Hanno Boeck discovered a heap-based buffer overflow flaw in the way
Libtasn1, a library to manage ASN.1 structures, decoded certain
DER-encoded input. A specially crafted DER-encoded input could cause an
application using the Libtasn1 library to crash, or potentially to
execute arbitrary code.

It was discovered that libzmq, a lightweight messaging kernel, is
susceptible to a protocol downgrade attack on sockets using the ZMTP v3
protocol. This could allow remote attackers to bypass ZMTP v3 security
mechanisms by sending ZMTP v2 or earlier headers.

Kostya Kortchinsky of the Google Security Team discovered a flaw in the
DER parser used to decode SSL/TLS certificates in suricata. A remote
attacker can take advantage of this flaw to cause suricata to crash.

Pound, a HTTP reverse proxy and load balancer, had several issues
related to vulnerabilities in the Secure Sockets Layer (SSL) protocol.

Michal Zalewski discovered multiple vulnerabilities in SQLite, which
may result in denial of service or the execution of arbitrary code.

Nick Sampanis discovered that dnsmasq, a small caching DNS proxy and
DHCP/TFTP server, did not properly check the return value of the
setup_reply() function called during a TCP connection, which is used
then as a size argument in a function which writes data on the client’s
connection. A remote attacker could exploit this issue via a specially
crafted DNS request to cause dnsmasq to crash, or potentially to obtain
sensitive information from process memory.

Multiple security issues have been discovered in WordPress, a weblog
manager, that could allow remote attackers to upload files with invalid
or unsafe names, mount social engineering attacks or compromise a site
via cross-site scripting, and inject SQL commands.

Shadowman131 discovered that jqueryui, a JavaScript UI library for
dynamic web applications, failed to properly sanitize its title
option. This would allow a remote attacker to inject arbitrary code
through cross-site scripting.

It was discovered that the Ruby OpenSSL extension, part of the interpreter
for the Ruby language, did not properly implement hostname matching, in
violation of RFC 6125. This could allow remote attackers to perform a
man-in-the-middle attack via crafted SSL certificates.

It was discovered that missing input saniting in Snoopy, a PHP class that
simulates a web browser may result in the execution of arbitrary
commands.