Updated golang-github-prometheus-client packages fix security vulnerability

HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods...

GHSA-2C3P-9J5F-33G3 Apache OpenMeetings responds to insecure HTTP methods

Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH...

Apache OpenMeetings responds to insecure HTTP methods

Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH...

GHSA-M68X-CC2F-GR5H Unsafe methods in the default list of approved signatures in Jenkins Script Security Plugin

The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAtObject, String, Object; DefaultGroovyMethods.getAtObject, String. These allowed circumventing many of the access restrictions implemented in the script sandbox by using e.g. currentBuild'rawBuild' rather than...

Unsafe methods in the default list of approved signatures in Jenkins Script Security Plugin

The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAtObject, String, Object; DefaultGroovyMethods.getAtObject, String. These allowed circumventing many of the access restrictions implemented in the script sandbox by using e.g. currentBuild'rawBuild' rather than...

Statamic framework Incorrect Permission Assignment

Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc...

GHSA-5M64-9HQ5-5PF2 Statamic framework Incorrect Permission Assignment

Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc...

[SECURITY] Fedora 36 Update: curl-7.82.0-5.fc36

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

OESA-2022-1642 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column...

Microsoft Windows Authentication Methods 安全特征问题漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A security signature issue vulnerability exists in Microsoft Windows Authentication Methods. The following products and editions are affected: Windows 10 Version 1909 for 32-bit...

[SECURITY] Fedora 34 Update: maven-shared-utils-3.2.1-0.9.fc34

This project aims to be a functional replacement for plexus-utils in Maven. It is not a 100% API compatible replacement though but a replacement with improvements: lots of methods got cleaned up, generics got added and we dropp ed a lot of unused code...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2022:0125-1 Rating: important References: 1198917 1199118 Cross-References: CVE-2022-1477 CVE-2022-1478 CVE-2022-1479 CVE-2022-1480 CVE-2022-1481 CVE-2022-1482 CVE-2022-1483 CVE-2022-1484 CVE-2022-1485 CVE-2022-14...

Design/Logic Flaw

All versions of package jailed are vulnerable to Sandbox Bypass via an exported alert method which can access the main application. Exported methods are stored in the application.remote object...

ZCatalog plug-in for Zope allows anonymous users to bypass access restrictions

ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes...

Facebook phishers threaten users with Page Recovery Help Support

We’ve seen multiple hijacked profiles on Facebook recently claiming to be account recovery services. These bogus account recovery services arent here to help. Theyre actually just trying to scare users into falling for phishing attempts. The people behind these scams target Facebook pages belongi...

CVE-2021-41041

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles...

CVE-2021-41041

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles...

UBUNTU-CVE-2021-41041

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles...

CVE-2021-41041

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles...

PT-2022-11360 · Eclipse +4 · Eclipse Openj9 +4

Name of the Vulnerable Software and Affected Versions: Eclipse Openj9 versions prior to 0.32.0 Description: The issue arises when Java 8 and 11 fail to throw an exception captured during bytecode verification triggered by a MethodHandle invocation. This allows unverified methods to be invoked usi...