XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAMPL XML request or response.
CVE-2015-8678
The ION driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows remote attackers to cause a denial of service (crash) via a crafted application.
CVE-2017-6087
EyesOfNetwork (“EON”) 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3) ownDisown function in module/monitoring_ged/ged_functions.php or the (4) module parameter to module/index.php.
CVE-2017-5869
Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header.
CVE-2015-8556
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
EON 5.0 Remote Code Execution
EON versions 5.0 and below suffer from a remote code execution vulnerability.
Apple Security Advisory 2017-03-22-2
Apple Security Advisory 2017-03-22-2 – iTunes for Mac 12.6 is now available and addresses vulnerabilities in expat and SQLite.
Microsoft Windows AppLocker Bypass
Microsoft Windows versions 8 and newer suffer from an AppLocker bypass vulnerability.
Threatpost News Wrap, March 27, 2017
The latest Wikileaks dump of Apple hacking tools, the LastPass vulnerabilities, and a new Android security report are discussed.