Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.

Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges.

Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /.

Firejail does not restrict access to –tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc.

Firejail allows –chroot when seccomp is not supported, which might allow local users to gain privileges.

Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges.

Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates.

Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, or (5) all/client/image.

Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges.

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.