A bug in JSC YarrJIT initParenContextFreeList allows for bytes to be overwritten.
>> CATEGORY: exploit
WordPress WP Fastest Cache plugin versions 0.8.9.5 and below suffer from a directory traversal vulnerability.
Amcrest Cameras version 2.520.AC00.18.R suffers from an authentication bypass vulnerability allowing an attacker to retrieve audio streams.
iMessage suffers from a vulnerability where NSKeyedUnarchiver deserialization allows file backed NSData objects.
iMessage suffers from a vulnerability where NSArray deserialization can invoke a subclass that does not retain references.
iMessage suffers from a memory corruption vulnerability when decoding NSKnownKeysDictionary1.
WordPress Real Estate theme version 2.8.9 suffers from a cross site scripting vulnerability.
GigToDo versions 1.3 and below suffer from a persistent cross site scripting vulnerability.
NSKeyedUnarchiver suffers from a use-after-free vulnerability with ObjC objects when unarchiving OITSUIntDictionary instances even if secureCoding is required.
This Metasploit module can be used to leverage the extension functionality added by Redis 4.x and 5.x to execute arbitrary code. To transmit the given extension it makes use of…