A path traversal vulnerability was found in EMC M&R (Watch4net) MIB Browser. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.

A cross site scripting vulnerability was found in EMC M&R (Watch4net) Alerting Frontend. This issue allows attackers to perform a wide variety of actions, such as stealing victims’ session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.

A cross site scripting vulnerability was found in EMC M&R (Watch4net) Centralized Management Console. This issue allows attackers to perform a wide variety of actions, such as stealing victims’ session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.

A cross site scripting vulnerability was found in EMC M&R (Watch4net) Web Portal. This issue allows attackers to replace the report that is shown at startup, the attackers payload will be stored in the user’s profile and will be executed every time the victim logs in.

Gentoo Linux Security Advisory 201503-11 – Multiple vulnerabilities have been found in OpenSSL that can result in either Denial of Service or information disclosure. Versions less than 1.0.1l-r1 are affected.

Ubuntu Security Notice 2537-1 – It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. Stephen Henson discovered that OpenSSL incorrectly handled comparing ASN.1 boolean types. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.

Red Hat Security Advisory 2015-0708-01 – Updated qpid packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 3 for Red Hat Enterprise Linux 7.

Debian Linux Security Advisory 3197-1 – Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit.

Red Hat Security Advisory 2015-0707-01 – Updated qpid packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 3 for Red Hat Enterprise Linux 6.

Subrion version 3.3.0 suffers from a cross site request forgery vulnerability that allows for arbitrary SQL injection.