HP Security Bulletin HPSBGN03688 1 – A potential security vulnerability has been identified in HPE Operations Orchestration. The vulnerability could be remotely exploited to allow remote code execution. Revision 1 of this advisory.

ShoreTel Mobility Client iOS application versions 9.1.2.101 and below do not validate the SSL certificate they receive when connecting to the mobile application login server.

Tempest Security Intelligence Advisory ADV-6/2016 – Telegram Desktop version 0.10.1 is vulnerable to dll hijacking as it tries to load “COMBASE.dll” without supplying the absolute path, thus relying upon the presence of such dll on the system directory.

Tempest Security Intelligence Advisory ADV-8/2016 – Akamai Netsession 1.9.3.1 is vulnerable to dll hijacking as it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned dll is missing from its installation. Thus making it possible to hijack the dll and subsequently inject code within the Akamai NetSession process space.

Tempest Security Intelligence Advisory ADV-7/2016 – Audacity version 2.1.2 is vulnerable to dll hijacking as it tries to load avformat-55.dll without supplying the absolute path, thus relying upon the presence of such dll on the system directory. This behavior results in an exploitable dll hijacking vulnerability, even if the SafeDllSerchMode flag is enabled.