CVE-2018-20374

An issue was discovered in Tiny C Compiler aka TinyCC or TCC 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the usesection1 function in tccasm.c...

Possible use-after-free with `proplist::Iterator`

Affected versions contained a possible use-after-free issue with property list iteration due to a lack of a lifetime constraint tying the lifetime of a proplist::Iterator to the Proplist object for which it was created. This made it possible for users, without experiencing a compiler error/warnin...

SUSE-SU-2018:3933-1 Security update for java-1_7_1-ibm

java-171-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 35 bsc1116574: Consumability - IJ10515 AIX JAVA 7.1.3.10 GENERAL PROTECTION FAULT WHEN ATTEMPTING TO USE HEALTH CENTER API Class Libraries - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-31...

SUSE-SU-2018:3921-1 Security update for java-1_7_1-ibm

java-171-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 35 bsc1116574: Consumability - IJ10515 AIX JAVA 7.1.3.10 GENERAL PROTECTION FAULT WHEN ATTEMPTING TO USE HEALTH CENTER API Class Libraries - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-31...

Sheepl - Creating Realistic User Behaviour For Supporting Tradecraft Development Within Lab Environments

Sheepl : Creating realistic user behaviour for supporting tradecraft development within lab environments Introduction There are lots of resources available online relating to how you can build AD network environments for the development of blue team and red team tradecraft. However the current...

Safari+macOS full exploit chain-vulnerability and early warning-the black bar safety net

At this year's Pwn2Own 2018 game, there is more for the Apple Safari browser attack challenge, today we will introduce for Safari remote code executionRCE, sandbox escapes, local privilege escalationLPEand for macOS 10.13.3 kernel exploits. To attack the challenges of the environment settings...

Moderate: Red Hat Enhancement Advisory: new packages: rust-toolset-1.29

New rust-toolset-1.29 packages are now available as a part of Red Hat Developer Tools for Red Hat Enterprise Linux. Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, the cargo-vendor plugin, and required libraries. This enhancement...

glibc security, bug fix, and enhancement update

2.17-260.0.9 - Regenerate plural.c - OraBug 28806294. - Reviewed-by: Jose E. Marchesi 2.17-260.0.7 - intl: Port to Bison 3.0 - Backport of upstream gettext commit 19f23e290a5e4a82b9edf9f5a4f8ab6192871be9 - OraBug 28806294. - Reviewed-by: Patrick McGehearty 2.17-260.0.5 - Fix dbl-64/wordsize-64...

EulerOS Virtualization 2.5.0 : gcc (EulerOS-SA-2018-1331)

According to the versions of the gcc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The gcc package contains the GNU Compiler Collection version 4.8.You'll need this package in order to compile C code. - Security...

High severity vulnerability that affects org.scala-lang:scala-compiler

The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/$USER:shared/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges...

GHSA-QVXV-PMQ9-4Q7G High severity vulnerability that affects org.scala-lang:scala-compiler

The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/$USER:shared/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges...

ai.grakn:client-java (=1.3.0), ai.grakn:grakn-bootup (=v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744) +2597 more potentially affected by CVE-2017-15288 via org.scala-lang:scala-compiler (>=2.10.0-M1 <=2.10.6)

org.scala-lang:scala-compiler MAVEN version =2.10.0-M1, =1.0.0, =0.7.0, =0.12.0, =1.2.0, =0.12.0, =1.0.0, =1.0.0, =0.10.0, =0.6.1, =0.17.0, =1.1.0 and more Source cves: CVE-2017-15288 Source advisory: OSV:GHSA-QVXV-PMQ9-4Q7G...

CVE-2018-12387

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content...

CVE-2018-12387

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content...

Null pointer dereference

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content...

CVE-2018-12387

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content...

CVE-2018-12387

Mozilla Firefox and Firefox ESR are affected by CVE-2018-12387 due to a memory-safety bug in the JavaScript JIT where Array.prototype.push is inlined with multiple arguments, causing the stack pointer to be off by 8 bytes after bailout. This results in a memory address leak to the caller, enablin...

Intel Graphics Drivers Unified Shader Compiler Denial of Service Vulnerability

Intel Graphics Drivers is an integrated graphics driver developed by Intel Corporation, of which Unified Shader Compiler is a compiler. A denial of service vulnerability exists in the Unified Shader Compiler in Intel Graphics Drivers versions prior to 10.18.x.5056, 10.18.x.5057, and 20.19.x.5058....

CVE-2018-12154

Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 aka 15.33.x.5056, 10.18.x.5057 aka 15.36.x.5057 and 20.19.x.5058 aka 15.40.x.5058 may allow an unprivileged user to potentially create an infinite loop and crash an application via local access...

CVE-2018-12154

Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 aka 15.33.x.5056, 10.18.x.5057 aka 15.36.x.5057 and 20.19.x.5058 aka 15.40.x.5058 may allow an unprivileged user to potentially create an infinite loop and crash an application via local access...