Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file.

Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL script.

Direct connect text client (DCTC) client 0.83.3 allows remote attackers to cause a denial of service (crash) via a string ending with a NULL byte character.

The parse-get function in utils.c for apt-www-proxy 0.1 allows remote attackers to cause a denial of service (crash) via an empty HTTP request, which causes a null dereference.

Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hostname.

ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and other intermediary devices to lose proper track of the FTP session.

member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which facilitates cross-site scripting (XSS) and possibly other attacks.