The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain access to personal information.
CVE-2017-5684
The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information.
Cross-site request forgery (CSRF) vulnerability in the D-Link (DIR 615 ) Wireless Router Firmware:20.09
Posted by pratik shah on Apr 03
*Title:*
====
D-Link DIR 615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery
(CSRF) vulnerability
*Credit:*
======
Name: Pratik S. Shah
*Reference:*
=========
CVE Details: CVE-2017-7398.
*Date:*
====
1-04-2017
*Vendor:*
======
D-Link wireless router
*Product:*
=======
DIR-615
*Affected Version:*
=============
Hardware: T1 , Firmware: 20.09
*Abstract:*
=======
D-Link DIR 615 (HW: T1 FW:20.09) is vulnerable to Cross-Site…
APPLE-SA-2017-04-03-1 iOS 10.3.1
Posted by Apple Product Security on Apr 03
APPLE-SA-2017-04-03-1 iOS 10.3.1
iOS 10.3.1 is now available and addresses the following:
Wi-Fi
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Impact: An attacker within range may be able to execute
arbitrary code on the Wi-Fi chip
Description: A stack buffer overflow was addressed through improved
input validation.
CVE-2017-6975: Gal Beniamini of Google Project Zero
Installation…
CVE Request — mapr: information disclosure vulnerability
Posted by Mark Felder on Apr 03
Hello,
The mapr web frontend component creates an information disclosure
vulnerability. During the setup of mapr the configure.sh script calls a
function ConfigureWSRole:
function ConfigureWSRole() {
if [ $clientOnly -eq 0 -a $dontChangeSecurityPermissionsOn -eq 0 ];
then
ConfigureRunUserForWS
fi
This calls ConfigureRunUserForWS from configure-common.sh:
function ConfigureRunUserForWS() {
local val=`getent group shadow…
CVE-2017-7239: ninka license identification tool: insufficient escaping of external input [vs]
Posted by Dirk-Willem van Gulik on Apr 03
ninka license identification tool
insufficient escaping of external input
CVE-2017-7239 / CVSS 9.3
1.06
The ninka license identification tool does not properly escape
special characters in the files it encounters – such as the ‘&’.
In case of an alien code bases; or a code base that is brought in for
examination – a third party may doctor the file names as to cause
a…
Trend Micro Enterprise Mobile Security Android Application – MITM SSL Certificate Vulnerability (CVE-2016-9319)
Posted by David Coomber on Apr 03
Trend Micro Enterprise Mobile Security Android Application – MITM SSL
Certificate Vulnerability (CVE-2016-9319)
CVE-2017-7397
BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). This product enables net.ipv4.conf.all.log_martians by default.
CVE-2017-7407
The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a –write-out argument ending in a ‘%’ character, which leads to a heap-based buffer over-read.
CVE-2016-10317
The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document.