Moderate severity vulnerability that affects org.keycloak:keycloak-core

Withdrawn: Duplicate of CVE-2017-12161 / GHSA-959q-32g8-vvp7...

GHSA-45VG-2V73-VM62 Moderate severity vulnerability that affects org.springframework:spring-core

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors...

Moderate severity vulnerability that affects org.apache.storm:storm-core

Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons...

Moderate severity vulnerability that affects org.apache.ranger:ranger

In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table...

Moderate severity vulnerability that affects org.apache.tika:tika-core

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...

GHSA-W6G3-V46Q-5P28 Moderate severity vulnerability that affects org.apache.tika:tika-core

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...

GHSA-73CQ-FHP3-8RPW Moderate severity vulnerability that affects org.restlet.jse:org.restlet

Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion XEE attack...

Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, and Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv

Microsoft made an internal discovery of a security vulnerability in version 2.x of ASP.NET Core where a specially crafted request can cause excess resource consumption in Kestrel...

GHSA-3M2R-Q8X3-XMF7 Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, and Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv

Microsoft made an internal discovery of a security vulnerability in version 2.x of ASP.NET Core where a specially crafted request can cause excess resource consumption in Kestrel...

Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."...

GHSA-J8F4-2W4P-MHJC Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc

A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests...

Moderate severity vulnerability that affects org.apache.qpid:proton-j

The 1 proton.reactor.Connector, 2 proton.reactor.Container, and 3 proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain...

GHSA-XCRM-QPP8-HCW4 Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload...

Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload...

Moderate severity vulnerability that affects DotNetNuke.Core

Cross-site scripting XSS vulnerability in DotNetNuke DNN before 7.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

RHEL 6 : nss (RHSA-2018:2898)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2898 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...

Oracle Linux 6 : nss (ELSA-2018-2898)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-2898 advisory. - Backport upstream fix for CVE-2018-12384 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Oracle Linux 6 : glusterfs (ELSA-2018-2892)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-2892 advisory. 3.12.2-18 - fixes bugs bz1524336 bz1622029 bz1622452 3.12.2-17 - fixes bugs bz1615578 bz1619416 bz1619538 bz1620469 bz1620765 3.12.2-16 - fixes bugs bz1569657...

GHSA-3233-RGX3-C2WH Moderate severity vulnerability that affects mustache

Withdrawn, accidental duplicate publish. mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting XSS attacks by leveraging a template with an attribute that is not quoted...

Virtuozzo Linux Errata and Security Advisory 2018:2892 Moderate

Upstream security update. Follow RHSA-2018:2892 for details...