62 matches found
SUSE-SU-2024:4105-1 Security update for tomcat10
This update for tomcat10 fixes the following issues: - Update to Tomcat 10.1.33 Fixed CVEs: + CVE-2024-52316: If the Jakarta Authentication fails with an exception, set a 500 status bsc1233434 Catalina + Add: Add support for the new Servlet API method HttpServletResponse.sendEarlyHints. markt +...
CVE-2024-50840
A Stored Cross-Site Scripting XSS vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the classname parameter...
RHEL 9 : libreoffice (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libreoffice: Array index underflow in Calc formula parsing CVE-2023-0950 - Apache OpenOffice versions...
CVE-2023-49985
A cross-site scripting XSS vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cname parameter...
School Fees Management System 安全漏洞
School Fees Management System is a tuition management system. A security vulnerability exists in School Fees Management System v1.0, which originates from a cross-site scripting XSS vulnerability in /management/class...
[SECURITY] Fedora 40 Update: reflections-0.9.12-17.fc40
A Java run-time meta-data analysis, in the spirit of Scannotations Reflections scans your class-path, indexes the meta-data, allows you to query it on run-time and may save and collect that information for many modules within your project. Using Reflections you can query your meta-data such as: g...
PT-2023-31442 · Unknown · School Management System
Name of the Vulnerable Software and Affected Versions: School Fees Management System version 1.0 Description: A cross-site scripting XSS issue in the /management/class component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...
libreoffice: Empty entry in Java class path
A flaw was found in LibreOffice. When an empty Java class path entry is configured, LibreOffice will search for Java classes in the current working directory, allowing malicious Java classes to load when opening a document using the file manager, resulting in arbitrary code execution...
Moderate: Red Hat Security Advisory: libreoffice security update
An update for libreoffice is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
Moderate: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
libreoffice: Empty entry in Java class path
A flaw was found in LibreOffice. When an empty Java class path entry is configured, LibreOffice will search for Java classes in the current working directory, allowing malicious Java classes to load when opening a document using the file manager, resulting in arbitrary code execution...
Moderate: Red Hat Security Advisory: libreoffice security update
An update for libreoffice is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
Moderate: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
CVE-2023-24815
A flaw was found in Vert.X Web. When running the application that serves files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard , an attacker can exfiltrate any class path resource...
Arbitrary Code Injection
Apache OpenOffice is vulnerable to Arbitrary Code Injection. The vulnerability exists because the Java class path is not properly configured which allows an attacker to inject and execute arbitrary codes...
USN-6023-1: LibreOffice vulnerability
It was discovered that LibreOffice may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory...
Apache OpenOffice < 4.1.14 Multiple Vulnerabilities (macOS)
The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.14. It is, therefore, affected by multiple vulnerabilities: - libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVE-2022-40674 - Apache OpenOffice versions before 4.1.14 may b...
Apache OpenOffice Code Issue Vulnerability
Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. A code issue vulnerability exists in Apache OpenOffice versions prior to 4.1.14, which stems from th...
The vulnerability of the Apache OpenOffice office software lies in the ability to add empty records to the Java class path, allowing an attacker to execute arbitrary code.
The vulnerability of the Apache OpenOffice office software lies in the ability to add empty records to the path of a Java class. Exploiting this vulnerability allows an attacker to execute arbitrary code by loading a specially crafted Java file remotely...
CVE-2022-38745
Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory...