Fedora 27 : python-cryptography / python-cryptography-vectors (2018-06c24068c6)

New upstream release 2.3 Fixes possible tag truncation security bug in AEAD API, see RHBZ1602752 2.3 - 2018-07-18 - SECURITY ISSUE: finalizewithtag allowed tag truncation by default which can allow tag forgery in some cases. The method now enforces the mintaglength provided to the GCM constructor...

SSRF/XSPA in ImporterSetupPage

h2. A security bug has been found in Jira Server. Administrator users can test local IP addresses/ports and determine whether they're open or closed. To reproduce: h2. Initial setup - Download https://www.atlassian.com/software/jira/download, install, and start up Jira Software Server. Note: I...

imagemagick/encoder_dng_fuzzer: Index-out-of-bounds in LibRaw::scale_colors_loop

Detailed report: https://oss-fuzz.com/testcase?key=4830316907724800 Project: imagemagick Fuzzer: libFuzzerimagemagickencoderdngfuzzer Fuzz target binary: encoderdngfuzzer Job Type: libfuzzerubsanimagemagick Platform Id: linux Crash Type: Index-out-of-bounds Crash Address: Crash State:...

kensawada.com XSS vulnerability

Open Bug Bounty ID: OBB-652656 Description| Value ---|--- Affected Website:| kensawada.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

WordPress Geo Mashup plugin <= 1.10.3 - Unspecified Cross-Site Scripting (XSS) vulnerability

Unspecified Cross-Site Scripting XSS vulnerability found in WordPress Geo Mashup plugin versions = 1.10.3. Solution Update the WordPress Geo Mashup plugin to the latest available version at least 1.10.4...

CVE-2018-0360

ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3paragraph in libclamav/hwp.c...

openssl: Carry propagating bug in Montgomery multiplication

There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is...

Moderate: Red Hat Security Advisory: ansible security and bug fix update

An update for ansible is now available for Ansible Engine 2.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

CVE-2018-13784

PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php...

ergotronica.ru XSS vulnerability

Open Bug Bounty ID: OBB-642255 Description| Value ---|--- Affected Website:| ergotronica.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

LaraChurch 1.0 Shell Upload

Exploit Title: LaraChurch - Complete Church Management System - Remote Shell Upload Date: 2018/24/06 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: https://creatydev.com Software Buy:...

ciadubairro.com.br XSS vulnerability

Open Bug Bounty ID: OBB-635046 Description| Value ---|--- Affected Website:| ciadubairro.com.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

glibc: Buffer overflow in glob with GLOB_TILDE

The GNU C Library aka glibc or libc6 before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the operator followed by a long string...

CVE-2018-12291

The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...

CVE-2018-12291

The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...

UBUNTU-CVE-2018-12291

The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...

CVE-2018-12291

The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...

CVE-2018-12291

The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...

CVE-2018-12291

Summary: Matrix Synapse before 0.31.1 has a bug in on_get_missing_events ( federation.py ) where event visibility rules were not applied correctly in get_missing_events, potentially exposing incorrect events. Impact: as described in multiple advisories; CVE-2018-12291. Remediation: upgrade to Syn...

CVE-2018-12291

The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...