FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c.
Category Archives: Security
Security
CVE-2017-7861
Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.
CVE-2017-7858
FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.
CVE-2017-7867
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.
Microsoft Windows Kernel win32kfull!SfnINLPUAHDRAWMENUITEM Memory Disclosure
The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32kfull!SfnINLPUAHDRAWMENUITEM.
Microsoft Windows Kernel NtGdiGetDIBitsInternal Memory Disclosure / DoS
Multiple bugs have been discovered in the implementation of the win32k!NtGdiGetDIBitsInternal system call, which is a part of the graphic subsystem in all modern versions of Windows. The issues can potentially lead to kernel pool memory disclosure or denial of service. Under certain circumstances, memory corruption could also be possible.
concrete5 8.1.0 Host Header Injection
concrete5 version 8.1.0 suffers from a host header injection vulnerability.
Agorum Core Pro 7.8.1.4-251 XXE Injection
Agorum Core Pro version 7.8.1.4-251 suffers from an XML external entity injection vulnerability.
Agorum Core Pro 7.8.1.4-251 Cross Site Scripting
Agorum Core Pro version 7.8.1.4-251 suffers from a reflective cross site scripting vulnerability.
AlienVault USM/OSSIM 5.3.4 / 5.3.5 Remote Command Execution
This Metasploit module exploits an unauthenticated command injection in Alienvault USM/OSSIM versions 5.3.4 and 5.3.5. The vulnerability lies in an API function that does not check for authentication and then passes user input directly to a system call as root.