https://security-tracker.debian.org/tracker/DSA-5585-1
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.
OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2520.
Unspecified vulnerability in the Oracle Interaction Center Intelligence component in Oracle E-Business Suite 12.1.1 through 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors.