Monthly Archive: September 2017

IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914. Date published : 2017-09-25...

logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized. Date published : 2017-09-23 http://www.securityfocus.com/bid/101003 https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556

Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. Date published : 2017-09-23 http://www.securityfocus.com/bid/100912 https://www.debian.org/security/2017/dsa-3997

Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. Date published : 2017-09-23 http://www.securityfocus.com/bid/100912 https://www.debian.org/security/2017/dsa-3997

Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. Date published : 2017-09-23 http://www.securityfocus.com/bid/100912 https://www.debian.org/security/2017/dsa-3997

Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. Date published : 2017-09-23 http://www.securityfocus.com/bid/100912...

Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. Date published : 2017-09-23 http://www.securityfocus.com/bid/100912 https://www.debian.org/security/2017/dsa-3997

Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name. Date published : 2017-09-23 http://www.securityfocus.com/bid/100912 https://www.debian.org/security/2017/dsa-3997

Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. Date published : 2017-09-23 http://www.securityfocus.com/bid/100912 https://www.debian.org/security/2017/dsa-3997

Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. Date published : 2017-09-23 http://www.securityfocus.com/bid/100912 https://www.debian.org/security/2017/dsa-3997

Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. Date published : 2017-09-23 http://www.securityfocus.com/bid/100912 https://www.debian.org/security/2017/dsa-3997

Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag),...

CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. Date published : 2017-09-22 http://www.securityfocus.com/bid/100956 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20170921-01–security-notice-for-ca-identity-manager.html

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as...