4images versions 1.7.13 and below suffer from a remote SQL injection vulnerability.
Monthly Archives: November 2016
CVE-2016-5195
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka “Dirty COW.”
CVE-2016-9268
Unrestricted file upload vulnerability in the Blog appearance in the “Install or upgrade manually” module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors.
Exponent CMS 2.4.0 Blind SQL Injection
Exponent CMS version 2.4.0 suffers from a remote blind SQL injection vulnerability.
CA Unified Infrastructure Management Bypass / Traversal / Disclosure
CA Technologies Support is alerting customers to three vulnerabilities in CA Unified Infrastructure Management (formerly CA Nimsoft). The first vulnerability, CVE-2016-9165, involves insecure handling of sessions IDs. A remote attacker can potentially acquire a session ID and bypass authentication or elevate privileges. The second vulnerability, CVE-2016-9164, is a path traversal information disclosure vulnerability associated with the diag.jsp file. A remote attacker can potentially access sensitive information. The third vulnerability, CVE-2016-5803, is a path traversal information disclosure vulnerability associated with the download_lar.jsp file. A remote attacker can potentially access sensitive information. CA Technologies has assigned Medium and High risk ratings to these vulnerabilities. Solutions are available.
CA Service Desk Manaager 12.9 / 14.1 Code Execution
CA Technologies Support is alerting customers to a vulnerability in CA Service Desk Manager (formerly CA Service Desk). A reflected cross site scripting vulnerability, CVE-2016-9148, exists in the QBE.EQ.REF_NUM parameter of the SDM web interface. A remote attacker, who can trick a user into clicking on or visiting a specially crafted link, could potentially execute arbitrary code on the targeted user’s system. CA Technologies has assigned a Medium risk rating to this vulnerability. A solution is available.
python-cryptography-vectors-1.5.3-1.fc25 python-cryptography-1.5.3-3.fc25
Rebase to 1.5.3 to fix CVE-2016-9243
python-cryptography-vectors-1.5.3-1.fc23 python-cryptography-1.5.3-3.fc23
Rebase to 1.5.3 to fix CVE-2016-9243
python-cryptography-vectors-1.5.3-1.fc24 python-cryptography-1.5.3-3.fc24
Rebase to 1.5.3 to fix CVE-2016-9243
Red Hat Security Advisory 2016-2676-01
Red Hat Security Advisory 2016-2676-01 – The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.644. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.