A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+, DaOffice softwares could allow an unauthenticated, remote attacker to cause an arbitrary code execution on an affected device.nThe vulnerability is due to a stack overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device.
The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56.
A Permissions, Privileges, and Access Control vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to delete an arbitrary file.