>> TAG: #0day

CyberArk 9.7 – Memory Disclosure

Joomla! Component JE Photo Gallery 1.1 – ‘categoryid’ SQL Injection

Schneider Electric PLC – Session Calculation Authentication Bypass

VBScript – ‘rtFilter’ Out-of-Bounds Read

Synaccess netBooter NP-02x/NP-08x 6.8 – Authentication Bypass

Linux Kernel 4.8 (Ubuntu 16.04) – Leak sctp Kernel Pointer

HTML5 Video Player 1.2.5 – Buffer Overflow (Metasploit)

xorg-x11-server < 1.20.3 – 'modulepath' Local Privilege Escalation

VBScript – ‘OLEAUT32!VariantClear’ and ‘scrrun!VBADictionary::put_Item’ Use-After-Free

Apache Spark – Unauthenticated Command Execution (Metasploit)