WebKit JIT has type confusion bugs in ByteCodeParser::handleIntrinsicCall.
Microsoft VBScript OLEAUT32!VariantClear / scrrun!VBADictionary::put_Item Use-After-Free
There is a use-after-free vulnerability in Microsoft VBScript. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied. There are possibly two vulnerabilities triggerable by the same proof of concept included.
WebKit JSC ForInContext Invalidation
WebKit JSC has an issue where BytecodeGenerator::hoistSloppyModeFunctionIfNecessary does not invalidate the ForInContext object.
Microsoft VBScript rtFilter Out-Of-Bounds Read
There is an out-of-bounds vulnerability in Microsoft VBScript in rtFilter. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied.
Ubuntu Ghostscript Failed Fix
The fix Ubuntu applied to address the Ghostscript vulnerability identified in CVE-2018-16510 appears to be insufficient.
Tarantella Enterprise Directory Traversal
Tarantella Enterprise versions prior to 3.11 suffer from a directory traversal vulnerability.
Tarantella Enterprise Security Bypass
Tarantella Enterprise versions prior to 3.11 suffer from an access control bypass vulnerability.
Siglent Technologies SDS 1202X-E Digital Oscilloscope 5.1.3.13 Hardcoded Credentials
Siglent Technologies SDS 1202X-E Digital Oscilloscope version 5.1.3.13 suffers from multiple security vulnerabilities including hardcoded backdoor accounts, missing authentication, and more.
Apache Spark Unauthenticated Command Execution
This Metasploit module exploits an unauthenticated command execution vulnerability in Apache Spark with standalone cluster mode through the REST API. It uses the function CreateSubmissionRequest to submit a malicious java class and triggers it.