Red Hat Security Advisory 2017-2771-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Security Fix: A command injection flaw within the Emacs "enriched mode" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user.
cb35a154f38364f0cf86d57de243546bRed Hat Security Advisory 2017-2770-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation.
309ffcc2d0f57255505d805840f3e1acWordPress 2kb Amazon Affiliates Store plugin versions 2.1.0 and below suffer from a cross site scripting vulnerability.
ed7cc9ee351abba47e1139929002ac68Apple Security Advisory 2017-09-19-3 - Xcode 9 is now available and addresses code execution and various other vulnerabilities.
ceb2c2f78ef1e1f1c8aa088b00de216fApple Security Advisory 2017-09-19-2 - Safari 11 is now available and addresses address bar spoofing and other vulnerabilities.
34ca0443a87e1428867cc0a7953bddd1Apple Security Advisory 2017-09-19-1 - iOS 11 is now available and addresses cross site scripting, denial of service, and various other vulnerabilities.
9ee202aa152d60cfa872edd8b90b9234This Microsoft bulletin summary notes that the ADV170015 Defense in Depth Update has undergone a major revision increment.
9155c1132898ead402bf1d1b261e2e32SUSE/Portus version 2.2 suffers from a persistent cross site scripting vulnerability.
45c4673d073bbdcf395b309bad7cd3d0DlxSpot Player4 LED video wall has a hardcoded password that allows you to ssh in and escalate to root.
a8c160f05eb5b14922777c74c7455bf9DlxSpot Player4 LED video wall suffers from a remote shell upload vulnerability. Versions greater than 1.5.10 are affected.
9af7a881088ecdf7ad4e03ae9466faebDlxSpot Player4 LED video wall suffers from a remote SQL injection vulnerability that allows for authentication bypass. Versions greater than 1.5.10 are affected.
2d94a5f031c7d5b9085cc566f159b20bThere is a security issue in Microsoft Edge related to how HTML documents are loaded. If Edge displays a HTML document from a slow HTTP server, it is possible that a part of the document is going to be rendered before the server has finished sending the document. It is also possible that some JavaScript code is going to trigger. By making DOM modifications before the document had a chance of fully loading, followed by another set of DOM modifications after the page has been loaded, it is possible to trigger memory corruption that could possibly lead to an exploitable condition.
38a51b456f8f99a75032e480ca87fb20The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtQueryCompositionSurfaceBinding.
73d3685f1e900f98c6cd4f3a23681176The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiHLSurfGetInformation.
ea7057c9591140087eed136016fbcd5aThe Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiDoBanding.
fe4029deb9c5251a89ca66ad88be9adcThere is an out-of-bounds read issue in Microsoft Edge that could potentially be turned into remote code execution. The vulnerability has been confirmed on Microsoft Edge 38.14393.1066.0 (Microsoft EdgeHTML 14.14393) as well as Microsoft Edge 40.15063.0.0 (Microsoft EdgeHTML 15.15063).
f8f0367a62a7c9dadd43f0e6c52c13e5The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiEngCreatePalette.
83ee676927d72312fbb286ed64a835d8The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiGetFontResourceInfoInternalW.
61dc2229ecbf3b49ce1abc604e7d026dThe Microsoft Windows kernel win32k.sys TTF font processing suffers from an out-of-bounds read vulnerability with a malformed glyf table.
6641efba2930501968ff7f836aa362bcThe Microsoft Windows kernel win32k.sys TTF font procession functionality suffers from out-of-bounds read/write vulnerabilities.
aa8a1953e3c70722e1dd32b005aa020cThe Microsoft Windows kernel pool suffers from a memory disclosure vulnerability in nt!NtSetIoCompletion and nt!NtRemoveIoCompletion.
fd5025fc6a75cc5dbc1f54b354b0c2e7The Microsoft Windows kernel suffers from a memory disclosure in win32k!NtGdiGetPhysicalMonitorDescription.
890bef0c1635255b9915dcca14ad5865The Microsoft Windows kernel pool suffers from a memory disclosure vulnerability in win32k!NtGdiGetGlyphOutline.
5b64942e584a037e7e24695cad37a8d2RECON Brussels has announced it's call for papers. The conference will take place January 29th through February 4th, 2018 in Brussels, Belgium.
b8cd79d146f9f4323ceb0141217dd86cWatchguard's Firebox and XTM appliances suffer from an XML-RPC empty member denial of service vulnerability. Firmware versions below 12.0 were found to be vulnerable.
834b3f0a96297865381ef9778e35cd66
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed