The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash).

Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner.

Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges.

modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.

SeaWell Networks Spectrum SDC 02.05.00 has a default password of “admin” for the “admin” account.

Firejail allows –chroot when seccomp is not supported, which might allow local users to gain privileges.

Multiple cross-site scripting (XSS) vulnerabilities in Oliver (formerly Webshare) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the (1) login page (index.php) or (2) login form (loginform-inc.php).

SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions.

Firejail does not restrict access to –tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc.

A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.