2271 matches found
OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...
Spring Security and Spring Framework may not recognize certain paths that should be protected
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x as well as other unsupported versions rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms,...
GHSA-8CRV-49FR-2H6J Spring Security and Spring Framework may not recognize certain paths that should be protected
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x as well as other unsupported versions rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms,...
tomcat: Late application of security constraints can lead to resource exposure for unauthorised users
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that...
GHSA-6RXJ-58JH-436R Apache Tomcat unauthorized access vulnerability
The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...
Apache Tomcat unauthorized access vulnerability
The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...
Shopify: H1514 Simple phishing using auto-created modal with weak URL-pattern check in incontext_app_link
Hi, This is unrelated to the Twine-template issue reported earlier as this would still be an issue if the template escape would be fixed. Background The incontextapplink is checked server-side if it's a correct shopifycloud.com-URL. The problem however is that userdata inside the URL is allowed. ...
OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...
OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...
USN-3747-2 openjdk-lts regression
USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS. Unfortunately, that update introduced a regression around accessability support that prevented some Java applications from starting. This update fixes the problem. We apologize for the inconvenience. Original advisory details: I...
CVE-2017-1082
In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if th...
WESEEK GROWI cross-site scripting vulnerability (CNVD-2018-18608)
WESEEK GROWI is an open source team collaboration software developed by WESEEK Japan. The software features asset management, quick search and member management. A cross-site scripting vulnerability exists in WESEEK GROWI 3.1.11 and earlier versions, which can be exploited by a remote attacker to...
Denial Of Service (DoS)
mosca is vulnerable to denial of service DoS attacks. The vulnerability exists due to the lack of escaping of the regular pattern string, allowing a malicious pattern to cause a DoS attack...
OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...
OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...
OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...
OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...
USN-3747-1 openjdk-lts vulnerabilities
It was discovered that OpenJDK did not properly validate types in some situations. An attacker could use this to construct a Java class that could possibly bypass sandbox restrictions. CVE-2018-2825, CVE-2018-2826 It was discovered that the PatternSyntaxException class in OpenJDK did not properly...
SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2416-1) (Foreshadow)
This update for the Linux Kernel 4.4.114-9414 fixes several issues. The following security issues were fixed : - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other...
SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2348-1) (Foreshadow)
This update for the Linux Kernel 3.12.74-606488 fixes several issues. The following security issues were fixed : - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other...