An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
All posts by 007admin
CVE-2017-2489
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.
CVE-2017-6974
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the “System Integrity Protection” component. It allows attackers to modify the contents of a protected disk location via a crafted app.
CVE-2017-2490
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Vuln: ownCloud and Nextcloud CVE-2016-9459 HTML Injection Vulnerability
ownCloud and Nextcloud CVE-2016-9459 HTML Injection Vulnerability
Vuln: Splunk Enterprise HTML Injection and Information Disclosure Vulnerabilities
Splunk Enterprise HTML Injection and Information Disclosure Vulnerabilities
Vuln: libplist 'base64encode()' Function Local Denial of Service Vulnerability
libplist ‘base64encode()’ Function Local Denial of Service Vulnerability
Vuln: libplist 'parse_string_node()' Function Local Denial of Service Vulnerability
libplist ‘parse_string_node()’ Function Local Denial of Service Vulnerability
Splunk Enterprise Multiple Version Information Disclosure
Attackers can siphon information from Splunk Enterprise if an authenticated Splunk user visits a malicious webpage. Some useful data gained is the currently logged in username and if remote user setting is enabled. After, the username can be use to Phish or Brute Force Splunk Enterprise login. Additional information stolen may aid in furthering attacks.
RHSA-2017:0860-1: Critical: chromium-browser security update
Red Hat Enterprise Linux: An update for chromium-browser is now available for Red Hat Enterprise Linux 6
Supplementary.
Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2017-5052, CVE-2017-5053, CVE-2017-5054, CVE-2017-5055, CVE-2017-5056