits a 0day privilege escalation vulnerability (or possible backdoor) in the SystemSmmRuntimeRt UEFI driver (GUID is 7C79AC 8C-5E6C-4E3D-BA6F-C260EE7C172E) of Lenovo firmware.

Cuckoo Sandbox Guest versions 2.0.1 and below XMLRPC privilege remote code execution exploit.

Windows 7 SP1 x86 privilege escalation exploit that leverages the issue documented in MS16-014.