Weekly Update: a new vulnerability is published on the National Vulnerability Database (4 items)

New vulnerabilities from the NVD: CVE-2015-4664 An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands. Published at: June 18, 2018 at 09:29PM View on website June 19, 2018 at 12:55AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-4043 SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx. Published at: June 19, 2018 at 10:29PM View on website June 20, 2018 at 12:55AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-13072 Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code. Published at: June 21, 2018 at 04:29PM View on website June 21, 2018 at 05:51PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-10723 ** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that "the underlying problem is non-trivial to handle." Published at: June 21, 2018 at 04:29PM View on website June 21, 2018 at 05:51PM via National Vulnerability Database