1260 matches found
DEBIAN-CVE-2021-3603
PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called if such code is injected into the host project's scope by other means. If the $patternselect parameter to validateAddress is set to 'php' the default, defined by PHPMailer::$validator, and the globa...
CVE-2021-3603
PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called if such code is injected into the host project's scope by other means. If the $patternselect parameter to validateAddress is set to 'php' the default, defined by PHPMailer::$validator, and the globa...
Design/Logic Flaw
PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called if such code is injected into the host project's scope by other means. If the $patternselect parameter to validateAddress is set to 'php' the default, defined by PHPMailer::$validator, and the globa...
CVE-2021-3603
PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called if such code is injected into the host project's scope by other means. If the $patternselect parameter to validateAddress is set to 'php' the default, defined by PHPMailer::$validator, and the globa...
UBUNTU-CVE-2021-3603
PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called if such code is injected into the host project's scope by other means. If the $patternselect parameter to validateAddress is set to 'php' the default, defined by PHPMailer::$validator, and the globa...
CVE-2021-3603
PHPMailer CVE-2021-3603 affects PHPMailer 6.4.1 and earlier, where validateAddress() could call an untrusted function named php if patternselect is 'php' and a global function php exists. This occurs when user-provided input injects such a function into the host project scope. The issue is mitiga...
CVE-2021-3603
PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called if such code is injected into the host project's scope by other means. If the $patternselect parameter to validateAddress is set to 'php' the default, defined by PHPMailer::$validator, and the globa...
PT-2021-3390 · Phpmailer +3 · Phpmailer +3
Name of the Vulnerable Software and Affected Versions: PHPMailer versions 6.4.1 and earlier Description: The issue is related to the validateAddress function in PHPMailer, which can lead to the execution of untrusted code if such code is injected into the host project's scope by other means. This...
Untrusted code may be run from an overridden address validator
This is a security release. SECURITY Fixes CVE-2021-34551, a complex RCE affecting Windows hosts. See SECURITY.md for details. The fix for this issue changes the way that language files are loaded. While they remain in the same PHP-like format, they are processed as plain text, and any code in th...
CentOS 8 : idm:DL1 and idm:client (CESA-2021:1846)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:1846 advisory. - jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 Note that Nessus has not tested for this issue but has...
RLSA-2021:1846 Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
Rocky Enterprise Software Foundation Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: jquery: Passing HTML containing elements to manipulation methods could result...
CVE-2021-2161
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2...
Man-in-the-Middle (MitM)
nim is vulnerable to man-in-the-middle attack. nimble refresh fetches a list of Nimble packages over HTTPS by default. However, in case of an error, a non-TLS URL http://irclogs.nim-lang.org/packages.json is used and allows an attacker to perform MitM and deliver a modified package list containin...
OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (Libraries, 8249906)
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2...
OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (Libraries, 8249906)
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2...
OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (Libraries, 8249906)
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2...
OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (Libraries, 8249906)
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2...
UBUNTU-CVE-2021-2163
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2...
PT-2021-2920
Name of the Vulnerable Software and Affected Versions Java SE versions 7u291, 8u281, 11.0.10, 16 Java SE Embedded version 8u281 Oracle GraalVM Enterprise Edition versions 19.3.5, 20.3.1.2, 21.0.0.2 Description The issue allows an unauthenticated attacker with network access via multiple protocols...
FreeBSD : All versions of Apache OpenOffice through 4.1.9 can open non-http(s) hyperlinks. If the link is specifically crafted this could lead to untrusted code execution. (e87c2647-a188-11eb-8806-1c1b0d9ea7e6)
The Apache Openofffice project reports : The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-https hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code...