Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections.
Monthly Archives: October 2016
CVE-2016-7167
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.
CVE-2016-7424
The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file.
CVE-2016-7777
Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it.
Cisco Warns of Critical Flaws in Nexus Switches
Networking giant Cisco issued five security bulletins this week with two critical bugs allowing remote execute code.
London Police Arrest Romanian ATM Hacker Who Stole Millions
A Romanian man has been arrested and charged with conspiracy relating to his involvement in a prolific ATM malware campaign.
Emanual Leahu, 30, was arrested in the western city of Bacău, Romania by the London Regional Fraud Team (LRFT) London police run by the City of London Police on Tuesday 20 September, extradited to the United Kingdom last week.
Leahu is believed to be a member of a
Free Tool Protects Mac Users from Webcam Surveillance
Mac security researcher Patrick Wardle released a tool called OverSight that monitors when malware may be recording a webcam or audio session on a macOS machine.
When ads go bad: Spotify ads served malicious content to free users
Image via The Next Web
The only thing worse than annoying advertisements are malicious advertisements.
A Wrinkle in Cybercrime
Do you know the difference between a tesser and a Voronoi tessellation?
The post A Wrinkle in Cybercrime appeared first on Avira Blog.
Mac Malware Can Secretly Spy On Your Webcam and Mic – Here's How to Stay Safe
Apple Mac Computers are considered to be much safer than Windows at keeping viruses and malware out of its environment, but that’s simply not true anymore.
It’s not because Mac OS X is getting worse every day, but because hackers are getting smart and sophisticated these days.
The bad news for Mac users is that malware targeting webcams and microphones has now come up for Mac laptops as well.
<
