7485 matches found
Fedora: Security Advisory for dr_libs (FEDORA-2023-9b87fb6b07)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: dr_libs-0^20230324git4b3d078-0.1.fc36
Single-file audio decoding libraries for C/C++...
[SECURITY] Fedora 37 Update: dr_libs-0^20230324git4b3d078-0.1.fc37
Single-file audio decoding libraries for C/C++...
ai.ylyue:yue-library-base (=j11.2.6.2), ai.ylyue:yue-library-data-es (=j11.2.6.2) +829 more potentially affected by CVE-2023-20873 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=2.6.0 <=2.6.14)
org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =2.6.0, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.0, =1.1.2, =1.1.4 - cn.kduck:kduck-security =1.1.2 - cn.kduck:kduck-security-principal =1.1.2 and more Source cves: CVE-2023-20873 Source advisory:...
Azul Zulu Java Multiple Vulnerabilities (2023-04-18)
The version of Azul Zulu installed on the remote host is prior to 6 6.55.0.12 / 7 7.61.0.18 / 8 8.69.0.16 / 11 11.63.16 / 17 17.41.14 / 20 20.30.12. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023-04-18 advisory. - Vulnerability in the Oracle Java SE, Oracle Graal...
Oracle Linux 8 : java-17-openjdk (ELSA-2023-1898)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-1898 advisory. 1:17.0.7.0.7-1 - Update to jdk-17.0.7.0+7 - Update release notes to 17.0.7.0+7 - Require tzdata 2023c due to local inclusion of JDK-8274864 & JDK-83051...
Oracle Linux 8 : java-11-openjdk (ELSA-2023-1895)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-1895 advisory. 1:11.0.19.0.7-1 - Update to jdk-11.0.19.0+7 - Update release notes to 11.0.19.0+7 - Require tzdata 2023c due to local inclusion of JDK-8274864 &...
Oracle Linux 9 : java-11-openjdk (ELSA-2023-1880)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-1880 advisory. 11.0.19.0.7-1.0.1 - Replace upstream references Orabug: 34340155 1:11.0.19.0.7-1 - Update to jdk-11.0.19.0+7 - Update release notes to 11.0.19.0+7 -...
AlmaLinux 9 : java-11-openjdk (ALSA-2023:1880)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:1880 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected a...
OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...
Security Bulletin: Multiple vulnerabilities found in third party libraries used by IBM® MobileFirst Platform
Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
RHEL 9 : java-17-openjdk (RHSA-2023:1879)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1879 advisory. The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixe...
Oracle Solaris Critical Patch Update : apr2023_SRU11_4_55_138_3
This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Libraries. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network...
@aprilsacil/wallet (>=0.1.36 <=0.1.51), @axelraag/frigg-uniswap-widgets (>=0.0.11 <=0.12.0) +35 more potentially affected by CVE-2023-30543 via @web3-react/eip1193 (>=8.0.11-beta.0 <=8.0.26-beta.0)
@web3-react/eip1193 NPM version =8.0.11-beta.0, =0.1.36, =0.0.11, =0.0.1-alpha.0, =0.0.46, =0.0.70, =1.0.0, =0.0.1, =1.1.0, =0.0.3, =0.12.0, =0.0.6-alpha.0, =0.0.12 - @huma-finance/widgets =0.0.6-alpha.0 - @huma-shan/shared =0.0.1 - @huma-shan/superfluid-widget =0.0.1 and more Source cves:...
CVE-2023-21984
Vulnerability in the Oracle Solaris product of Oracle Systems component: Libraries. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Solaris. Successful attacks of this vulnerability can...
Design/Logic Flaw
Vulnerability in the Oracle Solaris product of Oracle Systems component: Libraries. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Solaris. Successful attacks of this vulnerability can...
abi-ds-utils (>=0.1.2 <=1.2.3), abi-pyspark-utils (>=0.1.1 <=0.1.4) +215 more potentially affected by CVE-2023-22946 via pyspark (>=2.1.2 <=3.3.4)
pyspark PYPI version =2.1.2, =0.1.2, =0.1.1, =0.1.5, =0.0.1, =0.2.0, =0.0.2, =1.0.0, =0.9.1, =0.1.57, =0.11.0, =2.5.0b20240324 - bigdl-chronos =2.0.0 - bigdl-chronos-spark2 =2.0.0 and more Source cves: CVE-2023-22946 Source advisory: OSV:PYSEC-2023-44...
CVE-2023-29506 org.xwiki.platform:xwiki-platform-security-authentication-default XSS with authenticated endpoints
XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10...
CVE-2023-29214 org.xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the included pages in the...
CVE-2023-29205 org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macro
XWiki Commons are technical libraries common to several other top level XWiki projects. The HTML macro does not systematically perform a proper neutralization of script-related html tags. As a result, any user able to use the html macro in XWiki, is able to introduce an XSS attack. This can be...