Rocky Linux 8 : thunderbird (RLSA-2022:4887)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:4887 advisory. - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox E...

Regular Expression Denial Of Service (ReDoS)

moment is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to the inefficient regex pattern used in the preprocessRFC2822 function of from-string.js, allowing an attacker to crash the application by providing malicious inputs of more than 10k characters...

Oracle Linux 9 : thunderbird (ELSA-2022-4892)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-4892 advisory. 91.10.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires...

Regular Expression Denial Of Service (ReDoS)

scss-tokenizer is vulnerable to regular expression denial of service. The vulnerability exists in the loadAnnotation function of previous-map.js due to the insecure regex pattern used in the match attribute, allowing an attacker to crash the application by providing malicious input...

Authorization Bypass

shiro-core is vulnerable to authorization bypass. The vulnerability exists due to the case-insensitive regex pattern matching used in the matches function of RegExPatternMatcher.java, allowing an attacker to bypass the servlet container when RegExPatternMatcher with . in the regular expression...

GHSA-4CF5-XMHP-3XJ7 Improper Authorization in Apache Shiro

Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with . in the regular expression are possibly vulnerable to an authorization bypass...

CVE-2022-32532

Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with . in the regular expression are possibly vulnerable to an authorization bypass...

DEBIAN-CVE-2022-32532

Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with . in the regular expression are possibly vulnerable to an authorization bypass...

CVE-2022-32532

Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with . in the regular expression are possibly vulnerable to an authorization bypass...

UBUNTU-CVE-2022-32532

Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with . in the regular expression are possibly vulnerable to an authorization bypass...

Regular Expression Denial Of Service (ReDoS)

repo-git-downloader is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for match repository urls in the getOptions function of option.js, allowing an attacker to crash the application by downloading maliciously crafted git...

Use-After-Free

busybox is vulnerable to use-after-free. The vulnerability exists in copyvar which allows an attacker to send crafted awk pattern crashing the application...

MAL-2022-149 Malicious code in @btransport/btui-pattern-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dfe5bf0b73ac2b81402bbc971dd4ed7ecd93e03365bc4878945bd3fbde0f3bf7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pattern-middleware (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e3950a70e613b294964bf7e35359d2838130a3a0084ebb449d37714e9227b4e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5230 Malicious code in pattern-middleware (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e3950a70e613b294964bf7e35359d2838130a3a0084ebb449d37714e9227b4e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security Bulletin: Multiple vulnerabilities have been identified in Apache Log4j shipped with IBM Tivoli Netcool/OMNIbus Common Integration Libraries (CVE-2021-4104, CVE-2021-45046, CVE-2021-44228)

Summary Multiple vulnerabilities have been identified within the Apache Log4j library that is used within IBM Tivoli Netcool/OMNIbus Common Integration Libraries. These vulnerabilities have been addressed. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote...

Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerabilities(CVE-2021-45105, CVE-2021-45046)

Summary Based on current information and analysis, IBM Jazz for Service Management does not use Apache log4j-core library which is vulnerable to CVE-2021-45105, CVE-2021-45046 . However, IBM Jazz for Service Management may be impacted because the old version of Log4j-1.2-api and Log4j-api are use...

Cisco IOS XE Software FXO Interface Destination Pattern Bypass (cisco-sa-fxo-pattern-bypass-jUXgygYv)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. A vulnerability in the Voice Telephony Service Provider VTSP service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination...

CLSA-2022-1654804099 Fix CVE(s): CVE-2022-1851, CVE-2022-1886, CVE-2022-0319, CVE-2022-1898

SECURITY UPDATE: mlget error when exchanging windows in Visual mode - debian/patches/CVE-2022-0319.patch: Correct end of Visual area when entering another buffer - CVE-2022-0319 SECURITY UPDATE: Cursor may be in an invalid position after text formatting - debian/patches/CVE-2022-1851.patch: Corre...

CLSA-2022-1654525751 Fix CVE(s): CVE-2022-1796, CVE-2022-1785

SECURITY UPDATE: Memory access error when substitute expression changes window - debian/patches/CVE-2022-1785.patch: Disallow changing window in substitute expression - CVE-2022-1785 SECURITY UPDATE: Accessing freed memory when line is flushed - debian/patches/CVE-2022-1796.patch: Make a copy of...