A use-after-free vulnerability exists in the RTF parser of the LibreOffice office suite. The vulnerability is due to invalid parsing of stylesheets in RTF files. By enticing the user to open a specially crafted RTF file, an attacker could exploit this vulnerability to execute arbitrary code on the affected system.

A remote command injection vulnerability exists in Tiki-Wiki CMS’s calendar module. By exploiting this vulnerability, a remote attacker can execute arbitrary code on the affected server.

A persistent XSS vulnerability exists in the user account creation process in Liferay Portal. The vulnerability is due to insufficient input validation of the firstName, middleName and lastName parameters. Successful exploitation could allow the attacker to inject arbitrary script code into a user profile.

A denial-of-service vulnerability has been reported in Squid. The vulnerability is due to the way Squid uses a String object of a certain maximum length to store incoming headers, such as the Vary header, in HTTP responses. Long strings in headers can cause an assertion failure.

A command execution vulnerability exists in D-Link DCS-930L. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system.