**Horde_Crypt 2.7.6**
* [mjr] SECURITY: Fix remote code execution vulnerability (**CVE-2017-7413**, and **CVE-2017-7414**).
Monthly Archives: April 2017
php-horde-Horde-Crypt-2.7.6-1.el7
**Horde_Crypt 2.7.6**
* [mjr] SECURITY: Fix remote code execution vulnerability (**CVE-2017-7413**, and **CVE-2017-7414**).
CVE-2017-7412
NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands.
CVE-2017-7233
Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an “on success” URL. The security check for these redirects (namely “django.utils.http.is_safe_url()“) considered some numeric URLs “safe” when they shouldn’t be, aka an open redirect vulnerability. Also, if a developer relies on “is_safe_url()“ to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack. (CVSS:5.8) (Last Update:2017-04-11)
CVE-2017-7234
A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the “django.views.static.serve()“ view could redirect to any other domain, aka an open redirect vulnerability. (CVSS:5.8) (Last Update:2017-04-11)
DSA-3826 tryton-server – security update
It was discovered that the original patch to address CVE-2016-1242 did
not cover all cases, which may result in information disclosure of file
contents.
Vuln: IBM Business Process Manager CVE-2017-1140 Cross Site Scripting Vulnerability
IBM Business Process Manager CVE-2017-1140 Cross Site Scripting Vulnerability
Vuln: collectd CVE-2017-7401 Multiple Denial of Service Vulnerabilities
collectd CVE-2017-7401 Multiple Denial of Service Vulnerabilities
Vuln: Multiple IBM Products CVE-2016-6100 Cross Site Request Forgery Vulnerability
Multiple IBM Products CVE-2016-6100 Cross Site Request Forgery Vulnerability
Vuln: libarchive CVE-2016-10209 Denial Of Service Vulnerability
libarchive CVE-2016-10209 Denial Of Service Vulnerability