Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.
Monthly Archives: January 2017
CVE-2016-7478
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.
CSRF/XSS in Responsive Poll allows unauthenticated attackers to do almost anything an admin can (WordPress plugin)
Posted by dxw Security on Jan 10
Details
================
Software: Responsive Poll
Version: 1.6.4,1.7.4
Homepage: http://codecanyon.net/item/responsive-poll/6785692
Advisory report:
https://security.dxw.com/advisories/csrfxss-in-responsive-poll-allows-unauthenticated-attackers-to-do-almost-anything-an-admin-can/
CVE: Awaiting assignment
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)
Description
================
CSRF/XSS in Responsive Poll allows unauthenticated attackers to…
Docker 1.12.6 – Security Advisory
Posted by Nathan McCauley on Jan 10
Docker Engine version 1.12.6 has been released to address a vulnerability
and is immediately available for all supported platforms. Users are advised
to upgrade existing installations of the Docker Engine and use 1.12.6 for
new installations.
Please send any questions to security () docker com.
==============================================================
[CVE-2016-9962] Insecure opening of file-descriptor allows privilege
escalation…
Re: [oss-security] Docker 1.12.6 – Security Advisory
Posted by Kurt Seifried on Jan 10
Can you post a link to a patch for this issue, or to a bug entry with
additional details, or the download site at a minimum? Thanks!
CVE-2017-2943
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing tags in TIFF images. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2944
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when parsing crafted TIFF image files. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2934 (flash_player)
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2926 (flash_player)
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to processing of atoms in MP4 files. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2935 (flash_player)
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitrary code execution.