FTPShell Client v5.24 Buffer Overflow
Executable installers are vulnerable^WEVIL (case 16): Trend Micro’s installers allows arbitrary (remote) code execution
Joomla 1.5.x to 3.4.5 Object Injection Exploit (golang)
Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 188.8.131.52, 8.0 through 184.108.40.206, 8.5.0 through 220.127.116.11, 8.5.5 through 18.104.22.168, and 8.5.6 through 22.214.171.124 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
IBM SPSS Statistics 126.96.36.199 before IF10 and 188.8.131.52 before IF7 uses weak permissions (Everyone: Write) for Python scripts, which allows local users to gain privileges by modifying a script.
Pierre Kim discovered two vulnerabilities in the restful API of Ganeti,
a virtual server cluster management tool. SSL parameter negotiation
could result in denial of service and the DRBD secret could leak.
Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail client: Multiple memory safety errors,
integer overflows, buffer overflows and other implementation errors may
lead to the execution of arbitrary code or denial of service.