Description
jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525).
hornetq: XXE/SSRF in XPath selector.
bouncycastle: Information disclosure in GCMBlockCipher.
bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data.
bouncycastle: Information leak in AESFastEngine class.
bouncycastle: Information exposure in DSA signature generation via timing attack.
bouncycastle: ECDSA improper validation of ASN.1 encoding of signature.
bouncycastle: DHIES implementation allowed the use of ECB mode.
bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack.
bouncycastle: Other party DH public keys are not fully validated.
bouncycastle: ECIES implementation allowed the use of ECB mode.
logback: Serialization vulnerability in SocketServer and ServerSocketReceiver.
python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs.
hibernate-validator: Privilege escalation when running under the security manager.
puppet: Environment leakage in puppet-agent.
Satellite 6: XSS in discovery rule filter autocomplete functionality.
foreman: Stored XSS in fact name or value.
pulp: sensitive credentials revealed through the API.
foreman: SQL injection due to improper handling of the widget id parameter.
foreman: Ovirt admin password exposed by foreman API.
django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc'.
django: Catastrophic backtracking in regular expressions via 'truncatechars_html' and 'truncatewords_html'.
guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service.
bouncycastle: Carry propagation bug in math.raw.Nat??? class.
bouncycastle: DSA key pair generator generates a weak private key by default.
puppet: Unpacking of tarballs in tar/mini.rb can create files with insecure permissions.
bouncycastle: BKS-V1 keystore files vulnerable to trivial hash collisions.