An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the ‘fastboot oem boot_mode {rf/wlan/ftm/normal} command’ in contradiction to the threat model of Android where the bootloader MUST NOT allow any security-sensitive operation to be run unless the bootloader is unlocked.
CVE-2016-8855
Cross-Site Scripting (XSS) in “/sitecore/client/Applications/List Manager/Taskpages/Contact list” in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2.
CVE-2017-7184
The linux-image-* package 4.8.0.41.52 for the Linux kernel on Ubuntu 16.10 allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via unspecified vectors, as demonstrated during a Pwn2Own competition at CanSecWest 2017.
GLSA 201703-02: Adobe Flash Player: Multiple vulnerabilities
GLSA 201703-03: PuTTY: Buffer overflow
GLSA 201703-01: OpenOffice: User-assisted execution of arbitrary code
DSA-3813 r-base – security update
Cory Duplantis discovered a buffer overflow in the R programming
language. A malformed encoding file may lead to the execution of
arbitrary code during PDF generation.
Vuln: Cisco NX-OS Software CVE-2017-3879 Remote Denial of Service Vulnerability
Cisco NX-OS Software CVE-2017-3879 Remote Denial of Service Vulnerability
Vuln: Security guide for website operators CVE-2017-2128 OS Command Injection Vulnerability
Security guide for website operators CVE-2017-2128 OS Command Injection Vulnerability
CVE-2017-7178
CSRF was discovered in the web UI in Deluge 1.3.13. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin.