The vulnerability of the installation package verification subsystem of the Junos operating system, allowing a attacker to execute arbitrary commands with root privileges

The vulnerability of the Junos operating system’s installation package’s verification subsystem is related to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands with ro...

Oracle Linux 8 : nodejs:14 (ELSA-2021-0551)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0551 advisory. nodejs 1:14.15.4-2 - Add patch for yarn crash - Resolves: RHBZ1916465 1:14.15.4-1 - Security rebase to 14.15.4 -...

nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function

A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...

RHEL 8 : nodejs:10 (RHSA-2021:0548)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0548 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Debian DLA-2556-1 : unbound1.9 security update

Several security vulnerabilities have been corrected in unbound, a validating, recursive, caching DNS resolver. Support for the unbound DNS server has been resumed, the sources can be found in the unbound1.9 source package. CVE-2020-12662 Unbound has Insufficient Control of Network Message Volume...

nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function

A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...

nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

Lightweight Directory Access Protocol (LDAP) Injection

is-user-valid is vulnerable to Lightweight Directory Access Protocol LDAP Injection. The vulnerability exists due to an unsanitized validate function when authenticating the email in the getEmail function...

PT-2021-7292 · Php +9 · Php +9

Name of the Vulnerable Software and Affected Versions: PHP versions 7.4.x through 7.4.27 PHP versions 8.0.x through 8.0.15 PHP versions 8.1.x through 8.1.2 Description: The issue is related to the use of filter functions with the FILTER VALIDATE FLOAT filter and min/max limits in PHP. If the filt...

nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

NextGen Gallery < 3.5.0 - CSRF allows File Upload

It was possible to bypass the "validateajaxrequest" function used to control access to ajax functions by sending a request without a nonce parameter. This could be used to upload arbitrary code to an image file. Although the uploaded file must be a valid image, it is possible to include PHP code ...

Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise and IBM Integration Bus (CVE-2020-7754)

Summary IBM App Connect Enterprise and IBM Integration Bus ship with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details Third Party Entry: 189917 DESCRIPTION: Node.js npm-user-validate module denial of service CVS...

nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function

A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...

Adobe Experience Manager Blind Server-Side Request Forgery Vulnerability

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Foxit Reader Javascript Field fileSelect Use After Free Vulnerability

Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...

nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function

A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...

CVE-2020-27816

The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link kibana console to different one, created based on the new CR for the new kibana resource. This could lead to an...

CVE-2020-7754

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

CVE-2020-7754

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

CVE-2020-7754

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...