Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.
Monthly Archives: March 2017
CVE-2017-6361
QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.
CVE-2017-5897
The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.
CVE-2017-5538
The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka SVE-2016-6362.
CVE-2016-10254
The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.
World Cafés with 100 HR leads at Rethink! HR Tech – how to find and retain technical experts?
From Big Data Engineers to Experts for Artificial Intelligence – how can you find and retain the sought-after experts? At the renowned Rethink! HR Tech conference I facilitated several World Cafés with nearly 100 HR leads from Germany, Austria, and Switzerland. And here are the core results of their sessions: How do you get the attention […]
The post World Cafés with 100 HR leads at Rethink! HR Tech – how to find and retain technical experts? appeared first on Avira Blog.
Logsign Remote Command Injection
This Metasploit module exploits an command injection vulnerability in Logsign. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the root user. Logsign has a publicly accessible endpoint. That endpoint takes a user input and then use it during operating system command execution without proper validation. This Metasploit module was tested against 4.4.2 and 4.4.137 versions.
ntp-4.2.6p5-44.fc24
Security fix for CVE-2017-6464 CVE-2017-6462 CVE-2017-6463 CVE-2017-6458 CVE-2017-6451.
ntp-4.2.6p5-44.fc25
Security fix for CVE-2017-6464 CVE-2017-6462 CVE-2017-6463 CVE-2017-6458 CVE-2017-6451.
Apple Security Advisory 2017-03-22-1
Apple Security Advisory 2017-03-22-1 – iTunes for Windows 12.6 is now available and addresses vulnerabilities in expat and SQLite.