The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
Monthly Archives: April 2017
Vuln: Linux kernel CVE-2017-7308 Local Denial of Service Vulnerability
Linux kernel CVE-2017-7308 Local Denial of Service Vulnerability
Vuln: Django 'django.views.static.serve()' Function Open Redirection Vulnerability
Django ‘django.views.static.serve()’ Function Open Redirection Vulnerability
Vuln: Django 'django.contrib.auth.views.login()' Function Open Redirection Vulnerability
Django ‘django.contrib.auth.views.login()’ Function Open Redirection Vulnerability
CVE-2017-7448
The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed JPEG image.
CVE-2017-7450
AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. It is possible to extract all information including the Wi-Fi password, reboot, or force a software update at an arbitrary time.
CVE-2017-7446
HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges.
CVE-2017-7447
HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote execution of arbitrary PHP code.
CVE-2015-9019
In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.
xen-4.6.5-5.fc24
Qemu: 9pfs: host memory leakage via v9fs_create [CVE-2017-7377] (#1437873)
—-
add additional patch for [XSA-206] (#1436690)
—-
xenstore denial of service via repeated update [XSA-206] (#1436690)