Security Bulletin: IBM License Key Server Administration and Reporting Tool is impacted by multiple vulnerabilities in jQuery, Bootstrap and AngularJS

Summary Multiple vulnerabilities have been found in jQuery, Bootstrap and AngularJS libraries that are used by IBM License Key Server LKS Administration and Reporting Tool ART. Mitigations have been identified and a fix has been published. Vulnerability Details CVEID: CVE-2019-14863 DESCRIPTION:...

GHSA-XG68-CHX2-253G Prototype Pollution in jquery-deparam

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in jquery-deparam allows a malicious user to inject properties into Object.prototype...

Prototype Pollution in jquery-deparam

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in jquery-deparam allows a malicious user to inject properties into Object.prototype...

@molgenis-ui/core-ui (>=0.2.2 <=0.5.3), @molgenis/core-ui (=0.2.4) +12 more potentially affected by CVE-2021-20087 via jquery-deparam (>=0.1.0 <=0.5.3)

jquery-deparam NPM version =0.1.0, =0.2.2, =0.1.0, =0.0.1, =1.0.1, =1.2.1, =1.4.4, =1.0.0, =1.0.0, =1.2.1, =0.0.6, =0.3.8, =0.17.22 Source cves: CVE-2021-20087 Source advisory: OSV:GHSA-XG68-CHX2-253G...

GHSA-7W8J-85WM-6XFQ Prototype Pollution in jquery-bbq

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype...

brat-frontend-editor (>=0.0.19 <=0.3.42), frontend-editor (>=0.0.1 <=0.0.5) +3 more potentially affected by CVE-2021-20086 via jquery-bbq (>=0.0.1 <=1.0.0)

jquery-bbq NPM version =0.0.1, =0.0.19, =0.0.1, =0.0.1, =2.1.3, =2.2.3-a Source cves: CVE-2021-20086 Source advisory: OSV:GHSA-7W8J-85WM-6XFQ...

Prototype Pollution in jquery-bbq

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype...

The vulnerability of the jQuery UI library, related to the lack of protective measures for website structures, allows attackers to execute cross-site scripting attacks.

The vulnerability of the jQuery UI library is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks...

CentOS 8 : idm:DL1 and idm:client (CESA-2021:1846)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:1846 advisory. - jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 Note that Nessus has not tested for this issue but has...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

idm:DL1 and idm:client security, bug fix, and enhancement update

An update is available for ipa, python-jwcrypto, custodia, bind-dyndb-ldap, python-qrcode, softhsm, python-yubico, python-kdcproxy, opendnssec, ipa-healthcheck, pyusb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

BSA-2020-973

Security Advisory ID : BSA-2020-973 Component : jQuery Revision : 1.0 In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e..html, .append, and others...

BSA-2020-972

Security Advisory ID : BSA-2020-972 Component : jQuery Revision : 1.0 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untruste...

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2015-5237 DESCRIPTION: Google Protocol Buffers could allow a remote attacker to execute arbitrary code on the system, caused by ...

PT-2021-7968 · Jquery-Ui +5 · Jquery Ui +5

Name of the Vulnerable Software and Affected Versions: jQuery UI versions prior to 1.13.0 Description: The issue is related to the .position util in jQuery UI, where accepting the value of the of option from untrusted sources may execute untrusted code. This can be exploited by an attacker to...

Huawei EulerOS: Security Advisory for pki-core (EulerOS-SA-2021-1831)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : pki-core (EulerOS-SA-2021-1831)

According to the versions of the pki-core packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate ov...

Prototype Pollution

jquery-bbq is vulnerable to prototype pollution. An attacker is able to inject malicious properties into existing construct prototypes Object.prototype and modify attributes such as proto, constructor and prototype...

Prototype Pollution

jquery-plugin-query-object is vulnerable to prototype pollution. An attacker is able to inject malicious properties into existing construct prototypes Object.prototype and modify attributes such as proto, constructor and prototype...

Prototype Pollution

jquery-deparam is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...