In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv.
All posts by 007admin
CVE-2016-6605
Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.
CVE-2017-6190
Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a “GET /uir/” request.
CVE-2017-7616
Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.
Apache Tomcat 7.x / 8.x / 9.x Information Disclosure
While investigating bug 60718, it was noticed that some calls to application listeners did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. Apache Tomcat versions 7.0.0 through 7.0.75, 8.0.0.RC1 through 8.0.41, 8.5.0 through 8.5.11, and 9.0.0.M1 through 9.0.0.M17 are affected.
Draw the blinds while surfing online
US President Donald Trump has opened up a new era in online advertising on the heels of his signing off on the new law that allows Internet Service Providers to resell their customer data. It is now time for customers to look at this brave new world and do some hard thinking about their lack […]
The post Draw the blinds while surfing online appeared first on Avira Blog.
Moxa MXView 2.8 Denial Of Service
Moxa MXView version 2.8 suffers from a denial of service vulnerability.
Code Igniter 3.1.3 HTTP Response Header Injection
Code Igniter version 3.1.3 suffers from an HTTP response header injection vulnerability.
WordPress Tribulant Slideshow Gallery 1.6.5 Cross Site Scripting
WordPress Tribulant Slideshow Gallery plugin versions 1.6.4 and below suffer from multiple cross site scripting vulnerabilities.
Apache Tomcat 8.x / 9.x Refactoring Information Disclosure
The refactoring of the HTTP connectors for 8.5.x onwards, introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up. Apache Tomcat versions 8.5.0 through 8.5.12 and 9.0.0.M1 through 9.0.0.M18 are affected.