The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.
CVE-2017-7207
The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.
CVE-2017-7209
The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.
CVE-2017-7205
A Cross-Site Scripting (XSS) was discovered in GamePanelX-V3 3.0.12. The vulnerability exists due to insufficient filtration of user-supplied data (a) passed to the “GamePanelX-V3-master/ajax/ajax.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2017-7206
The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.
Mozilla Firefox Table Use-After-Free
Mozilla Firefox suffers from a table use-after-free vulnerability.
QEMU User-To-Root Privilege Escalation
QEMU suffers from a user-to-root privilege escalation vulnerability inside a VM due to bad translation caching.
Microsoft Internet Explorer textarea.defaultValue Memory Disclosure
Microsoft Internet Explorer textarea.defaultValue suffers from a memory disclosure vulnerability.
Microsoft Windows Color Management Crash
Microsoft Windows Color Management library suffers from a crash vulnerability.
Microsoft Windows Uniscribe USP10!ScriptApplyLogicalWidth Out-Of-Bounds Read
Microsoft Windows Uniscribe heap-based out-of-bounds read in USP10!ScriptApplyLogicalWidth, trigger via EMF.