27 matches found
K000150762: jsoup vulnerabilities CVE-2015-6748, CVE-2021-37714, and CVE-2022-36033
Security Advisory Description CVE-2015-6748 Cross-site scripting XSS vulnerability in jsoup before 1.8.3. CVE-2021-37714 jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run ...
CVE-2022-36033 affecting package jsoup 1.11.3-3
CVE-2022-36033 affecting package jsoup 1.11.3-3. No patch is available currently...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.19 Security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.19 Security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.19 Security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.19 Security update (Important) (RHSA-2024:8076)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8076 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.19 Security update (Important) (RHSA-2024:8075)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8075 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...
RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.19 Security update (Important) (RHSA-2024:8077)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8077 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...
Moderate: Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update
Migration Toolkit for Runtimes 1.2.7 release Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
RHEL 9 : jsoup (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled...
RHEL 8 : jsoup (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck CVE-2021-37714 - jsoup: The jso...
OESA-2024-1255 jsoup security update
jsoup is a Java library for working with real-world HTML. It provides a very convenient API for extracting and manipulating data, using the best of DOM, CSS, and jquery-like methods. Security Fixes: jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting...
Medium: jsoup
Issue Overview: jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...
Amazon Linux 2023 : jsoup, jsoup-javadoc (ALAS2023-2023-315)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-315 advisory. jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow...
Security Bulletin: There is a security vulnerability in jsoup used by IBM Maximo Asset Management (CVE-2022-36033)
Summary There is a security vulnerability in jsoup used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-36033 DESCRIPTION: jsoup is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability usi...
Oracle Business Process Management Suite (Apr 2023 CPU)
The version of Oracle Business Process Management Suite installed on the remote host is affected by multiple vulnerabilities, as referenced in the April 2023 CPU advisory. Specifically: - Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java...
Security Bulletin: There is a vulnerability in jsoup used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-36033)
Summary There is a vulnerability in jsoup used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-36033 DESCRIPTION: jsoup is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could explo...
SUSE CVE-2022-36033
jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...
Security Bulletin: IBM Workload Scheduler potentially affected by jsoup XSS attacks (CVE-2022-36033)
Summary IBM Workload Scheduler is vulnerable to XSS attacks caused by jsoup, which may incorrectly sanitize HTML including javascript: URL expressions. Vulnerability Details CVEID:CVE-2022-36033 DESCRIPTION: jsoup is vulnerable to cross-site scripting, caused by improper validation of user-suppli...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : jsoup (SUSE-SU-2022:4011-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4011-1 advisory. Updated to version 1.15.3: - CVE-2022-36033: Fixed incorrect sanitization of user input in...