Brocade Fabric OS version 6.3.1b suffers from multiple weak system configuration issues that can result in system compromise. You actually have to go out of your way to break basic Linux security this badly.
86551b3c0d17766625527eb34a6c14cce252c358fd6840a5969038b4022df058
Ubuntu Security Notice 2821-1 - It was discovered that GnuTLS incorrectly validated the first byte of padding in CBC modes. A remote attacker could possibly use this issue to perform a padding oracle attack.
e80bf8eb05cb869629fb181fef4e8ce6ff45d5814e62e60eac7d3bf40b0cc724
LibRaw versions 0.17 and below suffer from multiple memory errors that can result in code execution or other problems.
f01f4f3e01a6002596eda126f98c0d171d4c9cfae6920a1364dc2c23385e2639
In their original report, Security Explorations indicated that Issue 42 in SE-2014-02 had its origin in klassItable::initialize_itable_for_interface method's implementation of Java SE 7 HotSpot VM. They have recently learned that their initial analysis regarding the root cause of Issue 42 was incorrect. This report contains more detailed information about the actual cause of Issue 42, the reasoning that has mislead them into concluding it was caused by an improper initialization of non-public interface method slots and some additional findings regarding this issue.
926ad5f5f27088ecc130997d08aa12a0ca81902394fe5f1767a391a11cdfa9ea
Red Hat Security Advisory 2015-2522-01 - The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property "org.apache.commons.collections.enableUnsafeSerialization" to re-enable their deserialization.
809e280c3a7b28ef3849dd41013146eafcff4fe7afab41ae20a95a8c92f6d041
Red Hat Security Advisory 2015-2521-01 - The Jakarta/Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property "org.apache.commons.collections.enableUnsafeSerialization" to re-enable their deserialization.
0659db4fb18959becb1b68966660f9369016bb2edbc36966c2eb5bab639f4482
Red Hat Security Advisory 2015-2523-01 - The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property "org.apache.commons.collections.enableUnsafeSerialization" to re-enable their deserialization.
1d94e5fd242f7da99f1762e3844877f90673339f11d9af4ce1156c460ea63bd3
Red Hat Security Advisory 2015-2524-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
f9546e636f1967b0f887a87c03e59a4a51cc9a02ff48c100b01cffe74ab8a494
HumHub versions 0.11.2 and 0.20.0-beta.2 suffer from a remote SQL injection vulnerability.
de97ea4c72cb25e8cbe17f57855cac312d4ef10577f8830837d47392f45dc630
Belkin N150 wireless home routers suffer from cross site request forgery, cross site scripting, session hijacking, and default credential vulnerabilities.
ccd6d7df0385f7fe44487b3572769d2a3e6d56e73e0aa366d26c92e320dce63f
ShakeIt is a grammar mutation engine targeting browsers and PDF readers. For a given input, such as a web page or PDF file, and an output location, it will generate N mutated test cases. It was implemented in C#, but can be ported to other languages and is meant to fit within an existing fuzzing framework.
2c0f6f6b21b511449035e2b2b61b08aee0745f3cdf87d7aafc0923f37045eda2
Easy File Sharing Web Server version 7.2 remote SEH buffer overflow exploit using DEP bypass with ROP.
b343788b936fa8d54e2e946f827f40f4d9105116d2e051d438e3240130b330b3