RSA Security Analytics versions prior to 10.6.2 suffers from a cross site scripting vulnerability.

Ubuntu Security Notice 3177-1 – It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn’t exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.

Apple Security Advisory 2017-01-23-6 – iCloud for Windows 6.1.1 is now available and addresses multiple code execution issues.

Apple Security Advisory 2017-01-23-5 – Safari 10.0.3 is now available and addresses spoofing, data exfiltration, and various other security vulnerabilities.

Apple Security Advisory 2017-01-23-4 – tvOS 10.1.1 is now available and addresses buffer overflow, code execution, and various other security vulnerabilities.

Apple Security Advisory 2017-01-23-3 – watchOS 3.1.3 is now available and addresses memory corruption and various other security vulnerabilities.

Apple Security Advisory 2017-01-23-2 – macOS 10.12.3 is now available and addresses suffers from code execution and various other security vulnerabilities.

Apple Security Advisory 2017-01-23-1 – iOS 10.2.1 is now available and addresses logic issues, code execution, and multiple other security vulnerabilities.

Cisco’s WebEx extension has a URL that allows for arbitrary remote command execution.

CUPS suffers from an incorrect whitelist that permits DNS rebinding attacks.