FreeBSD Security Advisory - Crypto-NAK packets can be used to cause ntpd(8) to accept time from an unauthenticated ephemeral symmetric peer by bypassing the authentication required to mobilize peer associations. FreeBSD 9.3 and 10.1 are not affected. Various other issues have also been addressed.

Debian Linux Security Advisory 3417-1 - Tibor Jager, Jorg Schwenk, and Juraj Somorovsky, from Horst Gortz Institute for IT Security, published a paper in ESORICS 2015 where they describe an invalid curve attack in Bouncy Castle Crypto, a Java library for cryptography. An attacker is able to recover private Elliptic Curve keys from different applications, for example, TLS servers.

Debian Linux Security Advisory 3457-1 - Multiple security issues have been found in Iceweasel, Debian's version buffer overflow may lead to the execution of arbitrary code. In addition the bundled NSS crypto library addresses the SLOTH attack on TLS 1.2.

Apple Security Advisory 2016-03-21-7 - OS X Server 5.1 is now available and addresses RC4 crypto weaknesses, file access, and information disclosure vulnerabilities.

Debian Linux Security Advisory 3967-1 - An authentication bypass vulnerability was discovered in mbed TLS, a lightweight crypto and SSL/TLS library, when the authentication mode is configured as 'optional'. A remote attacker can take advantage of this flaw to mount a man-in-the-middle attack and impersonate an intended peer via an X.509 certificate chain with many intermediates.

Debian Linux Security Advisory 4138-1 - Several vulnerabilities were discovered in mbed TLS, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code.

Debian Linux Security Advisory 4147-1 - Several vulnerabilities were discovered in PolarSSL, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code.

Debian Linux Security Advisory 4296-1 - Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks.

210 bytes small WinExec add-admin dynamic null-free shellcode.

This is an nmap nse script to test for the path traversal vulnerability in Citrix Application Delivery Controller (ADC) and Gateway.

Apache Tomcat AJP Ghostcat file read and inclusion exploit.

Zen Load Balancer version 3.10.1 suffers from a directory traversal vulnerability. This finding was originally discovered by Cody Sixteen.

QRadar Community Edition version 7.3.1.6 is vulnerable to instantiation of arbitrary objects based on user-supplied input. An authenticated attacker can abuse this to perform various types of attacks including server-side request forgery and (potentially) arbitrary execution of code.

UPLoad version 7.0 suffers from an insecure cookie handling vulnerability.

Ac4p.com Gallery version 1.0 suffers from cross site scripting, phpinfo disclosure, shell upload, and insecure cookie handling vulnerabilities.

Denapars Shop Script suffers from administrative bypass, shell upload, and insecure cookie handling vulnerabilities.

[whem]-UPLoad version 7.0 suffers from an insecure cookie handling vulnerability.

AV Arcade version 3 suffers from insecure cookie and SQL injection vulnerabilities.

Tornado version 1.0 suffers from an insecure cookie vulnerability.

AV Arcade Pro version 5.4.3 suffers from an insecure cookie vulnerability that allows for access bypass.

Paddelberg Topsite Script version 1.2.3 suffers from an authentication bypass vulnerability due to insecure cookie handling.

Totaljs CMS version 12.0 mints an insecure cookie that can be used to crack the administrator password.

Red Hat Security Advisory 2020-1975-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a password leak vulnerability.

Red Hat Security Advisory 2020-1979-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a password leak vulnerability.

Red Hat Security Advisory 2020-1978-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a password leak vulnerability.

Red Hat Security Advisory 2020-1980-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a password leak vulnerability.

Red Hat Security Advisory 2020-1422-01 - This release of Red Hat build of Eclipse Vert.x 3.9.0 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section.

Apple Security Advisory 2019-7-23-1 - iCloud for Windows 7.13 is now available and addresses code execution and cross site scripting vulnerabilities.

Apple Security Advisory 2019-10-07-4 - iCloud for Windows 7.14 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Red Hat Security Advisory 2019-1790-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2019-1942-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2019-2097-01 - The Archive::Tar module provides a mechanism for Perl scripts to manipulate tar archive files. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2019-2400-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.

Gentoo Linux Security Advisory 201909-1 - Multiple vulnerabilities have been found in Perl, the worst of which could result in the arbitrary execution of code. Versions less than 5.28.2 are affected.

Debian Linux Security Advisory 4584-1 - Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis.

Red Hat Security Advisory 2020-1616-01 - Irssi is a modular IRC client with Perl scripting. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2020-1050-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include a cross site request forgery vulnerability.