au.com.turingg:turingg-files (=0.0.1), au.com.turingg:turingg-mimak (=1.0.0) +635 more potentially affected by CVE-2016-4216 via com.adobe.xmp:xmpcore (>=5.1.0 <=5.1.2)

com.adobe.xmp:xmpcore MAVEN version =5.1.0, =1.0.1, =2.2.2, =2.2.2, =2.2.2, =3.6.1, =3.11.0, =2.0.8, =1.1, =0.3, =0.2, =0.6, =0.8 - com.blazemeter:jmeter-plugins-rotating-listener =0.2 - com.blazemeter:jmeter-plugins-senseuploader =3.5 and more Source cves: CVE-2016-4216 Source advisory:...

com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (=2.5.1), com.jgeppert.struts2.bootstrap:struts2-bootstrap-showcase (=2.5.1) +34 more potentially affected by CVE-2017-5638 via org.apache.struts:struts2-core (>=2.5.1 <=2.5.10)

org.apache.struts:struts2-core MAVEN version =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.10 and more Source cves: CVE-2017-5638 Source advisory: OSV:GHSA-J77Q-2QQG-6989...

org.cloudfoundry:cf-gradle-plugin (>=1.0.1 <=1.0.3), org.cloudfoundry:cf-maven-plugin (>=1.0.1 <=1.0.3) +5 more potentially affected by CVE-2018-1260 via org.springframework.security.oauth:spring-security-oauth2 (>=1.0.0.RELEASE <=1.0.2.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =1.0.0.RELEASE, =1.0.1, =1.0.1, =1.0.1, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =1.0.22 Source cves: CVE-2018-1260 Source advisory: OSV:GHSA-RRPM-PJ7P-7J9Q...

Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3

Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF Cross Style Request Forgery style vulnerability has been found in the Spring 2, Spring 3 and Spring 4 plugins in versions before 1.4.3 and 1.3.3. The vulnerability can result in a...

Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks

Application plugins in Apache CXF Fediz prior to version 1.1.3 and 1.2.x prior to 1.2.1 allow remote attackers to create a denial of service...

DEBIAN-CVE-2018-12364

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery CSRF attacks. This vulnerability affects Thunderbird 60,...

CVE-2018-12364

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery CSRF attacks. This vulnerability affects Thunderbird 60,...

CVE-2018-12364

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery CSRF attacks. This vulnerability affects Thunderbird 60,...

Cross site request forgery (csrf)

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery CSRF attacks. This vulnerability affects Thunderbird 60,...

CVE-2018-12364

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery CSRF attacks. This vulnerability affects Thunderbird 60,...

CVE-2018-12364

The CVE-2018-12364 entry affects Thunderbird and was mitigated in various distributions through Thunderbird 52.9.1 and related security advisories. The connected documents confirm concrete details: NPAPI plugins (e.g., Flash) can bypass CORS by issuing a same-origin POST that redirects (307) to t...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +8872 more potentially affected by CVE-2015-5211 via org.springframework:spring-core (>=1.2 <=3.2.14.RELEASE)

org.springframework:spring-core MAVEN version =1.2, =1.1, =1.3, =0.0.1, =1.0, =5.0.9, =0.0.20, =1.0.0-alpha-1, =1.0, =1.0, =0.3, =0.7, =0.8 and more Source cves: CVE-2015-5211 Source advisory: OSV:GHSA-PGF9-H69P-PCGF...

org.apache.nifi:nifi-ranger-nar (>=1.1.0 <=1.3.0), org.apache.nifi:nifi-ranger-plugin (>=1.1.0 <=1.3.0) +23 more potentially affected by CVE-2016-8746 via org.apache.ranger:ranger-plugins-common (>=0.6.0 <=0.6.2)

org.apache.ranger:ranger-plugins-common MAVEN version =0.6.0, =1.1.0, =1.1.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.2 and more Source cves: CVE-2016-8746 Source advisory: OSV:GHSA-XV7X-X6WR-XX7G...

ae.vigilancer.android-run-app:ae.vigilancer.android-run-app.gradle.plugin (>=1.0.1 <=1.0.2), agorapulse.plugins.asset-pipeline-cdn:agorapulse.plugins.asset-pipeline-cdn.gradle.plugin (>=0.1 <=0.1.3) +16694 more potentially affected by CVE-2015-5262 via org.apache.httpcomponents:httpclient (>=4.0 <=4.3.5)

org.apache.httpcomponents:httpclient MAVEN version =4.0, =1.0.1, =0.1, =1.4.6, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =0.13.0, =0.13.0, =0.13.0, =0.12.0, =0.13.0, =0.12.0, =0.16.0 and more Source cves: CVE-2015-5262 Source advisory: OSV:GHSA-FMJ5-WV96-R2CH...

com.confluex:qpid-in-a-can (=0.2.0), com.dell.cpsd.common.messaging:common-testing (=1.5.0) +23 more potentially affected by CVE-2016-4432 via org.apache.qpid:qpid-broker-plugins-amqp-1-0-protocol (>=0.24 <=6.0.2)

org.apache.qpid:qpid-broker-plugins-amqp-1-0-protocol MAVEN version =0.24, =2.0.0, =1.0.0, =0.1, =0.1, =10.0.0, =0.24, =10.0.0, =10.0.1 and more Source cves: CVE-2016-4432 Source advisory: OSV:GHSA-Q66C-H853-GQW2...

com.github.a-pz:struts2-thymeleaf3-plugin (>=1.0.3-RELEASE <=1.0.5-RELEASE), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (=2.5.1) +71 more potentially affected by CVE-2017-12611 +1 more via org.apache.struts:struts2-core (>=2.5.1 <=2.5.10.1)

org.apache.struts:struts2-core MAVEN version =2.5.1, =1.0.3-RELEASE, =0.9.4, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.10.1 - org.apache.struts:struts2-java8-support-plugin =2.5.1 and more Source cves: CVE-2017-12611, CVE-2017-9805 Source advisory:...

Adaptable, All-in-One Android Trojan Shows the Future of Malware

A new Android trojan, dubbed “GPlayed”, has been identified by researchers who said the malware is both extremely dangerous and could herald a new and very dangerous age for malicious code, according to Cisco Talos researchers. The trojan has all of the capabilities of a banking trojan as well as...

GPlayed Trojan - .Net playing with Google Market

This blog post is authored by Vitor Ventura. Introduction In a world where everything is always connected, and mobile devices are involved in individuals' day-to-day lives more and more often, malicious actors are seeing increased opportunities to attack these devices. Cisco Talos has identified...

airflow-plugins (=0.1.3), cstar (>=0.7.0 <=0.7.1) +1 more potentially affected by CVE-2018-1000805 via paramiko (>=2.3.1 <=2.3.2)

paramiko PYPI version =2.3.1, =0.7.0, =1.0.0, =2.1.6 Source cves: CVE-2018-1000805 Source advisory: OSV:GHSA-F2J6-WRHH-V25M...

RPD:bmc-rpd (=1.1), aendter.jenkins.plugins:filesystem-list-parameter-plugin (>=0.0.1 <=0.0.6) +2512 more potentially affected by CVE-2016-9878 via org.springframework:spring-webmvc (>=1.2.1 <=3.2.17.RELEASE)

org.springframework:spring-webmvc MAVEN version =1.2.1, =0.0.1, =1.0, =0.0.20, =1.0, =0.0.1, =0.1.0, =1.0.0, =0.2, =3.0.1, =4.0.0 - cn.fastoo:fastoo-java-api =20171130 - cn.opencodes:alpha-common-utils =1.0.0 and more Source cves: CVE-2016-9878 Source advisory: OSV:GHSA-2M8H-FGR8-2Q9W...