A use-after-free vulnerability has been reported in the tls_get_message_body function of OpenSSL. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted message to the vulnerable server. Successful exploitation allows the attacker to execute arbitrary code on the system.

An integer overflow vulnerability exists in memcached. This vulnerability is due to an integer overflow in the process_bin_update() function while processing multiple commands and the body_len parameter of a Memcached binary protocol packet. A remote unauthenticated attacker can exploit these vulnerabilities by sending a specially crafted packet to memcached. This can lead to a buffer overflow and possible code execution in the context of the user. If code execution is unsuccessful, a denial of service condition may result.

A vulnerability exists in GroundWork 6.7.0. The vulnerability exists in the monarch_scan.cgi where user controlled input is used in a perl function. This allows any remote authenticated attacker, regardless of privileges, to inject system commands and gain arbitrary code execution.

An integer overflow vulnerability exists in FFmpeg. The vulnerability is due to an integer overflow while processing a media file containing a metadata keys atom with a malicious entry_count value. Successful exploitation of the vulnerability can possibly lead to remote code execution.

MikroTik RouterOS is prone to a security-bypass vulnerability because the software fails to sufficiently sanitize SNMP requests. Successfully exploiting this issue allows attackers to write to and change certain aspects of the Network Management System (NMS). This may aid in further attacks. Versions up to and including RouterOS 3.13 and 2.9.51 are vulnerable.

A denial of service vulnerability has been reported in ISC BIND. The vulnerability is due to a flaw processing recursive DNAME responses that can cause the target resolver to crash. A remote, unauthenticated attacker could exploit this vulnerability against DNS servers that perform recursive queries by providing responses with a crafted DNAME answer. Successful exploitation could lead to a denial-ofservice.

Multiple vulnerabilities exist in Joomla, allowing a remote attacker to upload a malicious file. Successful exploitation could result in the execution of arbitrary code in the security context of the web server.

An SQL injection vulnerability exists in the WordPress Answer My Question Plugin. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

An insecure deserialization vulnerability has been reported in the RPCServlet of HPE Network Automation. The vulnerability is due to the deserialization of untrusted data. A remote attacker can exploit this vulnerability sending a request with crafted serialized data to the exposed RPCServlet. Successful exploitation would result in the execution of arbitrary code under the context of the process.

A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an affected version of Flash Player.