Chris Evans discovered that incorrect emulation of the SPC700 audio co-processor of the Super Nintendo Entertainment System allows the execution of arbitrary code if a malformed SPC music file is opened
It was discovered that libvncserver0, a collection of libraries used to implement VNC/RFB clients and servers, incorrectly processed incoming network packets. This resulted in several heap-based buffer overflows, allowing a rogue server to either cause a DoS by crashing the client, or potentially execute arbitrary code on the client side.
Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to delete unintended files, mount Cross-Site Scripting attacks, or bypass redirect URL validation mechanisms.