John Stumpo discovered that OpenAFS, a distributed file system, does
not fully initialize certain network packets before transmitting them.
This can lead to a disclosure of the plaintext of previously processed
Several vulnerabilities were discovered in the Network Time Protocol
daemon and utility programs:
Security support for elasticsearch in jessie is hereby discontinued. The
project no longer releases information on fixed security issues which
allow backporting them to released versions of Debian and actively
discourages from doing so.
[slackware-security] jasper (SSA:2015-302-02)
Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.
Qolsys IQ Panel (aka QOL) before 1.5.1 has hardcoded cryptographic keys, which allows remote attackers to create digital signatures for code by leveraging knowledge of a key from a different installation.
Qolsys IQ Panel (aka QOL) before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers to bypass intended access restrictions via a modified update.
The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service via crafted SIP messages, aka Bug ID CSCuv79202.
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 220.127.116.11 and 5.4.x through 18.104.22.168 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuu28922.