Gentoo Linux Security Advisory 201702-16 – Multiple vulnerabilities have been found in Redis, the worst of which may allow execution of arbitrary code. Versions less than 3.2.5 are affected.
Monthly Archives: February 2017
Gentoo Linux Security Advisory 201702-17
Gentoo Linux Security Advisory 201702-17 – Multiple vulnerabilities have been found in MySQL, the worst of which could lead to privilege escalation. Versions less than 5.6.35 are affected.
Gentoo Linux Security Advisory 201702-18
Gentoo Linux Security Advisory 201702-18 – Multiple vulnerabilities have been found in MariaDB, the worst of which could lead to privilege escalation. Versions less than 10.0.29 are affected.
Gentoo Linux Security Advisory 201702-19
Gentoo Linux Security Advisory 201702-19 – A buffer overflow in TigerVNC might allow remote attackers to execute arbitrary code. Versions less than 1.7.1 are affected.
Gentoo Linux Security Advisory 201702-13
Gentoo Linux Security Advisory 201702-13 – Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. Versions less than 45.7.0 are affected.
Gentoo Linux Security Advisory 201702-14
Gentoo Linux Security Advisory 201702-14 – A heap-based buffer overflow in PyCrypto might allow remote attackers to execute arbitrary code. Versions less than 2.6.1-r2 are affected.
CVE-2015-4057
The “Plug-in for VMware vCenter” in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network.
CVE-2015-4056
The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access.
Blindspot Advisory: Java/Python FTP Injections Allow for Firewall Bypass
Posted by Timothy D. Morgan on Feb 21
Overview
Recently, an vulnerability in Java’s FTP URL handling code has been published which allows for protocol stream
injection. It has been shown[1] that this flaw could be used to leverage existing XXE or SSRF vulnerabilities to send
unauthorized email from Java applications via the SMTP protocol. While technically interesting, the full impact of this
protocol stream injection has not been fully accounted for in existing public…
Multiple cross-site request forgery (CSRF) vulnerabilities in the DIGISOL (DG-HR 1400) Wireless Router
Posted by Indrajith AN on Feb 21
Title:
====
D-link wireless router DIR-816L – Cross-Site Request Forgery (CSRF)
vulnerability
Credit:
======
Name: Indrajith.A.N
Date:
====
21-02-2017
Vendor:
======
DIGISOL router is a product of Smartlink Network Systems Ltd. is one of
India’s leading networking company. It was established in the year 1993 to
prop the Indian market in the field of Network Infrastructure.
Product:
=======
DIGISOL DG-HR1400 is a wireless Router…