CentOS 7 : wget (CESA-2018:3052)

An update for wget is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.1.5 on RHEL 6 (RHSA-2018:3529)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:3529 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBos...

Oracle Linux 7 : wget (ELSA-2018-3052)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2018-3052 advisory. - Fix CVE-2018-0494 1576106 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

Oracle Linux 7 : xerces-c (ELSA-2018-3335)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-3335 advisory. - Fix CVE-2016-4463 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested for...

Oracle Linux 7 : curl / and / nss-pem (ELSA-2018-3157)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-3157 advisory. - fix RTSP bad headers buffer over-read CVE-2018-1000301 - fix FTP path trickery leads to NIL byte out of bounds write CVE-2018-1000120 - fix LDAP NULL...

Oracle Linux 7 : python (ELSA-2018-3041)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-3041 advisory. - Remove 3DS cipher to mitigate CVE-2016-2183 sweet32. Resolves: rhbz1581901 - Fix CVE-2018-1060 and CVE-2018-1061 Resolves: rhbz1563454 and rhbz154919...

RHEL 7 : openssl (RHSA-2018:3221)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3221 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

RHEL 7 : ovmf (RHSA-2018:3090)

An update for ovmf is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

RHEL 7 : 389-ds-base (RHSA-2018:3127)

An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

RHEL 7 : wget (RHSA-2018:3052)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:3052 advisory. The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Cookie injection allows...

RHEL 7 : zsh (RHSA-2018:3073)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3073 advisory. The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh...

RHEL 7 : xerces-c (RHSA-2018:3335)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:3335 advisory. Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and writ...

Moderate severity vulnerability that affects io.undertow:undertow-core

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

GHSA-3X7H-5HFR-HVJM Moderate severity vulnerability that affects io.undertow:undertow-core

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

GHSA-Q25J-GCMV-5QPP Stored Cross Site Scripting in Grails Fields Plugin

Grails Fields plugin version 2.2.7 contains a Cross Site Scripting XSS vulnerability in using the display tag that can result in XSS. This vulnerability has been fixed in version 2.2.8...

GHSA-6W3V-66MJ-2QM6 Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j

A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the broker instance. AMQ...

Moderate severity vulnerability that affects org.springframework.boot:spring-boot

Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "runuser" to overwrite and...

GHSA-XX65-CC7G-9PFP Moderate severity vulnerability that affects org.springframework.boot:spring-boot

Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "runuser" to overwrite and...

Moderate severity vulnerability that affects org.owasp.antisamy:antisamy

OWASP OWASP ANTISAMY version 1.5.7 and earlier contains a Cross Site Scripting XSS vulnerability in AntiSamy.scan - for both SAX & DOM that can result in Cross Site Scripting...

Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, and org.apache.cxf.fediz:fediz-spring2

Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF Cross Style Request Forgery style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4...