Bash specially-crafted environment variable code injection proof of concept exploit that inserts the malicious payload into a User-Agent header and looks for a 500 response on a web server.

CMS AutoWeb version 3.0 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

Ubuntu Security Notice 2361-1 – Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates.

Ubuntu Security Notice 2360-2 – USN-2360-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates. Various other issues were also addressed.

Ubuntu Security Notice 2360-1 – Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates.

Gentoo Linux Security Advisory 201409-9 – A parsing flaw related to functions and environments in Bash could allow attackers to inject code. Versions less than 4.2_p48 are affected.

Ubuntu Security Notice 2362-1 – Stephane Chazelas discovered that Bash incorrectly handled trailing code in function definitions. An attacker could use this issue to bypass environment restrictions, such as SSH forced command environments.

Red Hat Security Advisory 2014-1297-01 – Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory.

Red Hat Security Advisory 2014-1298-01 – Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.3.1 serves as a replacement for Red Hat JBoss Data Grid 6.3.0. It includes various bug fixes which are detailed in the Red Hat JBoss Data Grid 6.3.1 Release Notes.

WS10 Data Server version 1.83 SCADA buffer overflow proof of concept exploit.