Orchard CMS versions 1.7.3, 1.8.2, and 1.9.0 suffer from a persistent cross site scripting vulnerability.
7ff983c48832653c8a02fa6f3cfe44629029272031e2a5f1ac4aea0b203b015d
Using a crafted tar file bsdtar can perform an out-of-bounds memory read which will lead to a SEGFAULT. The issue exists when the executable skips data in the archive. The amount of data to skip is defined in byte offset [16-19]. If ASLR is disabled, the issue can lead to high CPU load, and potential CPU exhaustion in single-core hosts.
fd0fb753afd7d4f8141a07df1844dc319539bc557bf657925079de4444885e9a
Vorbis Tools suffers from a division-by-zero bug and integer overflow vulnerabilities.
cb728a9c129d83a52648cfa3d767d20a9d0a57fd06b201dd2c27d486a7b8099b
Libtiff version 4.0.3 suffers from an integer overflow vulnerability that results in an out-of-bounds memory read.
9fe0f92666d1dda0f8fc69edc3f1572b6a7eddcaf75f93240712c87c6704def8