Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help".
Agostino Sarubbo and AromalUllas discovered that ettercap, a network security tool for traffic interception, contains vulnerabilities that allowed an attacker able to provide maliciously crafted filters to cause a denial-of-service via application crash.
Several vulnerabilities have been found in VLC, the VideoLAN project"s media player. Processing malformed subtitles or movie files could lead to denial of service and potentially the execution of arbitrary code.
Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks.
Tobias Schneider discovered that libspring-ldap-java, a Java library for Spring-based applications using the Lightweight Directory Access Protocol, would under some circumstances allow authentication with a correct username but an arbitrary password.
Multiple security issues have been found in the JBIG2 decoder library, which may lead to denial of service, disclosure of sensitive information from process memory or the execution of arbitrary code if a malformed image file is opened.
Matviy Kotoniy reported that the gdImageCreateFromGifCtx function used to load images from GIF format files in libgd2, a library for programmatic graphics creation and manipulation, does not zero stack allocated color map buffers before their use, which may result in information disclosure if a specially crafted file is processed.