The MacOS/iOS kernel suffers from a heap overflow in bpf.
WebKit Synchronous Page Load UXSS
WebKit suffers from a cross site scripting vulnerability via a synchronous page load.
WebKit Focus Event UXSS
WebKit suffers from a cross site scripting vulnerability via a focus event and a link element.
MacOS/iOS necp_open Use-After-Free
The MacOS/iOS kernel suffers from a use-after-free vulnerability due to bad locking in necp_open.
DSA-3828 dovecot – security update
It was discovered that the Dovecot email server is vulnerable to a
denial of service attack. When the dict
passdb and userdb are used
for user authentication, the username sent by the IMAP/POP3 client is
sent through var_expand() to perform %variable expansion. Sending
specially crafted %variable fields could result in excessive memory
usage causing the process to crash (and restart).
GLSA 201704-03: X.Org: Multiple vulnerabilities
GLSA 201704-01: QEMU: Multiple vulnerabilities
GLSA 201704-02: Chromium: Multiple vulnerabilities
WebKit WebCore::toJS Use-After-Free
WebKit suffers from a use-after-free vulnerability in WebCore::toJS.
Vuln: Faveo CVE-2017-7571 Cross Site Request Forgery Vulnerability
Faveo CVE-2017-7571 Cross Site Request Forgery Vulnerability