Fedora 26 : 2:docker (2017-3976710f1e)

Resolves: 1510351 - CVE-2017-14992 built docker @projectatomic/docker-1.13.1 commit 584d391 built docker-novolume-plugin commit 385ec70 built rhel-push-plugin commit af9107b built docker-lvm-plugin commit 8647404 built docker-runc @projectatomic/docker-1.13.1 commit 1c91122 built docker-container...

Umeng Push SDK Export Service Component Code Execution Vulnerability

Umeng Push SDK is a set of software development kits for developing message push programs from China AUO Umeng. Export Service component is one of the export components. A security vulnerability exists in the Export Service component in Umeng Push SDK version 3.1.X prior to 3.1.3. An attacker can...

The vulnerability of the Lenovo Service Framework (LSF) processing push notifications lies in the lack of measures to clean up special elements used in the command line. This allows a perpetrator to execute arbitrary commands or run arbitrary code.

The vulnerability of the Lenovo Service Framework LSF software for processing push notifications on devices running the Android operating system is related to the lack of measures to clean up special elements used in commands. Exploiting this vulnerability allows a malicious actor to execute...

CVE-2017-2706

Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service...

CVE-2017-2707

Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send message...

CVE-2017-2706

Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service...

Directory traversal

Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service...

Privilege escalation

Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send message...

CVE-2017-2706

Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service...

CVE-2017-2707

CVE-2017-2707 pertains to Huawei Mate 9 devices with software MHA-AL00AC00B125, where a privilege-escalation flaw in the Push module can be triggered by a user-saving malicious rich-media in a message. The underlying issue enables an attacker to delete messages or impersonate the user to send mes...

CVE-2017-2706

CVE-2017-2706 affects Huawei Mate 9 (software MHA-AL00AC00B125) via a directory traversal vulnerability in the Push module. The root cause is that the decompression process does not verify the file name, allowing traversal to system directories and enabling an attacker to replace files and impact...

CVE-2017-2707

Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send message...

UBUNTU-CVE-2017-16547

The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service negative strncpy and application crash or possibly have unspecified other impact via a...

Pivotal CAPI-release Incompletely Fixes Remote Code Execution Vulnerability

Pivotal CAPI-release an open source Platform-as-a-Service PaaS cloud computing platform from U.S.-based Pivotal Software, which provides container scheduling, continuous delivery, and automated service deployment, among other features. A security vulnerability exists in the Cloud Controller API i...

The vulnerability of the php_wddx_push_element function in the PHP interpreter allows a hacker to trigger a service failure or exert other effects.

The vulnerability of the phpwddxpushelement function in the PHP interpreter arises from reading beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures or other effects such as reading beyond the memory limit, causing memory...

Huawei Mate 9 Push module directory traversal vulnerability

Huawei Mate 9 is a smartphone from Chinese company Huawei.Push module is one of the message push modules. A directory traversal vulnerability exists in the Push module in Huawei Mate 9 version MHA-AL00AC00B125 due to the program not checking the file name when compressing the file. An attacker...

Huawei Mate 9 Push Module Privilege Vulnerability

Huawei Mate 9 is a smartphone from Chinese company Huawei.Push module is one of the message push modules. A privilege extraction vulnerability exists in the Push module in Huawei Mate 9 version MHA-AL00AC00B125. An attacker can exploit the vulnerability by tricking a user into saving a malicious...

Security Advisory - Directory Traversal Vulnerability in Push Module of Huawei Smart Phone

There is a directory traversal vulnerability in Push module of Huawei Smart Phone. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service. Vulnerability ID:...

Security Advisory - Privilege Escalation Vulnerability in Push Module of Huawei Smart Phone

There is a privilege escalation vulnerability in Push module of Huawei Smart Phone. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send message. Vulnerability ID: HWPSIRT-2017-05070...

HTTP/2 push is tougher than I thought

"HTTP/2 push will solve that" is something I've heard a lot when it comes to page load performance problems, but I didn't know much about it, so I decided to dig in. HTTP/2 push is more complicated and low-level than I initially thought, but what really caught me off-guard is how inconsistent it ...