1260 matches found
CVE-2020-11023
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources – even after sanitizing it – to one of jQuery’s DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...
CVE-2020-11023
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...
OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274)
A flaw was found in the way the readObject method of the MethodType class in the Libraries component of OpenJDK checked argument types. This flaw allows an untrusted Java application or applet to bypass Java sandbox restrictions...
goBox - GO Sandbox To Run Untrusted Code
GO sandbox to run untrusted code. goBox uses Ptrace to hook into READ syscalls, giving you the option to accept or deny syscalls before they are executed. Usage Usage of ./gobox: gobox FLAGS command flags: -h Print Usage. -n value A glob pattern for automatically blocking file reads. -y value A...
DEBIAN-CVE-2020-2805
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...
Design/Logic Flaw
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...
CVE-2020-2805
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...
PT-2020-2537
Name of the Vulnerable Software and Affected Versions Java SE versions 7u251, 8u241, 11.0.6, and 14 Java SE Embedded version 8u241 Description The issue is related to insufficient access control in the Libraries component of Java SE and Java SE Embedded, allowing an unauthenticated attacker with...
PT-2020-2598
Name of the Vulnerable Software and Affected Versions Java SE versions 7u251, 8u241, 11.0.6, and 14 Java SE Embedded version 8u241 Description The issue is related to insufficient input validation in the Libraries component of Oracle Java SE and Java SE Embedded. This could allow a remote attacke...
Denial Of Service (DoS)
openjdk is vulnerable to denial of service. A flaw was found in the XML Digital Signature component in OpenJDK. Untrusted code could use this flaw to replace the Java Runtime Environment JRE XML Digital Signature Transform or C14N algorithm implementations to intercept digital signature operation...
CVE-2019-12400
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...
CVE-2019-2816
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access v...
xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...
CVE-2020-7474
A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator v1.002 and prior, for the PMEPXM0100 H module, which could cause the execution of untrusted code when using double click to open a project file which may trigger execution of a malicious DLL...
Path traversal
A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator v1.002 and prior, for the PMEPXM0100 H module, which could cause the execution of untrusted code when using double click to open a project file which may trigger execution of a malicious DLL...
CVE-2020-7474
A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator v1.002 and prior, for the PMEPXM0100 H module, which could cause the execution of untrusted code when using double click to open a project file which may trigger execution of a malicious DLL...
CVE-2020-7474
ProSoft Configurator (v1.002 and earlier) is affected by CWE-427 Uncontrolled Search Path Element in the PMEPXM0100(H) module. The vulnerability could enable execution of untrusted code when a user double-clicks to open a project file, potentially triggering a malicious DLL. CVSS details in the s...
xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...
xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...
xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...