The vulnerability in the drivers/input/input.c component of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability in the drivers/input/input.c component of the Linux operating system is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

A flaw was found in postgresql in versions before 13.3 before 12.7 before 11.12 before 10.17 and before 9.6.22. While modifying certain SQL array values missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

...

The vulnerability of the org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS component from the Jackson-databind library in the FasterXML project allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS component in the Jackson-databind library of the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability may allow an attacker to compromise the confidentiality,...

The vulnerability of the IBM Security Guardium security tool, related to the rigid encoding of registration data, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the IBM Security Guardium security tool is related to the rigid encoding of registration data. Exploiting this vulnerability could allow an attacker, operating remotely, to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool component in the Jackson-databind library of the FasterXML project allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool component in the Jackson-databind library of the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run

A flaw was found in the Linux kernel. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability...

The vulnerability of the Coherence Container component of the Oracle WebLogic Server application server allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Coherence Container component of the Oracle WebLogic Server application server exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

The software vulnerabilities of SonicWall Email Security and SonicWall Hosted Email Security allow for unlimited downloading of malicious files, enabling attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of SonicWall Email Security and SonicWall Hosted Email Security software lies in their ability to allow unlimited download of malicious files. Exploiting this vulnerability can enable a malicious actor to compromise the confidentiality, integrity, and accessibility of the...

The vulnerability of the User Experience Monitoring component of the SAP Solution Manager platform allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the User Experience Monitoring component of the SAP Solution Manager software platform is related to the lack of authentication for critical functions. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility ...

The vulnerability of SAP NetWeaver Java Application Server, a software integration platform of SAP NetWeaver, related to authentication errors, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the SAP NetWeaver Java Application Server, a software integration platform of SAP NetWeaver, is related to authentication errors. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

CVE-2021-28834

A flaw was found in rubygem-kramdown. Rouge is a syntax highlighter used by kramdown. Restriction of the Rouge formatters to the Rouge::Formatters namespace does not occur when Ruby's constget method is called. This can lead to arbitrary classes being instantiated in situations where the...

jenkins: Improper handling of REST API XML deserialization errors

A flaw was found in jenkins. An attacker with permission to create or configure various objects to inject crafted content into Old Data Monitor can cause the instantiation of potentially unsafe objects once discarded by an administrator. The highest threat from this vulnerability is to data...

The vulnerability of the ignite-jta class in the Jackson-databind library of the FasterXML project allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the ignite-jta class in the Jackson-databind library of the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...

The vulnerability of the Miscellaneous component of the Oracle Scripting software for creating and processing scripts allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Miscellaneous component of the Oracle Scripting environment exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information through HTTP requests...

postgresql: Reconnection can downgrade connection security settings

A flaw was found in postgresql. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could...

The vulnerability of the driver of the Windows Cloud Files mini-filter operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Windows Cloud Files mini-filter driver in the Windows operating system is related to insecure management of privileges. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

The vulnerability of Firefox browsers, Firefox ESR, and the Thunderbird email client relates to the issue of operations beyond buffer boundaries in memory. This allows attackers to gain unauthorized access to information and compromise its integrity and accessibility.

The vulnerability of Firefox browsers, Firefox ESR, and the email client Thunderbird is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to information and compromise its integrity and...

The vulnerability of the win_unzip module in the Ansible configuration management system arises from incorrect restrictions on the path to the restricted-access directory. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the winunzip module in the Ansible configuration management system is related to an incorrect limitation on the path to the restricted-access directory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of th...

The vulnerability of the OpenDetex text extraction tool relates to the occurrence of operations that go beyond the buffer boundaries in memory. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the OpenDetex text extraction tool is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the management interface for the virtual infrastructure management tool VMware vCenter Server allows a attacker to compromise the integrity, confidentiality, and accessibility of the protected information.

The vulnerability of the management interface for VMware vCenter Server’s virtual infrastructure is related to deficiencies in verifying the authenticity of certificates. Exploiting this vulnerability allows a malicious actor to compromise the integrity, confidentiality, and accessibility of the...