1179 matches found
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.4.10 security update
A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
xml-security: XPath Transform abuse allows for information disclosure
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...
xml-security: XPath Transform abuse allows for information disclosure
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...
xml-security: XPath Transform abuse allows for information disclosure
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...
Haptyc - Test Generation Framework
Haptyc is a python library which was built to add payload position support and Sniper/Clusterbomb/Batteringram/Pitchfork attack types into Turbo Intruder. While Haptyc accomplishes these goals fairly well it also introduces a simpler way to express test sequences in general. While this library wa...
Weak Encryption
github.com/edgexfoundry/app-functions-sdk-go uses weak encryption standards. Users who use the AES transform in their processing pipelines are affected. Attackers are able to decrypt messages because encryption is not enabled by default and if used, the level of protection may be less than user...
CVE-2021-41278
Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. In affected versions broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allo...
Input validation
Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. In affected versions broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allo...
CVE-2021-41278
EdgeX Foundry CVE-2021-41278 affects the app-functions-sdk-go (and related EdgeX components) where the AES transform is broken in encryption, allowing potential decryption of data for users who enable AES in their pipelines. Affected releases rely on a flawed AES implementation; the AES transform...
Debian: Security Advisory (DSA-5010-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 5010-1] libxml-security-java security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5010-1 [email protected] https://www.debian.org/security/ Markus Koschany November 15, 2021 https://www.debian.org/security/faq -...
xml-security: XPath Transform abuse allows for information disclosure
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...
libjpeg-turbo: Stack-based buffer overflow in the "transform" component
A stack-based buffer overflow flaw was found in libjpeg-turbo library in the tranform component. An attacker may use this flaw to input a malicious image file to an application utilizing this library, leading to arbitrary code execution. The highest threat from this vulnerability is to data...
CVE-2021-41792
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to...
Server side request forgery (ssrf)
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to...
CVE-2021-41792
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to...
CVE-2021-41792
CVE-2021-41792 affects Hyland Alfresco components: org.alfresco:alfresco-content-services up to 6.2.2.18 and org.alfresco:alfresco-transform-services up to 1.3. A crafted HTML file uploaded to the system could trigger an unexpected request by the transformation engine, with the response not expos...
CVE-2021-40690
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...
[SECURITY] [DLA 2767-1] libxml-security-java security update
Debian LTS Advisory DLA-2767-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany September 27, 2021 https://wiki.debian.org/LTS Package : libxml-security-java Version : 1.5.8-2+deb9u1 CVE ID : CVE-2021-40690 Debian Bug : 994569 Apache Santuario, XML Security for Jav...
Huawei EulerOS: Security Advisory for libjpeg-turbo (EulerOS-SA-2021-2470)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...