Security Bulletin: IBM Cognos Controller has addressed multiple vulnerabilities

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Cognos Controller 10.4.2 FP2 and 10.4.1 IF15 . There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM Cognos Controller. The applicable CVEs have been addressed by upgradin...

AZL-44976 CVE-2022-38900 affecting package js-jquery 3.5.0-4

decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS...

AZL-45051 CVE-2022-24999 affecting package js-jquery 3.5.0-4

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...

Cross-Site Scripting (XSS)

silverstripe/admin is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in vendor.js due to an outdated jquery which allows an attacker to inject and execute arbitrary javascript using a specially crafted proto query string parameter...

Silverstripe framework cross-site scripting vulnerability

Silverstripe framework is an application from Silverstripe New Zealand. Empowering powerful digital teams by creating a platform for digital change. silverstripe framework 4.10.0 and previous versions contain a cross-site scripting vulnerability that stems from the use of jQuery 1.7.2, which is...

AZL-44820 CVE-2022-41940 affecting package js-jquery 3.5.0-4

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io...

GHSA-44XV-V98G-V79F URL XSS vulnerability due to outdated jquery in CMS

Silverstripe silverstripe/framework through 4.11 allows XSS issue 2 of 3...

[SECURITY] Fedora 36 Update: js-jquery-ui-1.13.2-1.fc36

A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library...

[SECURITY] Fedora 37 Update: js-jquery-ui-1.13.2-1.fc37

A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library...

Fedora: Security Advisory for js-jquery-ui (FEDORA-2022-1a01ed37e2)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for js-jquery-ui (FEDORA-2022-7291b78111)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Silverstripe CMS 跨站脚本漏洞

Silverstripe CMS is an application from Silverstripe New Zealand. Empower powerful digital teams by creating a platform for digital change. A cross-site scripting vulnerability exists in Silverstripe CMS versions prior to 4.12.0 that stems from the use of jQuery 1.7.2, which is affected by...

Fedora: Security Advisory for js-jquery-ui (FEDORA-2022-22d8ba36d0)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Scientific Linux Security Update : pcs on SL7.x x86_64 (2022:7343)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:7343-1 advisory. - rubygem-rack: crafted requests can cause shell escape sequences CVE-2022-30123 - jquery: Prototype pollution in object's prototype leading to...

Malicious code in jquery_ui_checkbowwx (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 355813cd2a93a9e682c5c08d18c2a94a88961692b4d92bb41d931a48b70fcfb3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in jquery_ui_checkbox (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7ec7cbc825e540dca6a67d1370e8c9d0cd6d3d116fce5c6fdc5f33f0a66aa780 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

pcs security update

0.9.169-3.0.1 - replace logo pcsd/public/favicon.ico in tarball - remove Source1 HAM-logo.png 0.9.169-3.el73.2 - Update rubygem rack - Upgrade jquery in web-ui - Resolves: rhbz2099578 rhbz2093232 0.9.169-3.el73.1 - Explicitly close libcurl connections to prevent stalled TCP connections in...

Oracle Linux 7 : pcs (ELSA-2022-7343)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7343 advisory. 0.9.169-3.0.1 - replace logo pcsd/public/favicon.ico in tarball - remove Source1 HAM-logo.png 0.9.169-3.el73.2 - Update rubygem rack - Upgrade jquery i...

Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...