[SECURITY] Fedora 40 Update: BareBonesBrowserLaunch-3.1-33.fc40

Utility class to open a web page from a Swing application in the user's default browser. Supports: Mac OS X, GNU/Linux, Unix, Windows XP...

Code injection

Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This...

CVE-2020-28052

A flaw was found in bouncycastle. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. The highest threat from this vulnerability is to data...

Design/Logic Flaw

HttpUtilsgetURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapter...

CVE-2020-13955

CVE-2020-13955 affects Apache Calcite: HttpUtils#getURLConnection disables hostname verification for HTTPS, enabling potential MITM attacks and information leakage when Calcite adapters connect to Druid or Splunk. The issue originates from a utility method that can be used to create vulnerable HT...

Spoofing Vulnerability

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1948,...

Improper filtering of javascript in HTML feed-view — Mozilla

Security researcher Mario Heiderich reported that javascript could be executed in the HTML feed-view using tag within the RSS . This problem is due to tags not being filtered out during parsing and can lead to a potential cross-site scripting XSS attack. The flaw existed in a parser utility class...

CVE-2003-0470

Buffer overflow in the "RuFSI Utility Class" ActiveX control aka "RuFSI Registry Information Class", as used for the Symantec Security Check service, allows remote attackers to execute arbitrary code via a long argument to CompareVersionStrings...

Symantec Security Check RuFSI - ActiveX Control Buffer Overflow

Symantec Security Check RuFSI - ActiveX Control Buffer Overflow source: https://www.securityfocus.com/bid/8008/info It has been reported that the RuFSI Utility Class is vulnerable to a boundary condition error when invoked with long strings. This could potentially lead to the execution of code wi...