Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks. CVE-2017-7518 Andy Lutomirski discovered that KVM is prone to an incorrect debug exception error occurring while emulating a syscall instruction. A process inside a guest can take advantage of this flaw for privilege escalation inside a guest. CVE-2017-75 ...
Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in incorrect processing of HTTP/FTP, directory traversal, command injection, unintended socket creation or information disclosure. This update also fixes several issues in RubyGems which could allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denia ...
It was discovered that the Apache XML Security for C++ library performed insufficient validation of KeyInfo hints, which could result in denial of service via NULL pointer dereferences when processing malformed XML data.
Andreas Hug discovered an open redirect in Django, a Python web development framework, which is exploitable if django.middleware.common.CommonMiddleware is used and the APPEND_SLASH setting is enabled.
Jann Horn discovered a directory traversal vulnerability in cgit, a fast web frontend for git repositories written in C. A remote attacker can take advantage of this flaw to retrieve arbitrary files via a specially crafted request, when "enable-http-clone=1" is not turned off.
Enrico Zini discovered a vulnerability in Syntastic, an addon module for the Vim editor that runs a file through external checkers and displays any resulting errors. Config files were looked up in the current working directory which could result in arbitrary shell code execution if a malformed source code file is opened.
Several vulnerabilities were discovered in libsmpack, a library used to handle Microsoft compression formats. A remote attacker could craft malicious CAB, CHM or KWAJ files and use these flaws to cause a denial of service via application crash, or potentially execute arbitrary code.