QEMU has an issue where virtfs permits a guest to access the entire host filesystem.
Adobe Flash suffers from an overflow vulnerability during MP4 AMF parsing.
Adobe Flash suffers from a stack corruption vulnerability using a fuzzed SWF file.
Adobe Flash suffers from a heap overflow vulnerability during YUVPLane decoding.
Adobe Flash suffers from a use-after-free vulnerability in applying bitmapfilter.
Google Chrome suffers from a bypass vulnerability in the download filetype blacklist functionality. Versions 54.0.2840.100 stable is affected.
Cisco ASA WebVPN CIFS handling buffer overflow conditions have been discovered.
GDI suffers from an insufficient bounds check on GDI32!ConvertDxArray.
Microsoft Office 2010 running under Windows 7 x86 with Application Verifier enabled suffers from a heap out-of-bounds access issue that leads to a memory corruption condition.
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
Microsoft Office 2010 running under Windows 7 x86 with Application Verifier enabled suffers from a heap corruption issue due to a missing length check.
Elefant CMS version 1.3.12-RC suffers from remote code execution vulnerabilities.
Plone version 5.0.5 suffers from a cross site scripting vulnerability.
This Metasploit module executes an arbitrary native payload on a Microsoft SQL server by loading a custom SQL CLR Assembly into the target SQL installation, and calling it directly with a base64-encoded payload. The module requires working credentials in order to connect directly to the MSSQL Server. This method requires the user to have sufficient privileges to install a custom SQL CRL DLL, and invoke the custom stored procedure that comes with it. This exploit does not leave any binaries on disk. Tested on MS SQL Server versions: 2005, 2012, 2016 (all x64).
Elefant CMS version 1.3.12-RC suffers from multiple cross site request forgery vulnerabilities.
Simplessus Files version 3.7.7 suffers from a path traversal vulnerability.
Ubuntu Security Notice 3199-2 - USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit. Unfortunately, various programs depended on the original behavior of the Python Cryptography Toolkit which was altered when fixing the vulnerability. This update retains the fix for the vulnerability but issues a warning rather than throwing an exception. Code which produces this warning should be updated because future versions of the Python Cryptography Toolkit re-introduce the exception. Various other issues were also addressed.
Gentoo Linux Security Advisory 201702-9 - Multiple vulnerabilities have been found in ImageMagick, the worst of which allows remote attackers to execute arbitrary code. Versions less than 126.96.36.199 are affected.
Debian Linux Security Advisory 3790-1 - Several vulnerabilities were discovered in spice, a SPICE protocol client and server library.
Ubuntu Security Notice 3199-1 - It was discovered that the ALGnew function in block_templace.c in the Python Cryptography Toolkit contained a heap-based buffer overflow vulnerability. A remote attacker could use this flaw to execute arbitrary code by using a crafted initialization vector parameter.