K29042031: Multiple Spring Framework vulnerabilities

Security Advisory Description On April 5th, 2018, three new vulnerabilities were published in the popular Java web framework called Spring. Details on these vulnerabilities and exploit code are not yet available, and mitigation details may change if and when the exploit code is available. You can...

Oracle GoldenGate for Big Data 12.2.0.1.x < 12.2.0.1.10 / 12.3.1.1.x < 12.3.1.1.6 Multiple Vulnerabilities (Oct 2018 CPU)

The version of Oracle GoldenGate for Big Data application located on the remote host is 12.2.0.1.x less than 12.2.0.1.10 or 12.3.1.1.x less than 12.3.1.1.6. It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability exists in Oracle GoldenGate for Big Data. An...

CVE-2018-1275

creationtimestamp| type| source ---|---|--- 2018-11-15 11:16:14+00:00| seen| https://t.me/cRyPtHoNINFOSECDE/144 2025-01-31 19:15:57+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/3675...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (=3.4.0), ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base (>=3.1.0 <=3.4.0) +463 more potentially affected by CVE-2018-1275 via org.springframework:spring-messaging (>=5.0.0.RELEASE <=5.0.4.RELEASE)

org.springframework:spring-messaging MAVEN version =5.0.0.RELEASE, =3.1.0, =0.2.0, =B.0.0.1, =B.0.0.1, =B.0.0.6 and more Source cves: CVE-2018-1275 Source advisory: OSV:GHSA-3RMV-2PG5-XVQJ...

at.chrl:chrl-jms (=1.1.0), ca.islandora.alpaca:islandora-connector-broadcast (>=0.2.0 <=0.3.0) +1574 more potentially affected by CVE-2018-1275 via org.springframework:spring-messaging (>=4.0.1.RELEASE <=4.3.15.RELEASE)

org.springframework:spring-messaging MAVEN version =4.0.1.RELEASE, =0.2.0, =1.4, =1.4, =1.1.0, =1.1.1, =1.1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2018-1275 Source advisory: OSV:GHSA-3RMV-2PG5-XVQJ...

Critical: Red Hat Security Advisory: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update

An update is now available for Red Hat Fuse Integration Services. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

VMware Spring Framework Remote Code Execution (CVE-2018-1270; CVE-2018-1275)

A remote code execution vulnerability exists in VMware Spring Framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2018-1275

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

CVE-2018-1275

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

CVE-2018-1275

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

CVE-2018-1275

CVE-2018-1275 affects Spring Framework’s spring-messaging module: STOMP over WebSocket exposure in 5.0.x (pre-5.0.5) and 4.3.x (pre-4.3.16). A malicious message to the in‑memory STOMP broker can lead to remote code execution. Public advisories note fixes in respective branches; for Debian 9, libs...

CVE-2018-1275

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

CVE-2018-1275

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...