TestDisk 6.14 Check_OS2MB Stack Buffer Overflow
PHP 5.6.7 SoapFault Type Confusion
PHP 5.6.7 Exception Type Confusion / Heap Overflow
OS Solution OSProperty 2.8.0 SQL Injection
Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation.
The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x before 126.96.36.199 and 8.5.x before 188.8.131.52, and Feature Pack for CEA 1.x before 184.108.40.206, allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.
Privilege Escalation via Client Management Software
Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview.
Adobe Flash Player before 220.127.116.118 and 14.x and 15.x before 18.104.22.168 on Windows and OS X and before 22.214.171.1244 on Linux, Adobe AIR before 126.96.36.1993, Adobe AIR SDK before 188.8.131.522, and Adobe AIR SDK & Compiler before 184.108.40.2062 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference)