Security Advisories & Alerts


Linux Kernel CVE-2017-7184 Local Privilege Escalation Vulnerability

Description: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition...

Read more


Linux Kernel CVE-2017-2636 Local Privilege Escalation Vulnerability

Description:  Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. Impact: Local attackers may exploit this issue to gain elevated privileges. Mitigation: Updates are available. Please check the respective...

Read more


Apache Struts 2 Vulnerability Leads to Remote Code Execution (CVE-2017-5638)

Description: The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017. Impact:  This vulnerability allows for...

Read more


WordPress versions 4.7.2 and earlier are affected by six security issues

Description: Cross-site scripting (XSS) via media file metadata. Control characters can trick redirect URL validation Unintended files can be deleted by administrators using the plugin deletion functionality Cross-site scripting (XSS) via video URL in YouTube embeds. Cross-site scripting (XSS) via taxonomy term names. Cross-site request forgery (CSRF) in Press This...

Read more


Roundcube 1.2.2 – Remote Code Execution Vulnerability

Description: In Roundcube 1.2.2 and earlier, user-controlled input flows unsanitized into the fifth argument of a call to PHP’s built-in function mail() which is documented as security critical. The problem is that the invocation of the mail() function will cause PHP to execute the sendmail program. The fifth argument allows...

Read more


Microsoft Exchange Server Information Disclosure Vulnerability

CVE-2016-0028: Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka “Microsoft...

Read more


Exim < 4.86.2 - Privilege Escalation Vulnerability

Description: CVE-2016-1531: Exim before 4.86.2, when installed as setuid root, allows local users to gain privileges via the perl_startup argument. Impact: When Exim installation has been compiled with Perl support and contains a  perl_startup configuration variable it can be exploited by malicious local  attackers to gain root privileges. Mitigation: Vendor...

Read more


Page 29 of 31« First...1020...2728293031