An information disclosure vulnerability exists in Microsoft Windows gdi32.dll. A remote attacker can exploit this vulnerability by sending the target user a malicious file. Successful exploitation could result in an out-of-bounds read and access to private user data.
Campaigns of malvertising, redirecting to malicious web pages, have been identified. Successful exploitation could result in remote code execution on the target system once the malicious page is loaded.
Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786.
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to cause a denial of service (invalid free) or possibly have unspecified other impact via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state.
Are you a programmer?
If yes, then you would know the actual pain of… “forgetting a semicolon,” the hide and seek champion since 1958.
Typos annoy everyone. Remember how a hacker’s typo stopped the biggest bank heist in the history, saved $1 billion of Bangladesh bank from getting stolen.
But this time a typo in the Zerocoin source code costs the company more than $585,000 in losses.
– Update to 1.0.3