OpenSSL has addressed twelve vulnerabilities including denial of service, silent downgrading, corrupted pointer, segmentation fault, memory corruption, and various other vulnerabilities.

FreeBSD Security Advisory – Multiple OpenSSL issues have been resolved. A malformed elliptic curve private key file could cause a use-after-free condition in the d2i_ECPrivateKey function. An attempt to compare ASN.1 boolean types will cause the ASN1_TYPE_cmp function to crash with an invalid read. Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. A malicious client can trigger an OPENSSL_assert in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message.

A cross site scripting vulnerability was found in the xen_hotfix page of the Citrix NITRO SDK.

Airties Air5650TT Modem suffers from a cross site scripting vulnerability.

It was discovered that Citrix Command Center stores configuration files containing credentials of managed devices within a folder accessible through the web server. Unauthenticated attackers can download any configuration file stored in this folder, decode passwords stored in these files, and gain privileged access to devices managed by Command Center.

BSides Las Vegas 2015 has announced its Call For Papers. It will take place August 4th and 5th, 2015, in Las Vegas, Nevada.

An SQL injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to retrieve arbitrary data from the application, interfere with its logic, or execute commands on the database server itself.

A command injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to execute arbitrary system commands and take full control over ESRS VE.

A path traversal vulnerability was found in EMC M&R (Watch4net) Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.