:: Deepquest ::

VMware Workstation version 12 Pro suffers from a null pointer dereference in the vstor2 driver.

Artifex MuPDF mutool suffers from a null pointer dereference vulnerability.

PuTTY versions prior to 0.68 suffer from an ssh_agent_channel_data integer overflow heap corruption vulnerability.

Linux Kernel versions prior to 4.10.13 suffer from a keyctl_set_reqkey_keyring local denial of service vulnerability.

The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco version 0.6.12 can cause a denial of service (memory allocation error) via a crafted CSS file.

The quicktime_read_moov function in moov.c in libquicktime version 1.2.4 can cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.

Due to insufficient checking of privileges, it is possible to access the OTRS Install dialog of an already installed instance, which enables an authenticated attacker to change the database settings, superuser password, mail server settings, log file location and other parameters. Versions affected include OTRS 5.0.x, OTRS 4.0.x, and OTRS 3.3.x.

http://www.joomla.khokkwai.go.th/se.html notified by darkshadow-tn

http://finance.nst2.go.th/web1/file_editor/AmoHassan.gif notified by ashiyane digital security team

The vulnerability laboratory team discovered a non-persistent cross site vulnerability in the official Composr v10.0.0 c…