Several SQL injection vulnerabilities have been discovered in Cacti, an
RRDTool frontend written in PHP. Specially crafted input can be used by
an attacker in the rra_id value of the graph.php script to execute
arbitrary SQL commands on the database.

Ivan Zhakov discovered an integer overflow in mod_dav_svn, which allows
an attacker with write access to the server to execute arbitrary code or
cause a denial of service.

Hector Marco and Ismael Ripoll, from Cybersecurity UPV Research Group,
found an integer underflow vulnerability in Grub2, a popular bootloader.
A local attacker can bypass the Grub2 authentication by inserting a
crafted input as username or password.

Multiple security issues have been found in Iceweasel, Debian’s version
of the Mozilla Firefox web browser: Multiple memory safety errors,
integer overflows, use-after-frees and other implementation errors
may lead to the execution of arbitrary code, bypass of the same-origin
policy or denial of service.