CVE-2017-7414
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user’s preferences, and has enabled the “Should...
Read MoreAuthor: Cyberthreat Blog
VU#307983: Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references
Vulnerability Note VU#307983 <h2>Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references</h2> <p class=”meta-text”>Original...
Read MoreCVE-2014-9922
The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.
Read MoreCVE-2016-10229
udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.
Read MoreCVE-2017-7412
NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands.
Read More