Restrictions not applied for inline comments in attachments

When there is a comment for a file which is attached to a restricted page, all users can see the comment, even the ones who are not allowed to see the page and its attachments. h3. Workaround for 5.7 There is no workaround for customers running Confluence 5.7. Customers are advised to upgrade to...

IBM WebSphere Application Server Liberty Profile Elevation of Privilege Vulnerability

IBM WebSphere Application Server is developed by IBM in accordance with open standards and issued an application server. An elevation of privilege vulnerability in IBM WebSphere Application Server Liberty Profile version 8.5.x prior to 8.5.5.4 allows remote attackers to gain privileges by...

Design/Logic Flaw

IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations...

CVE-2014-8890

CVE-2014-8890 affects IBM WebSphere Application Server Liberty Profile (8.5.x) where a remote attacker can gain elevated privileges when deployment-descriptor security constraints are combined with ServletSecurity annotations. Root cause: improper handling of security configuration in the servlet...

OpenJDK: Restrict use of privileged annotations (Libraries, 8034985)

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is...

Design/Logic Flaw

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is...

CVE-2014-2483

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is...

OpenJDK: Restrict use of privileged annotations (Libraries, 8034985)

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is...

OpenJDK: Restrict use of privileged annotations (Libraries, 8034985)

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is...

[SECURITY] Fedora 18 Update: php-symfony2-Validator-2.2.10-1.fc18

This component is based on the JSR-303 Bean Validation specification and enables specifying validation rules for classes using XML, YAML, PHP or annotations, which can then be checked against instances of these classes. Optional dependencies: APC, DoctrineCommon...

[SECURITY] Fedora 19 Update: php-symfony2-Validator-2.2.5-1.fc19

This component is based on the JSR-303 Bean Validation specification and enables specifying validation rules for classes using XML, YAML, PHP or annotations, which can then be checked against instances of these classes. Optional dependencies: APC, DoctrineCommon...

[SECURITY] Fedora 18 Update: php-symfony2-Validator-2.2.5-1.fc18

This component is based on the JSR-303 Bean Validation specification and enables specifying validation rules for classes using XML, YAML, PHP or annotations, which can then be checked against instances of these classes. Optional dependencies: APC, DoctrineCommon...

Apple Mac OS X PDF Ink Annotations Processing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of a PDF...

CVE-2013-0971

Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service application crash via crafted ink annotations in a PDF document...

Design/Logic Flaw

Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service application crash via crafted ink annotations in a PDF document...

CVE-2013-0971

Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service application crash via crafted ink annotations in a PDF document...

[SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-1582 Apache Tomcat security constraint bypass Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.12-7.0.13 - - Earlier versions are not affected Description: An error in the fixes for...

[SECURITY] CVE-2011-1088 Apache Tomcat security constraint bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-1088 Apache Tomcat security constraint bypass Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.10 - - Earlier versions are not affected Description: When a web application was started,...

CVE-2011-1088

Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application...

CVE-2011-1088

Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application...