NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0006)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted...

openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2021-374)

This update for java-180-openjdk fixes the following issues : - Update to version jdk8u282 icedtea 3.18.0 - January 2021 CPU bsc1181239 - Security fixes + JDK-8247619: Improve Direct Buffering of Characters CVE-2020-14803 - Import of OpenJDK 8 u282 build 01 + JDK-6962725: Regtest...

Atlassian Bamboo Authorization Issues Vulnerability

Atlassian Bamboo is a Java-based server-side application for continuous integration builds from Atlassian Australia. A security vulnerability exists in Atlassian Bamboo versions prior to 7.2.2 that allows an unauthenticated, remote attacker to view a stack trace...

CVE-2021-26067

Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions...

Path traversal

Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions...

Atlassian Bamboo 信息泄露漏洞

Atlassian Bamboo is a Java-based server-side application for continuous integration builds from Atlassian Australia. A security vulnerability exists in Atlassian Bamboo versions prior to 7.2.2 that allows an unauthenticated, remote attacker to view a stack trace...

Accessing the URL /chart?filename=<file_name> exposes sensitive information - CVE-2021-26067

Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions...

Security Bulletin: IBM Security Directory Suite is affected by a security vulnerability (CVE-2018-4441)

Summary IBM Security Directory Suite SDS VA has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4441 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is...

U.S. Dept Of Defense: System Error Reveals Sensitive SQL Call Data

Summary: If you attempt to login at https://███.mil/sso/LoginRequest.do using a very long username, the application will respond showing a stack trace information with sensitive SQL data call information. This reveals too much information about SQL calls to the database. Please see the attached P...

Open-Xchange: Buffer overread off by one in `rpa_read_buffer`, incomplete fix for CVE-2020-12674

In function rpareadbuffer, the condition in if p end return 0; len = p++; is not strict enough It should be if p = end return 0; len = p++; The fix from https://github.com/dovecot/core/commit/69ad3c902ea4bbf9f21ab1857d8923f975dc6145 is not enough The ASAN stack trace is...

OSV-2020-1589 UNKNOWN READ in RegisterSetjmp

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24695 Crash type: UNKNOWN READ Crash state: RegisterSetjmp wasmtimeruntime::traphandlers::CallThreadState::with::hada2d3d104ef56de wasmtime::func::invokewasmandcatchtraps::h25a8cbd9f03c9a30...

JetBrains Security Bulletin Q2 2020

FYI News Security JetBrains Security Bulletin Q2 2020 Robert Demmer In the second quarter of 2020, we resolved a number of security issues in our products. Here’s a summary report that contains a description of each issue and the version in which it was resolved. Product | Description | Severity ...

Security Bulletin: IBM Maximo Asset Management is vulnerable to Information Disclosure (CVE-2019-4583)

Summary IBM Maximo Asset Management could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. Vulnerability Details CVEID: CVE-2019-4583 DESCRIPTION: IBM Maximo Asset Management could allow an authenticated user to obtain...

Open-Xchange: Null dereference in mcht_relational_validate ext-relational-common.c:136

To reproduce, run test suite on following input : require "vnd.dovecot.testsuite"; require "relational"; require "comparator-i;ascii-numeric"; require "body"; / / testset "message" text: From: Whomever To: Someone Date: Sat, 10 Oct 2009 00:30:04 +0200 Subject: whatever . ; / RFC5173, Section 5.2:...

Open-Xchange: Panic in file smtp-address.c: line 684 (smtp_address_write): assertion failed: (smtp_char_is_qpair(*p))

Reproducer is running test suite against file crash2.txt and getting following output : ./src/testsuite/testsuite crash2.txt Test case: crash2.txt: testsuitecatena: Panic: file smtp-address.c: line 684 smtpaddresswrite: assertion failed: smtpcharisqpairp Abort trap: 6 Content or crash2.txt is...

Urban Dictionary: DOM XSS through ads

Multiple ads hosted on www.urbandictionary.com make the www.urbandictionary.com origin vulnerable to DOM XSS. Attached is an image of alertdocument.domain executing. The injection works in Firefox and Chrome. Visiting the following URL will probably cause an alert box displaying the document.doma...

IBM Cloud App Management Information Disclosure Vulnerability

IBM Cloud App Management is a set of infrastructure monitoring solutions based on microservices architecture from IBM, USA. The product is able to provide application-aware and infrastructure monitoring, analytics and more. An information disclosure vulnerability exists in IBM Cloud App Managemen...

CVE-2019-4751

IBM Cloud App Management 2019.3.0 and 2019.4.0 reveals a stack trace on certain API requests which can allow an attacker further information about the implementation of the offering. IBM X-Force ID: 173311...

CVE-2019-4751

IBM Cloud App Management 2019.3.0 and 2019.4.0 reveals a stack trace on certain API requests which can allow an attacker further information about the implementation of the offering. IBM X-Force ID: 173311...

Information disclosure

IBM Cloud App Management 2019.3.0 and 2019.4.0 reveals a stack trace on certain API requests which can allow an attacker further information about the implementation of the offering. IBM X-Force ID: 173311...