It was discovered that there was an arbitrary code execution vulnerability in libcamunrar, a library to add unrar support to the Clam anti-virus software. This was caused by an integer overflow resulting in a negative value of the
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution.