DEBIAN-CVE-2020-14796

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

UBUNTU-CVE-2020-14798

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

RHEL 8 : Red Hat Virtualization (RHSA-2020:3807)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3807 advisory. The org.ovirt.engine-root is a core component of oVirt. The following packages have been upgraded to a later upstream version:...

Certain HP Printers and MFP products - Cross-Site Scripting (XSS)

A potential security vulnerability has been identified for certain HP printers and MFPs. In jQuery versions before 3.5.0, passing HTML from untrusted sources may execute untrusted code. Update your printer firmware...

OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: 2D. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

CVE-2020-14583

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

CVE-2020-14562

Vulnerability in the Java SE product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of...

UBUNTU-CVE-2020-14664

Vulnerability in the Java SE product of Oracle Java SE component: JavaFX. The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human...

CVE-2020-14664

CVE-2020-14664 affects Oracle Java SE (component: JavaFX ) with affected version Java SE 8u251 . The vulnerability is exploitable over the network and can be triggered by loading untrusted code in client-side Java deployments (Web Start/applets). It requires user interaction and could lead to tak...

PT-2020-3363

Name of the Vulnerable Software and Affected Versions Oracle Java SE version 8u251 Description The issue is related to insufficient input validation in the JavaFX component, allowing an unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks...

PT-2020-3592

Name of the Vulnerable Software and Affected Versions Java SE versions 11.0.7 and 14.0.1 Description The issue is related to insufficient input validation in the ImageIO component of Oracle Java SE, allowing a remote attacker to cause a partial denial of service via multiple protocols. This...

PT-2020-3534

Name of the Vulnerable Software and Affected Versions Java SE versions 7u261, 8u251, 11.0.7, and 14.0.1 Java SE Embedded version 8u251 Description The issue is related to insufficient input validation in the Libraries component of Oracle Java SE and Java SE Embedded. This can be exploited by an...

OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274)

A flaw was found in the way the readObject method of the MethodType class in the Libraries component of OpenJDK checked argument types. This flaw allows an untrusted Java application or applet to bypass Java sandbox restrictions...

xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

Cross-Site Scripting (XSS)

jquery is vulnerable to cross-site scripting XSS. When passing a HTML containing elements to one of jQuery's DOM manipulation methods i.e. .html, .append, and others, untrusted code may potentially be executed...

DEBIAN-CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

CVE-2020-11022

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources – even after sanitizing it – to one of jQuery’s DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0. Recent assessments:...

CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources – even after sanitizing it – to one of jQuery’s DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...