EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to...
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the vulnerability to execute unauthorized requests on behalf...
IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354 Date published : 2017-07-06 http://www.securityfocus.com/bid/99505 http://www.ibm.com/support/docview.wss?uid=swg22003510
When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to a heap-based buffer over-read in the readBlock() function in lib/ttf.c. Date published : 2017-07-06 https://github.com/matthiaskramm/swftools/issues/28
Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in an upload notification and in the myfiles...
In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header. Date published : 2017-07-06 https://github.com/andrzuk/FineCMS/pull/10 https://github.com/andrzuk/FineCMS/pull/11
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server. Date published : 2017-07-06 http://www.securityfocus.com/bid/99543...
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness...
Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php. Date published :...
In FineCMS before 2017-07-06, applicationcorecontrollerconfig.php allows XSS in the (1) key_name, (2) key_value, and (3) meaning parameters. Date published : 2017-07-06 https://github.com/andrzuk/FineCMS/pull/9
A elevation of privilege vulnerability in the MediaTek networking driver. Product: Android. Versions: Android kernel. Android ID: A-36099953. References: M-ALPS03206781. Date published : 2017-07-06 http://www.securityfocus.com/bid/99466 https://source.android.com/security/bulletin/2017-07-01
A elevation of privilege vulnerability in the Upstream Linux tcb. Product: Android. Versions: Android kernel. Android ID: A-34951864. Date published : 2017-07-06 http://www.securityfocus.com/bid/99468 https://source.android.com/security/bulletin/2017-07-01
A information disclosure vulnerability in the HTC sensor hub driver. Product: Android. Versions: Android kernel. Android ID: A-35468048. Date published : 2017-07-06 http://www.securityfocus.com/bid/99474 https://source.android.com/security/bulletin/2017-07-01
A information disclosure vulnerability in the HTC sound driver. Product: Android. Versions: Android kernel. Android ID: A-35384879. Date published : 2017-07-06 http://www.securityfocus.com/bid/99474 https://source.android.com/security/bulletin/2017-07-01