Whispers - Identify Hardcoded Secrets In Static Structured Text

"My little birds are everywhere, even in the North, they whisper to me the strangest stories." - Lord Varys Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can...

Moderate: Red Hat Security Advisory: Red Hat Fuse 7.9.0 release and security update

A minor version update from 7.8 to 7.9 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring...

Important: Red Hat Security Advisory: Red Hat Fuse 7.6.0 security update

A minor version update from 7.5 to 7.6 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

Exploit for Deserialization of Untrusted Data in Apache Dubbo

CVE-2019-17564 FastJson + SpringFramework Gadget for Dubbo 2.7...

CVE-2020-5397

A flaw was found in springframework. CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints are possible. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials a...

CVE-2020-5398

A flaw was found in springframework in versions prior to 5.0.16, 5.1.13, and 5.2.3. A reflected file download RFD attack is possible when a "Content-Disposition" header is set in response to where the filename attribute is derived from user supplied input. The highest threat from this vulnerabili...

CVE-2015-5258

Cross-site request forgery CSRF vulnerability in springframework-social before 1.1.3...

CVE-2015-5258

Cross-site request forgery CSRF vulnerability in springframework-social before 1.1.3...

CVE-2015-5258

The CVE-2015-5258 entry describes a Cross-Site Request Forgery (CSRF) vulnerability in the Spring Social project (springframework-social) prior to version 1.1.3. The issue arises in the Spring Social Core framework and could allow an attacker to perform unauthorized operations on behalf of an aut...

Fedora Update for springframework-security FEDORA-2017-16a7aa8e4f

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 25 : springframework-security (2017-16a7aa8e4f)

update to 3.2.10.RELEASE, fix CVE-2016-9879 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora Update for springframework FEDORA-2016-f341d71730

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 25 : springframework (2016-f341d71730)

Update to 3.2.18.RELEASE. Resolves: CVE-2016-9878 rhbz1408164,1408165 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 22 : springframework-amqp-1.3.9-4.fc22 (2016-6cf17ad0df)

Security fix for CVE-2016-2173 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Fedora 24 : springframework-amqp-1.3.9-4.fc24 (2016-005ac9cfd5)

Security fix for CVE-2016-2173 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Fedora Update for springframework-amqp FEDORA-2016-6

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 23 : springframework-amqp-1.3.9-4.fc23 (2016-f099190fee)

Security fix for CVE-2016-2173 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Fedora Update for springframework-amqp FEDORA-2016-005

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 21 : springframework-3.2.15-1.fc21 (2015-9295d75400)

Security fix for CVE-2015-5211. Update to 3.2.15.RELEASE Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issue...

Fedora 23 : springframework-3.2.15-1.fc23 (2015-065d9953e8)

Security fix for CVE-2015-5211. Update to 3.2.15.RELEASE Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issue...