TestDisk 6.14 Check_OS2MB Stack Buffer Overflow
PHP 5.6.7 SoapFault Type Confusion
PHP 5.6.7 Exception Type Confusion / Heap Overflow
OS Solution OSProperty 2.8.0 SQL Injection
Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation.
The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x before 220.127.116.11 and 8.5.x before 18.104.22.168, and Feature Pack for CEA 1.x before 22.214.171.124, allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.
Privilege Escalation via Client Management Software
Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview.
Adobe Flash Player before 126.96.36.1998 and 14.x and 15.x before 188.8.131.52 on Windows and OS X and before 184.108.40.2064 on Linux, Adobe AIR before 220.127.116.113, Adobe AIR SDK before 18.104.22.1682, and Adobe AIR SDK & Compiler before 22.214.171.1242 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference)