Node.js Module vm2 < 3.9.11 Sandbox Breakout

The version of the Node.js module vm2 installed on the remote host is prior to 3.9.11. It is, therefore affected by a sandbox breakout vulnerability. Untrusted code can break out of the sandbox created by the affected vm2 module and execute arbitrary code on the host system. Note that Nessus has...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in the IBM® Runtime Environment Java™ Technology Edition affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The...

CVE-2022-41704

A flaw was found in Batik. This issue may allow a malicious user to run untrusted Java code from an SVG...

Advisory ROSA-SA-2023-2133

Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: java-11-openjdk-11.0.18.0.10-1 CVE-ID: CVE-2021-2161 BDU-ID: 2021-02490 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the Libraries component of the Java SE, Java SE Embedded, and Oracle GraalVM Enterprise Edition softwa...

USN-5956-1: PHPMailer vulnerabilities

Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. CVE-2016-10033, CVE-2016-10045 It was...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : OpenJDK vulnerabilities (USN-5897-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5897-1 advisory. Juraj Somorovsky, Marcel Maehren, Nurullah Erinola, and Robert Merget discovered that the DTLS implementation in the JSSE subsyst...

K66544153: jQuery vulnerability CVE-2020-11023

Security Advisory Description In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This probl...

SUSE CVE-2007-5240

Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.215 and earlier, and SDK and JRE 1.3.120 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner...

SUSE CVE-2010-3574

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

SUSE CVE-2016-5549

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoco...

SUSE CVE-2016-5548

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

SUSE CVE-2017-1376

A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID: 126873...

SUSE CVE-2017-3272

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

SUSE CVE-2017-3512

Vulnerability in the Java SE component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks...

SUSE CVE-2017-3514

Vulnerability in the Java SE component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

SUSE CVE-2017-5648

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was...

SUSE CVE-2017-10089

Vulnerability in the Java SE component of Oracle Java SE subcomponent: ImageIO. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

SUSE CVE-2017-10086

Vulnerability in the Java SE component of Oracle Java SE subcomponent: JavaFX. Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks...

SUSE CVE-2017-10096

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

SUSE CVE-2017-10105

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successfu...