A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load.
CVE-2017-7235
An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0.
CVE-2014-0229
Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command. (CVSS:4.0) (Last Update:2017-03-28)
DSA-3815 wordpress – security update
Several vulnerabilities were discovered in wordpress, a web blogging
tool. They would allow remote attackers to delete unintended files,
mount Cross-Site Scripting attacks, or bypass redirect URL validation
mechanisms.
DSA-3816 samba – security update
Jann Horn of Google discovered a time-of-check, time-of-use race
condition in Samba, a SMB/CIFS file, print, and login server for Unix. A
malicious client can take advantage of this flaw by exploting a symlink
race to access areas of the server file system not exported under a
share definition.
Vuln: Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
Vuln: Drupal Private Module Access Bypass Vulnerability
Drupal Private Module Access Bypass Vulnerability
CVE-2017-6972
Unspecified vulnerability in AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 has unknown impact and attack vectors, aka AlienVault ID ENG-104945. This is different from CVE-2017-6970 and CVE-2017-6971, and less directly relevant. (Additional details are expected to be released in a new public reference.)
Your PC applications are (probably) out-of-date
What do millions of desktop and laptop users have in common? I’ll give you a hint: You are busy with some activity on your laptop and a message pops up informing you that one of your software programs or tools needs updating. If you are like most people, you hit the ‘Remind Me Later’ option, and keep doing what you’re doing. Later often never comes. Does that sound familiar?
CVE-2017-3851
A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting crafted requests to the CAF web interface. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable. Cisco Bug IDs: CSCuy52302.