iTunes for Windows 12.6 is now available and addresses the following:
Available for: Windows 7 and later
Impact: Multiple issues in SQLite
Description: Multiple issues existed in SQLite. These issues were
addressed by updating SQLite to version 3.15.2.
Adium is a popular instant messaging client for MacOS (OSX) that
incorporates libpurple. The current release (18.104.22.168) is vulnerable
to CVE-2017-2640 in libpurple, which permits execution of arbitrary
code on the client.
The Adium team has been aware of the vulnerability since at least
March 15, but has not released an advisory to its users, for reasons
A post to the official developer's mailing list, which included
With my newfound knowledge of vulnerable devices out there with an unbelievable number of more than 1 million Dahua /
where knowledge comes from a report made by NSFOCUS and my own research on shodan.io.
With this knowledge, I will not release the Python PoC to the public as before said of April 5, as it is not necessary
when the PoC has already been verified by IPVM and other independent security researchers.
Terminal Services / Console Session Hijacking can lead to Privilege
A privileged user, which can gain command execution with NT
AUTHORITY/SYSTEM rights can hijack any currently logged in user's session,
without any knowledge about his credentials.
Terminal Services session can be either in connected or disconnected state.
This is high risk vulnerability which allows any local admin to hijack a
The following is my application vulnerabilities.
[CVE-2017-6878]:MetInfo5.3.15 Stored Cross Site Scripting
Versions Affected: 5.3.15
Vendor URL: http://www.metinfo.cn/
Ubuntu Security Notice 3235-1 - It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 16.04 LTS. It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
Red Hat Security Advisory 2017-0557-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.2 serves as a replacement for Red Hat JBoss BPM Suite 6.4.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Multiple security issues have been addressed.
Vulnerabilities were identified in the camera software by Axis. These were
discovered during a black box assessment and therefore the vulnerability
list should not be considered exhaustive; observations suggest that it is
likely that further vulnerabilities exist.