129 matches found
SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:1938-2)
This update for java-180-openjdk to version 8u171 fixes the following issues: These security issues were fixed : - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969,...
RATELIMITED: Hackerone1
NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: add summary of the vulnerabili...
GitLab: DoS on the Issue page by exploiting Mermaid.
Summary: An attacker could exploit Mermaid available in Markdown and cause DoS. Description: Markdown supported by GitLab can generate diagrams and flowcharts from text using Mermaid. An Attacker can exploit this function to prevent users from successfully accessing some functions. For example, y...
[SECURITY] Fedora 28 Update: kernel-tools-4.19.7-200.fc28
This package contains the tools/ directory from the kernel source and the supporting documentation...
[SECURITY] Fedora 28 Update: kernel-tools-4.19.5-200.fc28
This package contains the tools/ directory from the kernel source and the supporting documentation...
SUSE SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2018:1692-2)
This update for java-170-openjdk to version 7u181 fixes the following issues : S8162488: JDK should be updated to use LittleCMS 2.8 S8180881: Better packaging of deserialization S8182362: Update CipherOutputStream Usage S8183032: Upgrade to LittleCMS 2.9 S8189123: More consistent classloading...
SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:1690-2)
This update for java-180-openjdk to version 8u171 fixes the following issues : These security issues were fixed : S8180881: Better packaging of deserialization S8182362: Update CipherOutputStream Usage S8183032: Upgrade to LittleCMS 2.9 S8189123: More consistent classloading S8189969,...
[SECURITY] Fedora 27 Update: kernel-tools-4.18.10-100.fc27
This package contains the tools/ directory from the kernel source and the supporting documentation...
[SECURITY] Fedora 28 Update: php-symfony-2.8.44-1.fc28
PHP framework for web projects...
[SECURITY] Fedora 28 Update: kernel-tools-4.17.2-200.fc28
This package contains the tools/ directory from the kernel source and the supporting documentation...
Security Bulletin: Multiple vulnerabilities in IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, and products shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise
Summary Multiple vulnerabilities have been identified in IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, and in supporting products shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Vulnerability Details This security bulletin covers multiple vulnerabilities in...
Security update for java-1_8_0-openjdk (important)
This update for java-180-openjdk to version 8u171 fixes the following issues: These security issues were fixed: - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969,...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM ILOG Optimization Decision Manager Enterprise (CVE-2017-1194)
Summary IBM WebSphere Application Server is shipped as a component of IBM ILOG ODM Enterprise. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Cross-site...
Getting the most value out of your security deployment
This blog is part of a series that responds to common questions we receive from customers about deployment of Microsoft 365 security solutions. In this series youll find context, answers, and guidance for deployment and driving adoption within your organization. Check out our last blog Now that y...
Node.js third-party modules: [serve] Server Directory Traversal
I would like to report a Server Directory Traversal vulnerability in serve. It allows reading local files on the target server. Module module name: serve version: 7.0.1 npm page: https://www.npmjs.com/package/serve Module Description Assuming you would like to serve a static site, single page...
CloudBees Jenkins Pipeline: Supporting APIs Plugin Code Execution Vulnerability
CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task . Pipeline: Supporting...
Node.js third-party modules: `whereis` concatenates unsanitized input into exec() command
I would like to report command injection in whereis It allows to inject arbitrary shell commands by trying to locate crafted filenames. Module module name: whereis version: 0.4.0 npm page: https://www.npmjs.com/package/whereis Module Description Simply get the first path to a bin on any system...
Node.js third-party modules: `macaddress` concatenates unsanitized input into exec() command
NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report code injection i...
CVE-2018-1000058
Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary...
CVE-2018-1000058
CVE-2018-1000058 affects Jenkins Pipeline: Supporting APIs Plugin up to version 2.17. Root cause: incomplete sandbox protection allowing deserialization via readResolve in Pipeline scripts, enabling arbitrary code execution. Impact: remote code execution with network access; high severity per lin...