sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name.
Monthly Archives: January 2017
CVE-2016-7793 (git-hub)
sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL.
CVE-2016-9016
Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
CVE-2015-8212
CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program.
CVE-2016-7543 (bash, fedora)
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
CVE-2016-7545
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
CVE-2016-10075 (tqdm)
The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.
Bugtraq: [security bulletin] HPSBMU03685 rev.1 – HPE Insight Control server provisioning (ICsp), Multiple Remote Vulnerabilities
[security bulletin] HPSBMU03685 rev.1 – HPE Insight Control server provisioning (ICsp), Multiple Remote Vulnerabilities
Bugtraq: [RCESEC-2016-012] Mattermost <= 3.5.1 "/error" Unauthenticated Reflected Cross-Site Scripting / Content Injection
[RCESEC-2016-012] Mattermost <= 3.5.1 “/error” Unauthenticated Reflected Cross-Site Scripting / Content Injection
Bugtraq: Novel Contributions to the Field – How I broke MySQL's codebase (Part 2) [CVE-2016-5541] MySQL Cluster 0day
Novel Contributions to the Field – How I broke MySQL’s codebase (Part 2) [CVE-2016-5541] MySQL Cluster 0day