SUSE/Portus version 2.2 suffers from a persistent cross site scripting vulnerability.
0f89be3598b185b26e1d2346f6a7fe4fee3bd2aa160be8583d7a7b5cb67d1258
DlxSpot Player4 LED video wall has a hardcoded password that allows you to ssh in and escalate to root.
ad7221803cc82d07c5c7cb36a0c7fa5ab1c1470b7d79822c80ae2cf2222c91ef
DlxSpot Player4 LED video wall suffers from a remote shell upload vulnerability. Versions greater than 1.5.10 are affected.
cd16ccf2cb79eec67b0acdb89179c16a34bf3dd46fa56e1744900720137d99d1
DlxSpot Player4 LED video wall suffers from a remote SQL injection vulnerability that allows for authentication bypass. Versions greater than 1.5.10 are affected.
fdaa1e5ebec65e962e6328d916742401f61f014c18d915bc5c8aa40a4a021264
There is a security issue in Microsoft Edge related to how HTML documents are loaded. If Edge displays a HTML document from a slow HTTP server, it is possible that a part of the document is going to be rendered before the server has finished sending the document. It is also possible that some JavaScript code is going to trigger. By making DOM modifications before the document had a chance of fully loading, followed by another set of DOM modifications after the page has been loaded, it is possible to trigger memory corruption that could possibly lead to an exploitable condition.
5907d1f5e11d78ce0680fb433a3f355dee6f8223e8d01f9b8f025438c5f23e93
The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtQueryCompositionSurfaceBinding.
97dfe662c3e212f195077df81c9f450105d5f5bb498fe0cb34f4f678d2acedea
The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiHLSurfGetInformation.
9771af75ba5776d56facb4df49d7fb859a4bfd6477530871ca30eecee7176653
The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiDoBanding.
ce5174da745945af0536226dcc68a30316e457cf0c82745d0f967acc1000fce4
There is an out-of-bounds read issue in Microsoft Edge that could potentially be turned into remote code execution. The vulnerability has been confirmed on Microsoft Edge 38.14393.1066.0 (Microsoft EdgeHTML 14.14393) as well as Microsoft Edge 40.15063.0.0 (Microsoft EdgeHTML 15.15063).
50a17f878e4cb540b01d5045a6e10dff2e139109eb14511dd0fda4dc068c0013
The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiEngCreatePalette.
19534c75943c3e0642c38c1564dd540a57e1e016170d58381a59ca2351582871
The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiGetFontResourceInfoInternalW.
93d7bebfe66c56e0f2e14114d0667f06fd44fbedd76a6a86c9c8179152bfeb4e
The Microsoft Windows kernel win32k.sys TTF font processing suffers from an out-of-bounds read vulnerability with a malformed glyf table.
a7050910c77e420b0c7a955a70fb099fcb4a578af737567b9b07ba1c37388057
The Microsoft Windows kernel win32k.sys TTF font procession functionality suffers from out-of-bounds read/write vulnerabilities.
288ffdbaba2e2fcb71c5fde2989befb9b43c48a7e7f6adb9ef3667963dbffee6
The Microsoft Windows kernel pool suffers from a memory disclosure vulnerability in nt!NtSetIoCompletion and nt!NtRemoveIoCompletion.
3630b21a4a12c4dba45a03bdcb41c540d368fe13592dfc7ada1b19900383ec7a
The Microsoft Windows kernel suffers from a memory disclosure in win32k!NtGdiGetPhysicalMonitorDescription.
6fd91d83df1fd2ff8ea38e6df707d3861af5a3c8767520a522c0175d961f22a7
The Microsoft Windows kernel pool suffers from a memory disclosure vulnerability in win32k!NtGdiGetGlyphOutline.
ec2b6c6d3ded9a4ffa1e0a602b06d411d8cbc260e93769ce539adb46150ee7f9
RECON Brussels has announced it's call for papers. The conference will take place January 29th through February 4th, 2018 in Brussels, Belgium.
fae09377da85525c09370bf585b8d0a6c2e5c006a0cee1fae4b38ee49c03df59
Watchguard's Firebox and XTM appliances suffer from an XML-RPC empty member denial of service vulnerability. Firmware versions below 12.0 were found to be vulnerable.
f35060e5dda494448736ef7b95004a77b73f2fca248240116812cd811357f138
The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
f03b9428d67dc46ff3b712d7c827a00f746ceef20553d5b7b9236072384bb73e
iBall ADSL2+ Home Router suffers from multiple authentication bypass vulnerabilities.
635f009d1e12b5496c298300d09fc7cad1a9cfc40696486a53a78e70d1171973
UTStar WA3002G4 ADSL Broadband Modem suffers from multiple authentication bypass vulnerabilities.
08e31fe478f251ddfcd511deb891b99dadb6a1658d5c494bffb351ffd9adb0ba
ZKTeco ZKTime Web version 2.0.1.12280 suffers from an information disclosure vulnerability.
811eb0b57b3cd49cee2189f5eb612a73cae9f96638a3df2820261c8a6a572841
ZKTeco ZKTime Web version 2.0.1.12280 suffers from a cross site request forgery vulnerability.
43760e15c0b9deae51f97468c95fdc43e7806e482b1715bfce02ee8a952f4d6e
This Microsoft bulletin summary lists a CVE that has undergone a major revision increment.
0fd670ee0f6c6f5dbfa40428bd339e9dffb1fade0801ed1ea13795174324240d
Red Hat Security Advisory 2017-2760-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local user could potentially use this flaw to escalate their privileges on the system.
63f5ba90523673c11c99253e704d39c3afc183161c91cfb839cfbf9db858fc32