Author: Cyberthreat Blog

Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.

Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.

SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header.

When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers.

ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coderspng.c.