Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content."

gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function

The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.

An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.

Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0.0 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.

Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request.

liboping 1.3.2 allows users reading arbitrary files upon the local system.

Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request.

Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame.