D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password.
Category Archives: Security
Security
CVE-2017-7414
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user’s preferences, and has enabled the “Should PGP signed messages be automatically verified when viewed?” preference. To exploit this vulnerability, an attacker can send a PGP signed email (that is maliciously crafted) to the Horde user, who then must either view or preview it.
CVE-2017-3204
The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.
libpng12-1.2.57-1.fc24
* Update to upstream release **1.2.57**.
* Fixes **CVE-2016-10087**.
libpng12-1.2.57-1.fc26
* Update to upstream release **1.2.57**.
* Fixes **CVE-2016-10087**.
libpng12-1.2.57-1.fc25
* Update to upstream release **1.2.57**.
* Fixes **CVE-2016-10087**.
libpng15-1.5.28-1.fc24
* Update to upstream release **1.5.28**.
* Fixes **CVE-2016-10087**.
libpng15-1.5.28-1.fc25
* Update to upstream release **1.5.28**.
* Fixes **CVE-2016-10087**.
mod_cluster-1.3.3-10.el7
Upgrade to 1.3.3 (current rawhide) and patch to change catalina deps
libupnp-1.6.21-1.el7
Long standing security bugs fixed through update to version 1.6.21.