CVE-2016-6906: The read_image_tga function in gd_tga.c in the GD Graphics Library before 2.2.4 allows remote attackers to cause a denial of service via a crafted TGA file, related to the decompression buffer.
The vulnerability is caused due to an error in the"lha_read_file_header_1" function, which can be exploited to trigger an out-of-bounds read memory access via a specially crafted archive. Affected versions libarchive version 3.2.2.Other versions may also be affected. Reference Patch
A denial of service vulnerability was found in openssh. The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackersto cause a denial of service via a long string..
An out of boundary write has been found in libXpm exploited by an attacker through maliciously crafted XPM files. Fixed In Version libxpm 3.5.12 Reference Upstream patch
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application"s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an " issue.
CVE-2016-9893: Memory safety bugs CVE-2016-9895: CSP bypass using marquee tag CVE-2016-9897: Memory corruption in libGLES CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs CVE-2016-9901: Data from Pocket serv ...
A defect in the rendering of messages into packets can cause named to exit with an assertion failure in buffer.c while constructing a response to a query that meets certain criteria. This assertion can be triggered even if the apparent source address isn"t allowed to make queries . Affected versions 9.0.x -
CVE-2017-5024 A heap overflow flaw was found in FFmpeg. Fixed in 3.2.4, 3.1.7 CVE-2017-5025 A heap overflow flaw was found in FFmpeg. Fixed in 3.2.4, 3.1.7
CVE-2016-8704: Server append/prepend remote code execution An integer overflow in the process_bin_append_prepend function which is responsible for processing multiple commands of Memcached binary protocol can be abused to cause heap overflow and lead to remote code execution. Fixed In Version memcached 1.4.33