The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

TYPO3 before 4.4.1 allows XSS in the frontend search box.

Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents

gdm3 3.14.2 and possibly later has an information leak before screen lock

Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions

Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book

Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.

The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.

slim has NULL pointer dereference when using crypt() method from glibc 2.17

Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields.

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.

Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files.

GLPI 0.83.7 has Local File Inclusion in common.tabs.php.

evince is missing a check on number of pages which can lead to a segmentation fault

MiniDLNA has heap-based buffer overflow