quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal

generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.

Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.

PostfixAdmin 2.3.4 has multiple XSS vulnerabilities

libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files

Designate does not enforce the DNS protocol limit concerning record set sizes

xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. Note: A different vulnerability than CVE-2014-5254.

A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query.

rc before 1.7.1-5 insecurely creates temporary files.

9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames.

The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords.

mono 2.10.x ASP.NET Web Form Hash collision DoS

pam_shield before 0.9.4: Default configuration does not perform protective action

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.

The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.

MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.

MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.

The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.

Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.

The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.