>> TAG: #0day

Webiness Inventory 2.3 – ‘ProductModel’ Arbitrary File Upload

M/Monit 3.7.2 – Privilege Escalation

ArangoDB Community Edition 3.4.2-1 – Cross-Site Scripting

Apache CouchDB 2.3.0 – Cross-Site Scripting

Comodo Dome Firewall 2.7.0 – Cross-Site Scripting

Oracle Java Runtime Environment – Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour

Oracle Java Runtime Environment – Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions

qdPM 9.1 – ‘type’ Cross-Site Scripting

macOS – execve(/bin/sh) + Null-Free Shellcode (31 bytes)

Oracle Java Runtime Environment – Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process