Integer overflow in io-ico.c in libgdk-pixbuf2.0-dev allows context-dependent attackers to cause a denial of service via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.
The gst_asf_demux_process_ext_content_desc function ingst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service via vectors involving extended content descriptors.
The gst_asf_demux_process_ext_stream_props function ingst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3allows remote attackers to cause a denial of service via vectors related to the number of languages in a video file.
The plist_free_data function in plist.c in libplist++-dev allows attackers to cause a denial of service via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free.
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed.This could result in responses appearing to be sent for the wrong request.For example, a user agent that sent ...
Cross-site scripting vulnerability inwp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary webscript or HTML via a crafted excerpt.