Multiple vulnerabilities have been discovered in the Xen hypervisor. The
Common Vulnerabilities and Exposures project identifies the following
problems:

A use-after-free vulnerability in the SVG Animation was discovered in
the Mozilla Firefox web browser, allowing a remote attacker to cause a
denial of service (application crash) or execute arbitrary code, if a
user is tricked into opening a specially crafted website.

Cisco Talos discovered that hdf5, a file format and library for
storing scientific data, contained several vulnerabilities that could
lead to arbitrary code execution when handling untrusted data.

Several vulnerabilities were discovered in the International Components
for Unicode (ICU) library.

Several issues have been discovered in ImageMagick, a popular set of
programs and libraries for image manipulation. These issues include
several problems in memory handling that can result in a denial of
service attack or in execution of arbitrary code by an attacker with
control on the image input.

Chris Evans discovered that the GStreamer 0.10 plugin used to decode
files in the FLIC format allowed execution of arbitrary code. Further
details can be found in his advisory at
https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html

Chris Evans discovered that the GStreamer 1.0 plugin used to decode
files in the FLIC format allowed execution of arbitrary code. Further
details can be found in his advisory at
https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html

Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi
editor, does not properly validate values for the filetype,
syntax and keymap options, which may result in the execution of
arbitrary code if a file with a specially crafted modeline is opened.

Multiple security vulnerabilities have been discovered in the Tomcat
servlet and JSP engine, which may result in possible timing attacks to
determine valid user names, bypass of the SecurityManager, disclosure of
system properties, unrestricted access to global resources, arbitrary
file overwrites, and potentially escalation of privileges.

It was discovered that wireshark, a network protocol analyzer,
contained several vulnerabilities in the dissectors for DCERPC,
AllJoyn, DTN, and OpenFlow, that could lead to various crashes,
denial-of-service, or execution of arbitrary code.