Remote Code Execution (RCE)

firefox is vulnerable to remote code execution. The vulnerability exists due to a lack of validation of the boundaries of same-origin policy, allowing an attacker to use XSL transform to serve a user an XSL with maliciously crafted javascript...

UBUNTU-CVE-2022-22755

By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript within the bounds of the same-origin policy even after the tab was closed. This vulnerability affects Firefox 97...

Unlimited transforms allowed for signed nodes

Impact A malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This would be an effective way to perform a denial-of-service attack. Patches This has been resolved in version 3.1.0. The resolution is to...

[SECURITY] Fedora 33 Update: openjpeg2-2.3.1-11.fc33

The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains JPEG 2000 codec compliant with the Part 1 of the standard Class-1 Profil e-1 compliance. JP2 JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple...

[SECURITY] Fedora 33 Update: leptonica-1.80.0-3.fc33

The library supports many operations that are useful on Document images Natural images Fundamental image processing and image analysis operations Rasterop aka bitblt Affine transforms scaling, translation, rotation, shear on images of arbitrary pixel depth Projective and bi-linear transforms Bina...

[SECURITY] Fedora 33 Update: openjpeg2-2.3.1-10.fc33

The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains JPEG 2000 codec compliant with the Part 1 of the standard Class-1 Profil e-1 compliance. JP2 JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple...

Known Citrix Workspace Bug Open to New Attack Vector

A Citrix Workspace vulnerability that was fixed in July has been found to have a secondary attack vector, which would allow cybercriminals to elevate privileges and remotely execute arbitrary commands under the SYSTEM account. The bug CVE-2020-8207, exists in the automatic update service of the...

OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: 2D. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: 2D. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

[SECURITY] Fedora 31 Update: openjpeg2-2.3.1-4.fc31

The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains JPEG 2000 codec compliant with the Part 1 of the standard Class-1 Profil e-1 compliance. JP2 JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple...

Node.js third-party modules: Filesystem Writes via `yarn install` via symlinks and tar transforms inside a crafted malicious package

I would like to report an arbitrary filesystem write vulnerability in Yarn when installing a malicious package from the default repositories. This vulnerability has the potential for RCE -- even if --ignore-scripts is disabled. It allows a malicious package, upon install, to write to any path on...

The vulnerability of the RejectASTTransformsCustomizer.java component of the Jenkins Script Security plugin allows a perpetrator to execute arbitrary code.

The vulnerability of the RejectASTTransformsCustomizer.java component of the Jenkins Script Security plugin is related to errors in processing AST annotations. Exploiting this vulnerability can allow a malicious actor to exit from an isolated programming environment and execute arbitrary code...

jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin

A flaw was found in Jenkins Pipeline. The Script Security sandbox protection could be circumvented during the script compilation phase by applying AST, transforming annotations such as @Grab to source code elements. Both the pipeline validation REST APIs and actual script/pipeline execution are...

Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows

Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows I was looking into the root cause of https://bugs.chromium.org/p/chromium/issues/detail?id=850350. In that bug, due to precision errors, Skia generated a concave RRect, but declared it convex. Later, the RRect was transformed with...

[SECURITY] Fedora 29 Update: xml-security-c-2.0.2-1.fc29

The xml-security-c library is a C++ implementation of the XML Digital Signature specification. The library makes use of the Apache XML project's Xerces-C XML Parser and Xalan-C XSLT processor. The latter is used for processing XPath and XSLT transforms...

[SECURITY] Fedora 28 Update: openjpeg2-2.3.0-9.fc28

The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains JPEG 2000 codec compliant with the Part 1 of the standard Class-1 Profil e-1 compliance. JP2 JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multi ple...

CVE-2017-5377

A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox 51...

Msploitego - Pentesting Suite For Maltego Based On Data In A Metasploit Database

msploitego leverages the data gathered in a Metasploit database by enumerating and creating specific entities for services. Services like samba, smtp, snmp, http have transforms to enumerate even further. Entities can either be loaded from a Metasploit XML file or taken directly from the Postgres...

[SECURITY] Fedora 28 Update: leptonica-1.76.0-1.fc28

The library supports many operations that are useful on Document images Natural images Fundamental image processing and image analysis operations Rasterop aka bitblt Affine transforms scaling, translation, rotation, shear on images of arbitrary pixel depth Projective and bi-linear transforms Bina...

[SECURITY] Fedora 27 Update: leptonica-1.74.4-5.fc27

The library supports many operations that are useful on Document images Natural images Fundamental image processing and image analysis operations Rasterop aka bitblt Affine transforms scaling, translation, rotation, shear on images of arbitrary pixel depth Projective and bi-linear transforms Bina...