Multiple vulnerabilities have been found in the Ikiwiki wiki compiler:

Several denial-of-service vulnerabilities (assertion failures) were
discovered in BIND, a DNS server implementation.

Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail client: Multiple vulnerabilities may lead
to the execution of arbitrary code, data leakage or bypass of the content
security policy.

Choongwoo Han discovered that a programming error in the wrestool tool
of the icoutils suite allows denial of service or the execution of
arbitrary code if a malformed binary is parsed.

It was discovered that incorrect error handling in the NIO HTTP
connector of the Tomcat servlet and JSP engine could result in
information disclosure.

It was discovered that incorrect error handling in the NIO HTTP
connector of the Tomcat servlet and JSP engine could result in
information disclosure.

It was discovered that libvncserver, a collection of libraries used to
implement VNC/RFB clients and servers, incorrectly processed incoming
network packets. This resulted in several heap-based buffer overflows,
allowing a rogue server to either cause a DoS by crashing the client,
or potentially execute arbitrary code on the client side.

Peter Wu discovered that a use-after-free in the pscd PC/SC daemon of
PCSC-Lite might result in denial of service or potentially privilege
escalation.

A stack overflow vulnerability was discovered within the
gdImageFillToBorder function in libgd2, a library for programmatic
graphics creation and manipulation, triggered when invalid colors are
used with truecolor images. A remote attacker can take advantage of this
flaw to cause a denial-of-service against an application using the
libgd2 library.

Dawid Golunski discovered that PHPMailer, a popular library to send
email from PHP applications, allowed a remote attacker to execute
code if they were able to provide a crafted Sender address.