Several SQL injection vulnerabilities have been discovered in Cacti, an
RRDTool frontend written in PHP. Specially crafted input can be used by
an attacker in the rra_id value of the graph.php script to execute
arbitrary SQL commands on the database.

Adam Chester discovered that missing input sanitising in the
foomatic-rip print filter might result in the execution of arbitrary
commands.

It was discovered that the BIND DNS server does not properly handle the
parsing of incoming responses, allowing some records with an incorrect
class to be accepted by BIND instead of being rejected as malformed.
This can trigger a REQUIRE assertion failure when those records are
subsequently cached. A remote attacker can exploit this flaw to cause a
denial of service against servers performing recursive queries.

Tibor Jager, Jörg Schwenk, and Juraj Somorovsky, from Horst Görtz
Institute for IT Security, published a paper in ESORICS 2015 where they
describe an invalid curve attack in Bouncy Castle Crypto, a Java library
for cryptography. An attacker is able to recover private Elliptic Curve
keys from different applications, for example, TLS servers.

Several vulnerabilities have been discovered in the chromium web browser.

Takeshi Terada discovered a vulnerability in PHPMailer, a PHP library for
email transfer, used by many CMSs. The library accepted email addresses
and SMTP commands containing line breaks, which can be abused by an
attacker to inject messages.

Several vulnerabilities have been discovered in the chromium web browser.

Multiple security issues have been found in the Xen virtualisation
solution, which may result in denial of service or information
disclosure.

Multiple vulnerabilities have been discovered in OpenSSL, a Secure
Sockets Layer toolkit. The Common Vulnerabilities and Exposures project
identifies the following issues:

Luca Bruno discovered an integer overflow flaw leading to a stack-based
buffer overflow in redis, a persistent key-value database. A remote
attacker can use this flaw to cause a denial of service (application
crash).