evince is missing a check on number of pages which can lead to a segmentation fault

Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affected products where a specially crafted HTTP packet request could result in a denial of service.

Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions.

Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack."

MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues.

yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository.

Mumble: murmur-server has DoS due to malformed client query

Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.

rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started.

SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.

Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing.

qtparted has insecure library loading which may allow arbitrary code execution

paxtest handles temporary files insecurely

Tiki Wiki CMS Groupware 5.2 has Local File Inclusion

mailscanner can allow local users to prevent virus signatures from being updated

Snoopy before 2.0.0 has a security hole in exec cURL

Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become temporarily unresponsive.

A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed FEATURES_REPLY messages cause the controller service to not delete switch and port data from its internal tracking structures.

A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the SDN controller, causing degradation and eventually denial of network access to all devices connected to the targeted switch.

GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.