This update fixes an issue handling binary files which is present when running proxied.

Kaspersky Antivirus is prone to a buffer overflow when handling a specially crafted ThinApp compressed file.

Oracle WebLogic Server is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution.

JBoss Application Server is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution.

Jenkins is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution.

The specific flaw exists within the VPORTSDK.VPortSDKCtrl.1 ActiveX control. By passing an overly long string to the GetClientReg method's Name parameter.

IBM WebSphere Application Server is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary java objects leading to remote code execution.

The 'fusermount' binary, part of the FUSE system in Linux, executes the /bin/mount binary with ruid set to 0 without clearing the environment variables provided by unprivileged users.



This flaw can be leveraged by local unprivileged users to gain root privileges by leveraging the functionality provided by the LIBMOUNT_MTAB environment variable to overwrite an arbitrary file on the affected system.

The specific flaw exists within the handling of scenario files (.lrs). By manipulating a scenario file's values, an attacker can cause a fixed-length stack buffer to overflow.

ManageEngine EventLog Analyzer is vulnerable to abuse a SQL query functionality that allows attackers to insert and export a crafted JSP using 'guest' credentials allowing us to install an agent.