>> ARCHIVE: 2017-12

Advanced World Database version 2.0.5 suffers from a remote SQL injection vulnerability.

Resume Clone Script version 2.0.5 suffers from a remote SQL injection vulnerability.

Basic Job Site Script version 2.0.5 suffers from a remote SQL injection vulnerability.

Vanguard version 1.4 suffers from an arbitrary file upload vulnerability.

Vanguard version 1.4 suffers from a remote SQL injection vulnerability.

LibTIFF pal2rgb version 4.0.9 suffers from a heap buffer overflow.

There is a XNU kernel memory disclosure flaw caused by a bug in the kernel API for detecting kernel memory disclosures. No, this isn’t a failure at writing a description.

macOS and iOS suffer from a kernel double free due to incorrect API usage in flow divert socket option handling.

The macOS kernel suffers from a code execution vulnerability due to a lack of bounds checking in AppleIntelCapriController::GetLinkConfig.

macOS / iOS suffer from multiple kernel use-after-free vulnerabilities due to incorrect IOKit object lifetime management in IOTimeSyncClockManagerUserClient.