Deserialization of Untrusted Data in swagger-parser

A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...

GHSA-V596-FWHQ-8X48 Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

CVE-2018-17846

The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification...

CVE-2018-17846

Removed by vendor...

spring-framework: Improper URL path validation allows for bypassing of security checks on static resources

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

Windows NDIS Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the Network Driver Interface Specification NDIS when ndis.sys fails to check the length of a buffer prior to copying memory to it. To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to...

Windows NDIS Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the Network Driver Interface Specification NDIS when ndis.sys fails to check the length of a buffer prior to copying memory to it. To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to...

KB4343897: Windows 10 Version 1709 And Windows Server Version 1709 August 2018 Security Update (Foreshadow)

The remote Windows host is missing security update 4343897. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtai...

KB4343909: Windows 10 Version 1803 and Windows Server Version 1803 August 2018 Security Update (Foreshadow)

The remote Windows host is missing security update 4343909. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtai...

GHSA-5P9F-55J8-922M Moderate severity vulnerability that affects doorkeeper

Withdrawn, accidental duplicate publish. The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...

Bluetooth Bug Allows Man-in-the-Middle Attacks on Phones, Laptops

A slew of vendors that have built Bluetooth pairing into their devices without requiring public key validation are issuing fixes for their products. Researchers at the Israel Institute of Technology have identified a cryptography-related security vulnerability CVE-2018-5383 in the Bluetooth...

Bluetooth vuln CVE-2018-5383 explained

Yesterday a vulnerability, CVE-2018-5383 was released in the security specification for Bluetooth, with the title "Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange". It was given an adjusted CVSSv2 score of 5.7 - so roughly a...

New Bluetooth Hack Affects Millions of Devices from Major Vendors

Yet another bluetooth hacking technique has been uncovered. A highly critical cryptographic vulnerability has been found affecting some Bluetooth implementations that could allow an unauthenticated, remote attacker in physical proximity of targeted devices to intercept, monitor or manipulate the...

Micali-Schnorr Generator (MS-DRBG) Part III - Zero Knowledge Proof Wanted!!

See also Part I and Part II of this series This is going to be a short blog post about the infamous Micali-Schnorr Random Number Generator MS-DRBG. See Part I and Part II of this series for more information about this topic. WHO: NIST published the specification for Micali-Schnorr Random Number...

[SECURITY] Fedora 27 Update: nodejs-JSV-4.0.2-12.fc27

JSV is a JavaScript implementation of a extendable, fully compliant JSON Schema validator with the following features: The fastest extendable JSON validator available! Complete implementation of all current JSON Schema draft revisions. Supports creating individual environments sandboxes that...

Security Bulletin: Vulnerability in IBM Java Runtime affects Rational Publishing Engine

Summary There is a vulnerability in IBM Java Runtime Environment, Versions 6 and 7 that are used by Rational Publishing Engine. Vulnerability Details CVEID: CVE-2017-3289 DESCRIPTION: Specially crafted bytecode can bypass the required call to super.init in a constructor, which allows uninitialize...

Security Bulletin: Vulnerability with Java Portlet Specification JSR 286 may affect WebSphere Application Server (CVE-2015-1926)

Summary There has been a change to the Java Portlet Specification 2.0 JSR 286 that may affect some configurations of WebSphere Application Server. Vulnerability Details CVEID: CVE-2015-1926 DESCRIPTION: The Java Portlet Specification JSR 286 API jar file code could allow a remote attacker to obta...

Input validation

The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been...

CVE-2018-7159

The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been...

[SECURITY] Fedora 26 Update: libofx-0.9.10-5.fc26

This is the LibOFX library. It is a API designed to allow applications to very easily support OFX command responses, usually provided by financial institutions. See http://www.ofx.net/ofx/default.asp for details and specification...