Apache Syncope Injection Vulnerability

Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. An injection vulnerability exists in Apache Syncope versions 2.0.X prior t...

UBUNTU-CVE-2020-11034

In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6...

CVE-2020-10693

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation escaping, stripping controls that developers may have put in place...

Regular Expression Denial of Service (ReDoS)

Overview markdown is a yet another markdown parser, this time for JavaScript. Note: This package is no longer actively maintained and should be considered deprecated. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. It is possible under certain...

EulerOS Virtualization for ARM 64 3.0.2.0 : ruby (EulerOS-SA-2020-1529)

According to the versions of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel...

CentOS 7 : java-1.7.0-openjdk (RHSA-2020:1507)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1507 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE:...

HPE IMC ForwardRedirect Expression Language Injection

An Expression Language injection vulnerability exists in HPE Intelligent Management Center. This vulnerability is due to insufficient handling of the actionbean request parameter provided to the forwardredirect.xhtml endpoint...

java security update

CentOS Errata and Security Advisory CESA-2020:1507 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

java security update

CentOS Errata and Security Advisory CESA-2020:1512 An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

java security update

CentOS Errata and Security Advisory CESA-2020:1509 An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Denial of Service (DoS)

Overview bson is an a fully featured BSON specification implementation in Ruby. Affected versions of this package are vulnerable to Denial of Service DoS. The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby as used in rubygem-moped allows remote attackers to cause a denial of service work...

Regular Expression Denial Of Service (ReDoS)

sheetjs is vulnerable to regular expression denial of service ReDoS. The vulnerability exists due to the usage of vulnerable regular expressions for xlmlregex in the function xlmlnormalize...

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2020-1516)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c

A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the...

sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting

SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite error handling...

java security update

CentOS Errata and Security Advisory CESA-2020:1506 An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

java security update

CentOS Errata and Security Advisory CESA-2020:1508 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

CentOS 6 : java-1.8.0-openjdk (RHSA-2020:1506)

The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1506 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u24...

HPE Intelligent Management Remote Rode Execution (CVE-2019-5386)

An Expression Language injection vulnerability exists in HPE Intelligent Management Center. This vulnerability is due to insufficient handling of the beanName request parameter by the class...

FreeBSD : py-bleach -- regular expression denial-of-service (4c52ec3c-86f3-11ea-b5b4-641c67a117d8)

Bleach developers reports : bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean..., attributes='a': 'style'. C...