Author: Cyberthreat Blog

MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.

Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption)...

hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the...

Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Squirrelmail 1.4.22 allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It’s possible to exploit this vulnerability to execute arbitrary shell commands on the remote...