gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw

liboping 1.3.2 allows users reading arbitrary files upon the local system.

gri before 2.12.18 generates temporary files in an insecure way.

Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories.

clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.

Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks.

viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.

ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions.

The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default.

Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message.

Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval.

OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.

simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.

There is a possible heap overflow in libclamav/fsg.c before 0.100.0.

archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition.

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents

gdm3 3.14.2 and possibly later has an information leak before screen lock