* [7.x-3.15](https://www.drupal.org/project/views/releases/7.x-3.15)
* [Moderately Critical – Access Bypass – SA-CONTRIB-2017-022](https://www.drupal.org/node/2854980)
Monthly Archives: February 2017
drupal7-views-3.15-1.el6
* [7.x-3.15](https://www.drupal.org/project/views/releases/7.x-3.15)
* [Moderately Critical – Access Bypass – SA-CONTRIB-2017-022](https://www.drupal.org/node/2854980)
drupal7-views-3.15-1.el5
* [7.x-3.15](https://www.drupal.org/project/views/releases/7.x-3.15)
* [Moderately Critical – Access Bypass – SA-CONTRIB-2017-022](https://www.drupal.org/node/2854980)
drupal7-views-3.15-1.el7
* [7.x-3.15](https://www.drupal.org/project/views/releases/7.x-3.15)
* [Moderately Critical – Access Bypass – SA-CONTRIB-2017-022](https://www.drupal.org/node/2854980)
Internet-Connected Teddy Bear Leaks Millions Of Voice Messages and Password
Every parent should think twice before handing out Internet-connected toys or smart toys to their children, as these creepy toys pose a different sort of danger: privacy and data security risks for kids who play with them.
This same incident was happened over a year ago when Hong Kong toymaker VTech was hacked, which exposed personal details, including snaps of parents and children and chat logs
vim-8.0.386-1.fc25
The newest upstream commit, CVE-2017-6350 vim: Integer overflow at an unserialize_uep memory allocation site, CVE-2017-6349 vim: Integer overflow at a u_read_undo memory allocation site
10 reasons why cybercriminals target smartphones
There is a real feeling that smartphones are becoming a bigger target for cybercriminals. So why are they so eager to get into our devices?
The post 10 reasons why cybercriminals target smartphones appeared first on WeLiveSecurity
Cross-Site Scripting in TYPO3 CMS
Component Type: TYPO3 CMS
Release Date: February 28, 2017
Vulnerability Type: Cross-Site Scripting
Affected Versions: 7.6.0 to 7.6.15 and 8.0.0 to 8.6.0
Severity: Low
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:F/RL:O/RC:C
CVE: not assigned yet
Problem Description: Failing to properly encode user input, several places of the TYPO3 CMS are vulnerable to Cross-Site Scripting.
Solution: Update to TYPO3 versions 7.6.16 or 8.6.1 that fix the problem described.
General Advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.
General Note: All security related code changes are tagged so that you can easily look them up on our review system.
Authentication Bypass in TYPO3 Frontend
Component Type: TYPO3 CMS
Release Date: February 28, 2017
Vulnerable subcomponent: Frontend
Vulnerability Type: Authentication Bypass
Affected Versions: Versions 8.2.0 to 8.6.0
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:P/RL:O/RC:C
CVE: not assigned yet
Problem Description: Due to late TCA initialization the authentication service fails to restrict frontend user according to the validation rules. Therefore it is possible to authenticate restricted (e.g. disabled) frontend users.
Solution: Update to TYPO3 version 8.6.1 that fixes the problem described.
Credits: Thanks to Thomas Dahlke who discovered and reported the issue.
General Advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.
General Note: All security related code changes are tagged so that you can easily look them up on our review system.
D-link wireless router DI-524 – Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Posted by Felipe Soares de Souza on Feb 28
Title:
====
D-link wireless router DI-524 – Multiple Cross-Site Request Forgery (CSRF)
vulnerabilities
Credit:
======
Name: Felipe de Souza
Date:
=====
27-02-2017
Reference:
=====
CVE-2017-5633
Vendor:
======
D-Link is the global leader in connectivity for small, medium and large
enterprise business networking.
Product:
=======
D-Link DI-524 wireless router
Product link: https://dlink.com.br/produto/di-524150
Abstract:
=======…