The Binary File Descriptor library , as distributed in GNU Binutils 2.28, has an invalid read because the code to emit relocs does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker program crash.
GNU Binutils 2.28 allows remote attackers to cause a denial of service via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected.
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that a ...
The decode_residual function in libav-toolscodec in libav-tools 9.21 allows remote attackers to cause a denial of service or obtain sensitive information from process memory via a crafted h264 video file.
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.