Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.
Monthly Archives: March 2017
CVE-2017-5511
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.
CVE-2017-5509
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
CVE-2017-7240
An issue was discovered on Miele Professional PG 8528 PST10 devices. The corresponding embedded webserver “PST10 WebServer” typically listens to port 80 and is prone to a directory traversal attack; therefore, an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks. A Proof of Concept is GET /../../../../../../../../../../../../etc/shadow HTTP/1.1.
CVE-2017-7257
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 “Content–>News–>Add Article” feature via the m1_content parameter. Someone must login to conduct the attack.
CVE-2017-7255
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 “Content–>News–>Add Article” feature via the m1_title parameter. Someone must login to conduct the attack.
CVE-2017-7256
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 “Content–>News–>Add Article” feature via the m1_summary parameter. Someone must login to conduct the attack.
Google Chrome to Distrust Symantec SSLs for Mis-issuing 30,000 EV Certificates
Google announced its plans to punish Symantec by gradually distrusting its SSL certificates after the company was caught improperly issuing 30,000 Extended Validation (EV) certificates over the past few years.
The Extended Validation (EV) status of all certificates issued by Symantec-owned certificate authorities will no longer be recognized by the Chrome browser for at least a year until
Apple underwhelmed by latest CIA exploits revealed by WikiLeaks
WikiLeaks’s revelations about security vulnerabilities in Apple products appear to be a damp squib.
The post Apple underwhelmed by latest CIA exploits revealed by WikiLeaks appeared first on WeLiveSecurity
kernel-4.9.17-100.fc24
The 4.9.17 update contains a number of important fixes across the tree
—-
The 4.9.16 update contains a number of important fixes across the tree
—-
The 4.9.15 update contains a number of important fixes across the tree
—-
The 4.9.14 update contains a number of important fixes across the tree.