In the pjsip channel driver in Asterisk 13.x before 13.17.1 and14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.
The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis-dev 1.3.5allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted mp4 file.
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.
Before version 4.8.2, WordPress mishandled % characters and additionalplaceholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a.desktop file"s Name field ends in .pdf but this file"s Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the ...
A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick"s "convert"utility. It"s not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Customapplications using the Horde_Image library might be affected. This vulnerability affects all versions of Horde_Ima ...
WordPress 4.8.2 stores cleartext wp_signups.activation_key values , which might make it easier for remote attackers to hijack unactivated useraccounts by leveraging database read access .
The _zip_read_eocd64 function in zip_open.c in libzip-dev before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service via a crafted ZIP archive.