ClassApps SelectSurvey.net version 4.124.004 suffers from multiple remote SQL injection vulnerabilities.

The Nokia Asha platform suffers from a lock code bypass vulnerability that allows for access to call records.

Livefyre LiveComments version 3.0 suffers from a persistent cross site scripting vulnerability.

WordPress WP-Ban plugin version 1.62 suffers from a bypass vulnerability when a properly minted X-Forwarded-For header is used.

WordPress Login Widget With Shortcode plugin version 3.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

OsClass version 3.4.1 suffers from multiple cross site scripting vulnerabilities.

OsClass version 3.4.1 suffers from a local file inclusion vulnerability.

FreeBSD Security Advisory – The Transmission Control Protocol (TCP) of the TCP/IP protocol suite provides a connection-oriented, reliable, sequence-preserving data stream service. New TCP connections are initiated using special SYN flag in a datagram. Sequencing of data is controlled by 32-bit sequence numbers, that start with a random value and are increased using modulo 2**32 arithmetic. TCP endpoints maintain a window of expected, and thus allowed, sequence numbers for a connection. When a segment with the SYN flag for an already existing connection arrives, the TCP stack tears down the connection, bypassing a check that the sequence number in the segment is in the expected window. An attacker who has the ability to spoof IP traffic can tear down a TCP connection by sending only 2 packets, if they know both TCP port numbers. In case one of the two port numbers is unknown, a successful attack requires less than 2**17 packets spoofed, which can be generated within less than a second on a decent connection to the Internet.

Ubuntu Security Notice 2319-3 – USN-2319-1 fixed vulnerabilities in OpenJDK 7. This update provides stability fixes for the arm64 and ppc64el architectures. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.