>> ARCHIVE: 2019-07

Microsoft DirectWrite / AFDKO suffers from a NULL pointer dereferences vulnerability in OpenType font handling while accessing empty dynarrays.

Microsoft DirectWrite / AFDKO suffers from multiple bugs in OpenType font handling related to the “post” table.

Microsoft DirectWrite / AFDKO suffers from an out-of-bounds read vulnerability in OpenType font handling due to undefined FontName index.

Microsoft DirectWrite / AFDKO suffers from a heap-baeed out-of-bounds read/write vulnerability in OpenType font handling due to empty ROS strings.

Microsoft DirectWrite / AFDKO suffers from a stack corruption vulnerability in OpenType font handling while processing CFF blend DICT operator.

There is a Microsoft Font Subsetting DLL heap corruption vulnerability in ComputeFormat4CmapData.

Jenkins Dependency Graph View plugin version 0.13 suffers from a persistent cross site scripting vulnerability.

SNMPc Enterprise Edition versions 9 and 10 suffer from a mapping filename buffer overflow vulnerability.

Sitecore version 9.0 rev 171002 suffers from a persistent cross site scripting vulnerability.

This Metasploit module exploits a command injection vulnerability in Xymon versions before 4.3.25 which allows authenticated users to execute arbitrary operating system commands as the web server user. When adding…