An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected.
The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service via an object file with empty bss-like sections.
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached.
GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow while attempting to unget an EOF character from the input stream, potentially leading to a program crash.
opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.