1260 matches found
CVE-2021-32798
The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...
CVE-2021-32798
The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...
CVE-2021-32798
The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...
Remote Code Execution (RCE)
java-11-openjdk is vulnerable to remote code execution. The vulnerability occurs due to the sandbox environment that allows untrusted code from the internet to run...
OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated...
DEBIAN-CVE-2021-2388
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated...
CVE-2021-2369
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows...
UBUNTU-CVE-2021-2388
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated...
OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated...
OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated...
OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated...
PT-2021-6456
Name of the Vulnerable Software and Affected Versions Java SE version 7u301 Description The issue is related to the JNDI component and can be exploited by an unauthenticated attacker with network access via multiple protocols, potentially leading to a partial denial of service DOS of Java SE. Thi...
PT-2021-3767
Name of the Vulnerable Software and Affected Versions Java SE versions 8u291, 11.0.11, 16.0.1 Oracle GraalVM Enterprise Edition versions 20.3.2, 21.1.0 Description The issue allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM...
PT-2021-3750
Name of the Vulnerable Software and Affected Versions Java SE versions 7u301, 8u291, 11.0.11, 16.0.1 Oracle GraalVM Enterprise Edition versions 20.3.2 and 21.1.0 Description The issue is related to insufficient input validation in the Networking component of Java SE and Oracle GraalVM Enterprise...
PT-2021-4009
Name of the Vulnerable Software and Affected Versions Java SE versions 7u301, 8u291, 11.0.11, 16.0.1 Oracle GraalVM Enterprise Edition versions 20.3.2 and 21.1.0 Description The issue allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle Graal...
MGASA-2021-0345 Updated php-phpmailer package fixes security vulnerability
PHPMailer contained a vulnerability that can result in untrusted code being called CVE-2021-3603. See upstream release notes...
PHPMailer untrusted code may be run from an overridden address validator
If a function is defined that has the same name as the default built-in email address validation scheme php, it will be called in default configuration as when no validation scheme is provided, the default scheme's callable php was being called. If an attacker is able to inject such a function in...
Arbitrary Code Execution
phpmailer/phpmailer is vulnerable to arbitrary code execution. When the $patternselect parameter in validateAddress is set to the default php defined by PHPMailer::$validator, and the global namespace contains a function called php, untrusted code can be called when such code is injected into the...
CVE-2021-3603
PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called if such code is injected into the host project's scope by other means. If the $patternselect parameter to validateAddress is set to 'php' the default, defined by PHPMailer::$validator, and the globa...
CVE-2021-3603
PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called if such code is injected into the host project's scope by other means. If the $patternselect parameter to validateAddress is set to 'php' the default, defined by PHPMailer::$validator, and the globa...