PocketMine-MP invalid skin geometry JSON data leading to server crash

Impact pocketmine\entity\Skin doesn't correctly handle errors produced by adhocore/json-comment, which throws RuntimeException rather than returning false as PocketMine-MP expects. This leads to a server crash if the skin geometry data is invalid for some reason e.g. a syntax error. Patches...

Remote code execution in PATCH requests in Spring Data REST

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 can use specially crafted JSON data to run arbitrary Java code...

Information Disclosure

microweber is vulnerable to information disclosure. The vulnerability exists due to the lack of sanitization of the error message via the json.data...

GHSA-FXMX-PFM2-85M2 Cross-site Scripting in Ericsson CodeChecker

In Ericsson CodeChecker prior to 6.18.2, a Stored Cross-site scripting XSS vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API...

CVE-2021-44217

In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting XSS vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API...

CVE-2021-44217

In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting XSS vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API...

Cross site scripting

In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting XSS vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API...

GHSA-RF3M-MHV7-X39F Denial of Service in OpenShift Origin

The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service master process crash via crafted JSON data...

Denial of Service in OpenShift Origin

The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service master process crash via crafted JSON data...

SUSE-SU-2021:3906-1 Security Beta update for Salt

This update fixes the following issues: salt: - Remove wrong parsecpename from grains.core - Prevent tracebacks if directory for cookie is missing - Fix file.find tracebacks with non utf8 file names bsc1190114 - Fix ip6interface grain to not leak secondary IPv4 aliases bsc1191412 - Do not conside...

PT-2021-23940 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse affected versions not specified Description: The issue affects Discourse, an open source discussion platform, where an attacker can poison the cache for anonymous users. This results in the users being shown a JSON blob instead of t...

Dropbox: Full Response SSRF via Google Drive

This researcher pointed out that HelloSign's Google Drive doc export feature had a URL parsing issue that could allow extra parameters to be passed to Google Drive API. By making use of an extra parameter in the Google Drive API, it was possible for researchers to force HelloSign to parse externa...

SUSE-SU-2021:3621-1 Security update for SUSE Manager Server 4.1

This update fixes the following issues: grafana-formula: - Version 0.4.2 Add SSH blackbox status check panel to clients dashboard Migrate deprecated panels in clients dashboard prometheus-formula: - Version 0.3.4 Fix opening Prometheus ports on proxy - Version 0.3.3 Add Prometheus targets...

OPENSUSE-SU-2021:1443-1 Security update for salt

This update for salt fixes the following issues: - Support querying for JSON data in external sql pillar. - Exclude the full path of a download URL to prevent injection of malicious code. bsc1190265, CVE-2021-21996 This update was imported from the SUSE:SLE-15-SP2:Update update project...

Security update for salt (moderate)

openSUSE Security Update: Security update for salt Announcement ID: openSUSE-SU-2021:1443-1 Rating: moderate References: 1190265 Cross-References: CVE-2021-21996 CVSS scores: CVE-2021-21996 SUSE: 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Affected Products: openSUSE Leap 15.2 An update that...

SUSE: Security Advisory (SUSE-SU-2021:3553-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:3555-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2021:3556-1 Security update for salt

This update for salt fixes the following issues: - Support querying for JSON data in external sql pillar. - Exclude the full path of a download URL to prevent injection of malicious code. bsc1190265, CVE-2021-21996...

SUSE-SU-2021:3553-1 Security update for Salt

This update fixes the following issues: salt: - Support querying for JSON data in external sql pillar - Exclude the full path of a download URL to prevent injection of malicious code bsc1190265, CVE-2021-21996 - Fix wrong relative paths resolution with Jinja renderer when importing subdirectories...

Media File Renamer - Auto & Manual Rename < 5.2.7 - Media Title/Filename/Locking State Update via CSRF

The plugin does not have CSRF in place, which could allow attacker to make a logged in admin change arbitrary uploaded media title, filename, as well as locking state via a CSRF attack Notes: - We were unable to reproduce the issue from an attacker point of view, the endpoints are expecting JSON...