[SECURITY] Fedora 28 Update: libofx-0.9.10-6.fc28

This is the LibOFX library. It is a API designed to allow applications to very easily support OFX command responses, usually provided by financial institutions. See http://www.ofx.net/ofx/default.asp for details and specification...

[SECURITY] Fedora 28 Update: acpica-tools-20180209-1.fc28

The ACPI Component Architecture ACPICA project provides an OS-independent reference implementation of the Advanced Configuration and Power Interface Specification ACPI. ACPICA code contains those portions of ACPI meant to be directly integrated into the host OS as a kernel-resident subsystem, and...

[SECURITY] Fedora 28 Update: puppet-4.10.10-1.fc28

Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, an...

[SECURITY] Fedora 27 Update: nmap-7.60-8.fc27

Nmap is a utility for network exploration or security auditing. It supports ping scanning determine which hosts are up, many port scanning techniques determine what services the hosts are offering, and TCP/IP fingerprinting remote host operating system identification. Nmap also offers flexible ta...

node.js -- multiple vulnerabilities

Node.js reports: Node.js Inspector DNS rebinding vulnerability CVE-2018-7160 Node.js 6.x and later include a debugger protocol also known as "inspector" that can be activated by the --inspect and related command line flags. This debugger service was vulnerable to a DNS rebinding attack which coul...

CVE-2018-1199

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

Security feature bypass

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

CVE-2018-1199

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

CVE-2018-1199

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

CVE-2018-1199

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

CVE-2018-1199

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

RubyGems Improper Input Validation Vulnerability

RubyGems is a package manager for Ruby that provides a standard format for distributing Ruby programs and libraries called "gems", and is designed to make it easy to manage gem installations and the servers used to distribute them. An improper input validation vulnerability exists in the ruby gem...

CVE-2018-4894

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of...

CVE-2018-4890

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the image conversion engine, when handling JPEG data embedded within...

Debian: Security Advisory (DLA-1054-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-1199

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

USN-3553-1: Ruby vulnerabilities

It was discovered that Ruby failed to validate specification names. An attacker could possibly use a maliciously crafted gem to potentially overwrite any file on the filesystem. CVE-2017-0901 It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability. An attacker could use this t...

Debian: Security Advisory (DLA-996-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Libc Realpath缓冲区下溢漏洞(CVE-2018-1000001)

Introduction The vulnerability described here is caused by Linux kernel behaviour change in the syscall API returning relative pathnames in getcwd and non-defensive function implementation in libc failing to process that pathname correctly. Other libraries are very likely to be affected as well. ...

rubygems: Arbitrary file overwrite due to incorrect validation of specification name

It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory...