Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read.
The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service via a crafted PDF document.
http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.
An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability.
There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack.
The base64decode function in base64.c in libimobiledevice libplist++-dev through1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service via split encoded Apple Property List data.
The gst_asf_demux_process_ext_content_desc function ingst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service via vectors involving extended content descriptors.
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Queryin WordPress before 4.7.2 allows remote attackers to execute arbitrary SQLcommands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.
Cross-site request forgery vulnerability in WordPress before 4.7.1allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload.
Multiple cross-site scripting vulnerabilities inwp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the name or version header of a plugin.