asteval 1.06 Arbitrary Code Execution / Sandbox Escape Vulnerabilities

An attacker who can pass input to the asteval library, when this is used with numpy functions in the symbol table the default setting, can bypass restrictions and execute arbitrary code as the user who ran the python process. Versions 1.06 and below are affected. CVE pending Sandboxing Python is...

asteval 1.06 Arbitrary Code Execution / Sandbox Escape

An attacker who can pass input to the asteval library, when this is used with numpy functions in the symbol table the default setting, can bypass restrictions and execute arbitrary code as the user who ran the python process. Versions 1.06 and below are affected. CVE pending Sandboxing Python is...

Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat

Impact If GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache ByteStreamController class and read arbitrary classpath resources with specific file name extensions. If GeoServer i...

Unpatched Fortinet Bug Allows Firewall Takeovers

UPDATE An unpatched OS command-injection security vulnerability has been disclosed in Fortinet’s web application firewall WAF platform, known as FortiWeb. It could allow privilege escalation and full device takeover, researchers said. FortiWeb is a cybersecurity defense platform, aimed at...

Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code

The Libgcrypt project has rushed out a fix for a critical bug in version 1.9.0 of the free-source cryptographic library. An exploit would allow an attacker to write arbitrary data to a target machine and execute code. The security vulnerability is a heap-buffer overflow bug in Libgcrypt 1.9.0...

Low: GraphicsMagick

Issue Overview: GraphicsMagick is now participating in Google's oss-fuzz project due to the contributions and assistance of Alex Gaynor. Since February 4 2018, 343 issues have been opened by oss-fuzz and 331 of those issues have been resolved. The issues list is available at...

Internet Bug Bounty: Out of bounds read in libcurl's IMAP FETCH response parser

Reported to the curl security mailing list on 6 October 2017. Acknowledged on 6 October 2017. Patched on 8 October 2017. Reported to distros@openwall on 17 October 2017. Public release on 23 October 2017. CVE Pending. Vulnerability An IMAP FETCH response line indicates the size of the returned...

Important: aws-cfn-bootstrap

Issue Overview: A vulnerability was reported in the CloudFormation bootstrap tools, different from the one in CVE-2017-9450, where default behavior in the handling of cfn-init metadata can provide escalated privileges to an attacker with local access to the system Affected Packages:...

FreeBSD : node.js -- multiple vulnerabilities (3eff66c5-66c9-11e7-aa1d-3d2e663cef42)

Updates are now available for all active Node.js release lines as well as the 7.x line. These include the fix for the high severity vulnerability identified in the initial announcement, one additional lower priority Node.js vulnerability in the 4.x release line, as well as some lower priority fix...

TP-LINK TDDP Buffer Overflow / Missing Authentication

Advisory Information Title: TP-LINK TDDP Multiple Vulnerabilities Advisory ID: CORE-2016-0007 Advisory URL: http://www.coresecurity.com/advisories/tp-link-tddp-multiple-vulnerabilities Date published: 2016-11-21 Date of last update: 2016-11-18 Vendors contacted: TP-Link Release mode: User...