The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.
Monthly Archives: June 2016
CVE-2016-3944
UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com.
CVE-2016-4804 (dosfstools, leap, opensuse, ubuntu_linux)
The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.
Apache Shiro 1.2.4 Information Disclosure
Apache Shiro versions 1.0.0-incubating through 1.2.4 suffer from an information disclosure vulnerability.
WordPress WP Mobile Detector 3.5 Shell Upload
WordPress WP Mobile Detector plugin versions 3.5 and below suffer from a remote shell upload vulnerability.
Avira HR @SingularityU event in Berlin
Thought leaders of the Singularity University from Silicon Valley hosted their first ever summit in Germany recently. They presented condensed and appealing overviews on exponential technologies like artificial intelligence, robotics, 3D printing, virtual reality, and on the future of work in general.
The post Avira HR @SingularityU event in Berlin appeared first on Avira Blog.