>> TAG: #0day

thrsrossi Millhouse-Project 1.414 – ‘content’ Persistent Cross-Site Scripting

WebKit – Universal XSS in JSObject::putInlineSlow and JSValue::putToPrimitive

macOS XNU – Missing Locking in checkdirs_callback() Enables Race with fchdir_common()

Blue Stacks App Player 2.4.44.62.57 – “BstHdLogRotatorSvc” Unquote Service Path

Aida64 6.10.5200 – Buffer Overflow (SEH)

OpenVPN Connect 3.0.0.272 – ‘agent_ovpnconnect’ Unquoted Service Path

Ayukov NFTP client 1.71 – ‘SYST’ Buffer Overflow

Launch Manager 6.1.7600.16385 – ‘DsiWMIService’ Unquoted Service Path

Apple macOS 10.15.1 – Denial of Service (PoC)

Micro Focus (HPE) Data Protector – SUID Privilege Escalation (Metasploit)