The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash).

Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner.

Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges.

modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.

SeaWell Networks Spectrum SDC 02.05.00 has a default password of “admin” for the “admin” account.

Firejail allows –chroot when seccomp is not supported, which might allow local users to gain privileges.

Multiple cross-site scripting (XSS) vulnerabilities in Oliver (formerly Webshare) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the (1) login page (index.php) or (2) login form (loginform-inc.php).

The “Smart related articles” extension 1.1 for Joomla! does not prevent direct requests to dialog.php (there is a missing _JEXEC check).

The “Smart related articles” extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method).

The “Smart related articles” extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability).