Mongoose Embedded Web Server Library versions 6.8 and below suffer from a stack-based buffer overflow vulnerability.
4fb80ad189731d24ec26827f09996fc6817ecce4f5d42ff3a887ceacbec10d9b
Pixie Image Editor versions 1.4 and 1.7 suffer from a server-side request forgery vulnerability.
4810929f8c991ac10100bb073270d0ab4cae3ded5c49e3be1cd7403684da5f73
Apple Security Advisory 2017-09-20-2 - watchOS 4 addresses code execution vulnerabilities.
f9cdedf252be3c12ad1d0907e2e8a94476a0fcf654d70bf2648b39d50c47b8a3
EMC ViPR SRM, EMC Storage M and R, EMC VNX M and R, EMC M and R (Watch4Net) for SAS Solution Packs contain directory traversal and denial of service vulnerabilities.
d8fd541238a290126b690b97c35135c5a00a337a9f9c9294e18f218ff29f8426
Asterisk Project Security Advisory - Insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the nat and symmetric_rtp options allow redirecting where Asterisk sends the next RTCP report.
313ff9367083c848ad358358e1ef5d2e2cc08ab243a86253a3085a0a2c87e354
Apple Security Advisory 2017-09-20-1 - This advisory provides additional information for APPLE-SA-2017-09-19-1 iOS 11.
8aeb5a27b696a6b9371d6de6e28fa2fbc84fc7b2623227bae3da19122efca2d6
Ubuntu Security Notice 3414-2 - USN-3414-1 fixed vulnerabilities in QEMU. The patch backport for CVE-2017-9375 was incomplete and caused a regression in the USB xHCI controller emulation support. This update fixes the problem. Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources or crash, resulting in a denial of service. Various other issues were also addressed.
1d827ba81365c6bdfd6f012da771e75dd4ada8902a22473187bbbf26c49b80d4
Ubuntu Security Notice 3425-1 - Hanno Boeck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed.
a1a39c1915ac88f760d98cc7fd6c63b884d3ccb7402a2440e1864e64c6cc73fa
Red Hat Security Advisory 2017-2771-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Security Fix: A command injection flaw within the Emacs "enriched mode" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user.
28bd09fac5e30458608e8154c11408ed75f185f0abee5e8ea7f00a64c4edf902
Red Hat Security Advisory 2017-2770-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation.
8ce1e8eda24ca99789ffae91e998f600aa35c54fea94475650ac19fd442faa90
WordPress 2kb Amazon Affiliates Store plugin versions 2.1.0 and below suffer from a cross site scripting vulnerability.
3ae51e465aa8a2ee5523c26071aa889af6b47942e855e9e601be39a1530278ee
Apple Security Advisory 2017-09-19-3 - Xcode 9 is now available and addresses code execution and various other vulnerabilities.
b323f39eaec8eb4fc3557dbe54e6dc9f0deb4ab6e1e1465cd32b69c5e7ba3a49
Apple Security Advisory 2017-09-19-2 - Safari 11 is now available and addresses address bar spoofing and other vulnerabilities.
646b56a1d048967dab28769f1aaf50de1bdc5527808800579ae3d7c67b9fe324
Apple Security Advisory 2017-09-19-1 - iOS 11 is now available and addresses cross site scripting, denial of service, and various other vulnerabilities.
865ddf6e4616468e824f454d3cd875358dafbfd0bc8839b6bdf8c0c9a75125c5
This Microsoft bulletin summary notes that the ADV170015 Defense in Depth Update has undergone a major revision increment.
0a31b8b3975bdc82af9108af71693dd319cb56d6daf751d66384208beeb54a14