(Nov 29) Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2017-8816
(Nov 28) Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, information leaks, privilege escalation or the execution of arbitrary code.
(Nov 27) Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
(Nov 23) Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in impersonation of Kerberos services, denial of service, sandbox bypass or HTTP header injection.
(Nov 23) Two vulnerabilities were discovered in the Open Ticket Request System which could result in disclosure of database credentials or the execution of arbitrary shell commands by logged-in agents.
(Nov 22) Tobias Schneider discovered that libspring-ldap-java, a Java library for Spring-based applications using the Lightweight Directory Access Protocol, would under some circumstances allow authentication with a correct username but an arbitrary password.
(Nov 21) Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues:
(Nov 21) A vulnerability has been discovered in swauth, an authentication system for Swift, a distributed virtual object store used in Openstack. The authentication token for an user is saved in clear text to the log file,
(Nov 21) Several vulnerabilities have been found in VLC, the VideoLAN project’s media player. Processing malformed media files could lead to denial of service and potentially the execution of arbitrary code.
(Nov 19) A use-after-free vulnerability was discovered in XML::LibXML, a Perl interface to the libxml2 library, allowing an attacker to execute arbitrary code by controlling the arguments to a replaceChild() call.