TestDisk 6.14 Check_OS2MB Stack Buffer Overflow
PHP 5.6.7 SoapFault Type Confusion
PHP 5.6.7 Exception Type Confusion / Heap Overflow
OS Solution OSProperty 2.8.0 SQL Injection
Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation.
The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x before 18.104.22.168 and 8.5.x before 22.214.171.124, and Feature Pack for CEA 1.x before 126.96.36.199, allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.
Privilege Escalation via Client Management Software
Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview.
Adobe Flash Player before 188.8.131.528 and 14.x and 15.x before 184.108.40.206 on Windows and OS X and before 220.127.116.114 on Linux, Adobe AIR before 18.104.22.1683, Adobe AIR SDK before 22.214.171.1242, and Adobe AIR SDK & Compiler before 126.96.36.1992 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference)