Vmware Spring Cloud Data Flow SQL Injection Vulnerability

Vmware Spring Cloud Data Flow is a code library for streaming and batch data processing in microservices from Vmware, Inc. A SQL injection vulnerability exists in Spring Cloud Data Flow versions 2.6.x prior to 2.6.5, versions 2.5.x prior to 2.5.4, which stems from the vulnerability of the...

Security Bulletin: Rational Test Control Panel affected by Spring Framework vulnerability

Summary Spring Framework is vulnerable to a security issue affecting Rational Test Control Panel Vulnerability Details CVEID: CVE-2020-5421 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by improper input validation. By using a...

@convergence/jointjs-utils (=0.4.0), aihub (>=1.0.1 <=1.0.2) +7 more potentially affected by CVE-2020-28479 via jointjs (>=3.1.0 <=3.2.0)

jointjs NPM version =3.1.0, =1.0.1, =1.0.6, =1.0.1, =1.0.1, =0.9.0, =0.10.1 - ublatt =1.2.0 - vue-erd =0.1.1 - vue-test-demo-one =0.1.0 Source cves: CVE-2020-28479 Source advisory: SNYK:JS-JOINTJS-1062038...

Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)

Summary There are multiple vulnerabilities identified in IBM Guardium Data Encryption GDE. These vulnerabilities have been fixed in GDE 4.0.0.4. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2017-7957 DESCRIPTION: XStream is vulnerable to a denial of service,...

Exploit for CVE-2020-5421

PoC exploit for CVE-2020-5421, an arbitrary file upload vulnerab...

Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.2.11 security update

An update is now available for Red Hat support for Spring Boot. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

Directory Traversal

spring-boot-actuator-logview is vulnerable to directory traversal. The vulnerability exists through the base folder parameter exposed in the log file directory through admin HTTP endpoints...

CVE-2021-21234

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...

CVE-2021-21234

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...

Directory traversal

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...

CVE-2021-21234 Directory Traversal

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...

CVE-2021-21234

CVE-2021-21234 affects the Spring Boot Actuator Logview library (eu.hinsch:spring-boot-actuator-logview). Before version 0.2.13, there is a directory traversal vulnerability exposed by the actuator logviewer endpoint, where both the filename parameter and the base directory can be manipulated (ba...

Directory Traversal in spring-boot-actuator-logview

Impact The nature of this library is to expose a log file directory via admin spring boot actuator HTTP endpoints. Both the filename to view and a base folder relative to the logging folder root can be specified via request parameters. While the filename parameter was checked to prevent directory...

Lukashinsch Spring Boot Actuator Logview Path Traversal Vulnerability

Lukashinsch Spring Boot Actuator Logview is a codebase by the individual developer Ffay Lukashinsch that provides Spring Boot with the ability to view logs via a web interface. A path traversal vulnerability exists in spring-boot-actuator-logview versions prior to 0.2.13, which stems from the...

Security Bulletin: A Vulnerability in Spring Framework affects IBM License Key Server Administration and Reporting Tool

Summary A File Download related Vulnerability has been discovered in Spring Framework which is used by the IBM License Key Server Administration and Reporting Tool. A mitigation has been identified and released via a new version of IBM License Key Server Administration and Reporting Tool...

jackson-databind: Serialization gadgets in org.springframework:spring-aop

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Security Bulletin: Spring Framework vulnerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2)

Summary Spring Framework vulnerabilities, listed below, affect IBM Watson Text to Speech and Speech to Text IBM Watson Speech Services for Cloud Pak for Data 1.2 Vulnerability Details CVEID: CVE-2020-5421 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to bypass security...

Windows 10X – Microsoft’s newest OS on track for Spring 2020 release

By Asad Back in 2019, Mircosoft announced Windows 10x, an updated version of Windows for dual-screen devices. Here's what we know so far. This is a post from HackRead.com Read the original post: Windows 10X - Microsofts newest OS on track for Spring 2020 release...

springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application

A flaw was found in springframework in versions prior to 5.0.16, 5.1.13, and 5.2.3. A reflected file download RFD attack is possible when a "Content-Disposition" header is set in response to where the filename attribute is derived from user supplied input. The highest threat from this vulnerabili...

spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...