Lucene search
K

27 matches found

F5 Networks
F5 Networks
added 2025/04/08 5:47 p.m.7 views

K000150762: jsoup vulnerabilities CVE-2015-6748, CVE-2021-37714, and CVE-2022-36033

Security Advisory Description CVE-2015-6748 Cross-site scripting XSS vulnerability in jsoup before 1.8.3. CVE-2021-37714 jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run ...

7.5CVSS5.6AI score0.06873EPSS
Exploits1
CBLMariner
CBLMariner
added 2025/01/12 9:15 a.m.157 views

CVE-2022-36033 affecting package jsoup 1.11.3-3

CVE-2022-36033 affecting package jsoup 1.11.3-3. No patch is available currently...

6.1CVSS8AI score0.01208EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2024/10/14 6:7 p.m.29 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.19 Security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS6.7AI score0.17673EPSS
Exploits4References19
RedHat Linux
RedHat Linux
added 2024/10/14 6:1 p.m.34 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.19 Security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

7.5CVSS6.7AI score0.17673EPSS
Exploits5References20
RedHat Linux
RedHat Linux
added 2024/10/14 6:1 p.m.40 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.19 Security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

7.5CVSS6.7AI score0.17673EPSS
Exploits5References20
Tenable Nessus
Tenable Nessus
added 2024/10/14 12:0 a.m.26 views

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.19 Security update (Important) (RHSA-2024:8076)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8076 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

7.5CVSS6.8AI score0.17673EPSS
Exploits5References26
Tenable Nessus
Tenable Nessus
added 2024/10/14 12:0 a.m.32 views

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.19 Security update (Important) (RHSA-2024:8075)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8075 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

7.5CVSS6.8AI score0.17673EPSS
Exploits5References26
Tenable Nessus
Tenable Nessus
added 2024/10/14 12:0 a.m.29 views

RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.19 Security update (Important) (RHSA-2024:8077)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8077 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

7.5CVSS6.8AI score0.17673EPSS
Exploits5References26
RedHat Linux
RedHat Linux
added 2024/09/12 3:45 p.m.26 views

Moderate: Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update

Migration Toolkit for Runtimes 1.2.7 release Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

6.1CVSS6.7AI score0.01208EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.25 views

RHEL 9 : jsoup (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled...

6.1CVSS6.4AI score0.01208EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.24 views

RHEL 8 : jsoup (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck CVE-2021-37714 - jsoup: The jso...

7.5CVSS7.5AI score0.06873EPSS
Exploits1References2
OSV
OSV
added 2024/03/08 11:7 a.m.1 views

OESA-2024-1255 jsoup security update

jsoup is a Java library for working with real-world HTML. It provides a very convenient API for extracting and manipulating data, using the best of DOM, CSS, and jquery-like methods. Security Fixes: jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting...

6.1CVSS7.2AI score0.01208EPSS
Exploits1References2
Amazon
Amazon
added 2024/02/19 12:0 a.m.36 views

Medium: jsoup

Issue Overview: jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...

6.1CVSS6.8AI score0.01208EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/08/24 12:0 a.m.38 views

Amazon Linux 2023 : jsoup, jsoup-javadoc (ALAS2023-2023-315)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-315 advisory. jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow...

6.1CVSS6.4AI score0.01208EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/08 2:31 a.m.27 views

Security Bulletin: There is a security vulnerability in jsoup used by IBM Maximo Asset Management (CVE-2022-36033)

Summary There is a security vulnerability in jsoup used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-36033 DESCRIPTION: jsoup is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability usi...

6.1CVSS6.3AI score0.01208EPSS
Exploits1Affected Software11
Tenable Nessus
Tenable Nessus
added 2023/04/19 12:0 a.m.40 views

Oracle Business Process Management Suite (Apr 2023 CPU)

The version of Oracle Business Process Management Suite installed on the remote host is affected by multiple vulnerabilities, as referenced in the April 2023 CPU advisory. Specifically: - Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java...

9.8CVSS6.6AI score0.03571EPSS
Exploits4References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/04 8:41 p.m.97 views

Security Bulletin: There is a vulnerability in jsoup used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-36033)

Summary There is a vulnerability in jsoup used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-36033 DESCRIPTION: jsoup is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could explo...

6.1CVSS6.3AI score0.01208EPSS
Exploits1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.2 views

SUSE CVE-2022-36033

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...

6.1CVSS6.9AI score0.01208EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/30 5:56 p.m.34 views

Security Bulletin: IBM Workload Scheduler potentially affected by jsoup XSS attacks (CVE-2022-36033)

Summary IBM Workload Scheduler is vulnerable to XSS attacks caused by jsoup, which may incorrectly sanitize HTML including javascript: URL expressions. Vulnerability Details CVEID:CVE-2022-36033 DESCRIPTION: jsoup is vulnerable to cross-site scripting, caused by improper validation of user-suppli...

6.1CVSS6.5AI score0.01208EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/11/17 12:0 a.m.33 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : jsoup (SUSE-SU-2022:4011-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4011-1 advisory. Updated to version 1.15.3: - CVE-2022-36033: Fixed incorrect sanitization of user input in...

6.1CVSS6.8AI score0.01208EPSS
Exploits1References4
Rows per page
Query Builder