OpenJDK: memory corruption issue on x86_64 with AVX-512 (8317121)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition:...

CVE-2023-38546

CVE-2023-38546 affects libcurl/curl (curl_easy_duphandle path). Root cause: when duplicating an easy handle with cookies enabled, the cookie state is cloned without cookies; if source hadn’t loaded cookies from disk, the clone may load cookies from a file named none in the program’s CWD, enabling...

Apollo Router Code Issue Vulnerability

Apollo Router is a configurable, high-performance graphical router written in Rust. A code issue vulnerability exists in Apollo Router. An attacker could use this vulnerability to cause the router to panic and terminate when sending a multi-part response...

CVE-2023-22088

Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications component: User Management. Supported versions that are affected are 7.4.0 and 7.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP ...

Design/Logic Flaw

The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post such as draft and private via an IDOR vector. Password protected post...

Code injection

The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post such as draft and private via an IDOR vector...

CVE-2023-3706 ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Title Disclosure

The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post such as draft and private via an IDOR vector...

POLY1305 MAC implementation corrupts XMM registers on Windows

...

PT-2023-29531 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.39.5 MediaWiki versions 1.40.x prior to 1.40.1 Description: An issue was discovered in VectorComponentUserLinks.php in the Vector Skin component. A MalformedTitleException is uncaught if it is not a valid title,...

PT-2023-29530 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.39.5 MediaWiki versions 1.40.x prior to 1.40.1 Description: An issue was discovered in the Vector Skin component for MediaWiki. The vector-toc-toggle-button-label is not escaped, but should be, because the line...

com.google.protobuf:protobuf-java Vulnerability in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.1, 5.6.0, 5.7.0, 5.8.0, 5.9.0, and 5.10.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

FasterXML Vulnerability in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.1.0, 9.2.1, and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

FasterXML Vulnerability in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.1.0, 9.2.1, and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

jackson-databind Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

jackson-databind Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

CVE-2022-4132

A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way repeatedly hitting the login page...

CVE-2022-4132

A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way repeatedly hitting the login page...

Memory corruption

A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way repeatedly hitting the login page...

batik: Server-Side Request Forgery vulnerability

A flaw was found in Apache Batik 1.0 - 1.16. This issue occurs due to a malicious SVG triggering external resources loading by default, causing resource consumption or in some cases information disclosure...

Mozilla: Use-after-free in Ion Compiler

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NULL bytes and cause a potentially exploitable crash...