Race condition

libuser 0.56 and 0.57 has a TOCTOU time-of-check time-of-use race condition when copying and removing directory trees...

Home Assistant Cross-Site Scripting Vulnerability

Home Assistant is an open source platform for automated management of home network devices. A cross-site scripting vulnerability exists in versions of Home Assistant prior to 0.57. A remote attacker can exploit this vulnerability to inject JavaScript code via specially crafted Markdown text...

CVE-2017-16782

In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...

libuser creates LDAP users with a default password

libuser before 0.57 uses a cleartext password value of 1 !! or 2 x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values...

[SA14333] PuTTY Two Integer Overflow Vulnerabilities

TITLE: PuTTY Two Integer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA14333 VERIFY ADVISORY: http://secunia.com/advisories/14333/ CRITICAL: Moderately critical IMPACT: System access WHERE: From remote SOFTWARE: PuTTY 0.x http://secunia.com/product/1137/ DESCRIPTION: Two vulnerabilities have be...