UBUNTU-CVE-2018-16384

A SQL injection bypass aka PL1 bypass exists in OWASP ModSecurity Core Rule Set owasp-modsecurity-crs through v3.1.0-rc3 via ab where a is a special function name such as "if" and b is the SQL statement to be executed...

PT-2018-13536 · Owasp · Owasp Modsecurity Core Rule Set

Name of the Vulnerable Software and Affected Versions: OWASP ModSecurity Core Rule Set versions prior to 3.1.0-rc4 Description: A SQL injection bypass issue exists, allowing attackers to bypass security controls. This is achieved by using a special syntax ab, where a is a special function name,...

CVE-2018-11054

RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service...

OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...

OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...

OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...

OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...

USN-3747-1 openjdk-lts vulnerabilities

It was discovered that OpenJDK did not properly validate types in some situations. An attacker could use this to construct a Java class that could possibly bypass sandbox restrictions. CVE-2018-2825, CVE-2018-2826 It was discovered that the PatternSyntaxException class in OpenJDK did not properly...

openSUSE Security Update : cgit (openSUSE-2018-864)

This update for cgit to version 1.2.1 fixes the following issues : The following security vulnerability was addressed : - CVE-2018-14912: Fixed a directory traversal vulnerability, when enable-http-clone=1 is not turned off boo1103799 The following other changes were made : - Update to upstream...

Security update for cgit (moderate)

This update for cgit to version 1.2.1 fixes the following issues: The following security vulnerability was addressed: - CVE-2018-14912: Fixed a directory traversal vulnerability, when enable-http-clone=1 is not turned off boo1103799 The following other changes were made: - Update to upstream...

Security update for cgit (moderate)

This update for cgit fixes the following issues: The following security vulnerability was addressed: - CVE-2018-14912: Fixed a directory traversal vulnerability, when enable-http-clone=1 is not turned off boo1103799 The following other changes were made: - Update to upstream release 1.2.1...

USN-3735-1 openjdk-7 vulnerability

It was discovered that the PatternSyntaxException class in OpenJDK did not properly validate arguments passed to it. An attacker could use this to potentially construct a class that caused a denial of service excessive memory consumption...

GHSA-8474-RC7C-WRHP High severity vulnerability that affects safemode

Withdrawn, accidental duplicate publish. The safemode rubygem, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privileg...

[SECURITY] Fedora 27 Update: vim-syntastic-3.9.0-1.fc27

Syntastic is a syntax checking plugin that runs files through external synt ax checkers and displays any resulting errors to the user. This can be done on demand, or automatically as files are saved. If syntax errors are detected, the user is notified and is happy because they didn't have to...

OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...

OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...

OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...

OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...

DEBIAN-CVE-2018-14343

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer...

CVE-2017-13092

The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property IP, as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most...