106 matches found
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.3 Vulnerability Details CVEID:CVE-2013-4660 DESCRIPTION: The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute...
Ubuntu: Security Advisory (USN-7622-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-11358 affecting package orangefs for versions less than 2.9.7-7
CVE-2019-11358 affecting package orangefs for versions less than 2.9.7-7. A patched version of the package is available...
📄 jQuery 3.3.1 Cross Site Scripting
jQuery version 3.3.1 proof of concept exploit that demonstrates cross site scripting via improper script handling and prototype pollution. Exploit Title: jQuery Prototype Pollution & XSS Exploit CVE-2019-11358 & CVE-2020-7656 Google Dork: N/A Date: 2025-02-13 Exploit Author: xOryus Vendor Homepag...
jQuery 3.3.1 - Prototype Pollution & XSS Exploit
Exploit Title: jQuery Prototype Pollution & XSS Exploit CVE-2019-11358 & CVE-2020-7656 Google Dork: N/A Date: 2025-02-13 Exploit Author: xOryus Vendor Homepage: https://jquery.com Software Link: https://code.jquery.com/jquery-3.3.1.min.js Version: 3.3.1 Tested on: Windows 10, Ubuntu 20.04, Chrome...
Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.
Summary jQuery is used by IBM Robotic Process Automation for Cloud Pak as part of Abbyy CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023, CVE-2020-23064. Kubernetes kube-apiserver is used by IBM Robotic Process Automation for Cloud Pak as part of the operator CVE-2020-8552. Go Go-Yam...
Linux Distros Unpatched Vulnerability : CVE-2019-11358
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an...
openSUSE Security Advisory (openSUSE-SU-2024:0231-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Vulnerabilities in the jquery-1.10.0.js package affect Data Replication on Cloud Pak for Data
Summary Multiple vulnerabilities in the jquery-1.10.0.js package used in Data Replication on Cloud Pak for Data were addressed. Vulnerability Details CVEID:CVE-2020-11023 DESCRIPTION: In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing option elements from...
CVE-2019-11358 affecting package m2crypto for versions less than 0.38.0-4
CVE-2019-11358 affecting package m2crypto for versions less than 0.38.0-4. A patched version of the package is available...
Oracle Siebel Server (April 2021 CPU)
The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2021 CPU advisory. - Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM component: EAI jackson-databind. Supported versions that are affected are...
Security Bulletin: Vulnerabilities Addressed in IBM Tivoli Network Manager IP Edition (ITNM) version 4.2 Fix Pack 20 (4.2.0.20)
Summary Multiple vulnerabilities were addressed in ITNM version 4.2 Fix Pack 20 4.2.0.20 Vulnerability Details CVEID:CVE-2024-23944 DESCRIPTION: Apache ZooKeeper could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in persistent watchers handling. By...
Security update for python-notebook (moderate)
openSUSE Security Update: Security update for python-notebook Announcement ID: openSUSE-SU-2024:0231-1 Rating: moderate References: 1227583 Cross-References: CVE-2019-11358 CVE-2021-32798 CVSS scores: CVE-2019-11358 NVD : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-32798 NVD : 9.6...
OPENSUSE-SU-2024:0231-1 Security update for python-notebook
This update for python-notebook fixes the following issues: - Update to 5.7.11 sanitizer fix CVE-2021-32798 boo1227583 - Update to 5.7.10 no upstream changelog - Update to 5.7.9 Update JQuery dependency to version 3.4.1 to fix security vulnerability CVE-2019-11358 Update from preact to React...
CVE-2019-11358 affecting package python-pygments for versions less than 2.7.4-1
CVE-2019-11358 affecting package python-pygments for versions less than 2.7.4-1. An upgraded version of the package is available that resolves this issue...
GHSA-JRPW-8884-2747 eZ Platform Bundled jQuery affected by CVE-2019-11358
In eZ Platform 2.x, ezsystems/ezplatform-admin-ui-assets before v4.2.0 includes jQuery version 3.3.1. This version of jQuery is affected by the security vulnerability https://www.cvedetails.com/cve/CVE-2019-11358/ This is fixed in jQuery version 3.4. We recommend that you upgrade your...
eZ Platform Bundled jQuery affected by CVE-2019-11358
In eZ Platform 2.x, ezsystems/ezplatform-admin-ui-assets before v4.2.0 includes jQuery version 3.3.1. This version of jQuery is affected by the security vulnerability https://www.cvedetails.com/cve/CVE-2019-11358/ This is fixed in jQuery version 3.4. We recommend that you upgrade your...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using jQuery 3.2.1 is vulnerable to Cross Site Scripting - CVE-2019-11358
Summary Applications using jQuery before 3.4.0 are vulnerable cross site scripting for CVE-2019-11358. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Jazz Reporting Service Vulnerability Details CVEID:CVE-2019-113...
Debian dla-3551 : otrs - security update
"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3551 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3551-1 [email protected]...
[SECURITY] [DLA 3551-1] otrs2 security update
Debian LTS Advisory DLA-3551-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin August 31, 2023 https://wiki.debian.org/LTS Package : otrs2 Version : 6.0.16-2+deb10u1 CVE ID : CVE-2019-11358 CVE-2019-12248 CVE-2019-12497 CVE-2019-12746 CVE-2019-13458 CVE-2019-16375...