JobScheduler versions prior to 1.7.4241 suffer from a path traversal vulnerability.

Alcasar versions 2.8 and below remote root command execution exploit.

Joomla Spider Calendar component versions 3.2.6 and below suffer from a remote authenticated SQL injection vulnerability.

JobScheduler versions prior to 1.7.4241 suffer from an XML external entity injection vulnerability.

JobScheduler versions prior to 1.7.4241 suffer from a cross site scripting vulnerability.

Red Hat Security Advisory 2014-1166-01 – Jakarta Commons HTTPClient implements the client side of HTTP standards. It was discovered that the HTTPClient incorrectly extracted host name from an X.509 certificate subject’s Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. For additional information on this flaw, refer to the Knowledgebase article in the References section. All jakarta-commons-httpclient users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

Ubuntu Security Notice 2342-1 – Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple issues with QEMU state loading after migration. An attacker able to modify the state data could use these issues to cause a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.