Apache JMeter < 4.0 Insecure RMI Registry Binding

One or more versions of Apache JMeter discovered on the remote host is affected by a remote code execution vulnerability as a result of insecure RMI registry binding. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

CVE-2018-1000057

Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but similar to configured...

CVE-2018-1000057

CVE-2018-1000057 affects Jenkins Credentials Binding Plugin (version 1.14 and earlier). The issue is that Jenkins masks passwords in logs but can transform values (e.g., resolving environment variable references), causing password-like values to be exposed or recoverable. This is due to substitut...

[SECURITY] Fedora 27 Update: jackson-databind-2.7.6-8.fc27

General data-binding functionality for Jackson: works on core streaming API...

[SECURITY] Fedora 26 Update: jackson-databind-2.7.6-8.fc26

General data-binding functionality for Jackson: works on core streaming API...

CVE-2018-1000057

Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but similar to configured...

chrome:Persistent UXSS via SchemaRegistry(CVE-2016-1676)

Chrome version: 50.0.2661.75 and still present on current HEAD, 52.0.2713.0 The SchemaRegistry stores extension API schemas in a single v8::Context that lives until the RenderThread =process? is destroyed. Due to vulnerabilities in binding.js, these objects can be intercepted by malicious web...

The vulnerability of the Linux operating system’s kernel allows a hacker to trigger a service failure or cause other adverse effects.

The vulnerability of the Linux operating system’s kernel drivers/media/usb/dvb-usb-v2/lmedm04.c is related to the lack of checks on connected devices during the “warm start” phase of the system, as well as incorrect time binding dm04lme2510frontendattach and dm04lme2510tuner. Exploiting this...

Design/Logic Flaw

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

UBUNTU-CVE-2017-8028

In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting...

CVE-2017-8039

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

CVE-2017-15528

Prior to v 7.6, the Install Norton Security INS product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target...

[SECURITY] Fedora 26 Update: jackson-databind-2.7.6-5.fc26

General data-binding functionality for Jackson: works on core streaming API...

[SECURITY] Fedora 27 Update: jackson-databind-2.7.6-5.fc27

General data-binding functionality for Jackson: works on core streaming API...

openSUSE Security Update : redis (openSUSE-2017-1258)

This update for redis to version 4.0.2 fixes the following issues : - CVE-2016-8339: CONFIG SET client-output-buffer-limit Code Execution Vulnerability boo1002351 The following upstream changes are included : - SLOWLOG now logs the offending client name and address - The modules native data types...

OPENSUSE-SU-2017:2984-1 Security update for redis

This update for redis to version 4.0.2 fixes the following issues: - CVE-2016-8339: CONFIG SET client-output-buffer-limit Code Execution Vulnerability boo1002351 The following upstream changes are included: - SLOWLOG now logs the offending client name and address - The modules native data types R...

Debian DLA-1165-1 : libpam4j security update

It was discovered that libpam4j, a Java binding for libpam.so, does not call pamacctmgmt. As a consequence, the PAM account is not properly verified. Any user with a valid password but with deactivated or disabled account was able to log in. For Debian 7 'Wheezy', these problems have been fixed i...

USN-3468-2 linux-hwe vulnerabilities

USN-3468-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs...

Data Binding Expression Vulnerability

spring-webflow is vulnerable to a data binding expression vulnerability. The vulnerability is caused when the MvcViewFactoryCreator useSpringBinding property is set to false by default. Therefore, applications which use the default settings are vulnerable to malicious EL expressions in view state...

To delete two headers in HTTP Response

In certain cases, we do not want to parse the HTTP headers to the end Client. NetScaler can do this job by deleting the HTTP header received from the Server. We can use Rewrite feature of NetScaler to achieve this. Configuration AppExperts Rewrite. Step 1 : To remove HTTP header named "Server" CL...