Day: 5 agosto, 2018

Multiple vulnerabilities have been found in the Symfony PHP frameworkwhich could lead to open redirects, cross-site request forgery,information disclosure, session fixation or denial of service. More info: https://www.debian.org/security/2018/dsa-4262

Multiple Zip Slip vulnerabilities. Security Advisory. Security Advisory Description. CVE-2018-1002200 plexus-archiver before ... More info: https://support.f5.com/csp/article/K64709522

Enrico Zini discovered a vulnerability in Syntastic, an addonmodule for the Vim editor that runs a file through external checkersand displays any resulting errors. Config files were looked up in thecurrent working directory which could result in arbitraryshell code execution if a malformed source code file is opened. More info: https://www.debian.org/security/2018/dsa-4261

Jann Horn discovered a directory traversal vulnerability in cgit, a fastweb frontend for git repositories written in C. A remote attacker cantake advantage of this flaw to retrieve arbitrary files via a speciallycrafted request, when enable-http-clone=1 (default) is not turned off. More info: https://www.debian.org/security/2018/dsa-4263