92 matches found
GHSA-34M5-796P-MJCP Apache UIMA DUCC allows remote code execution
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache UIMA DUCC. When using the "Distributed UIMA Cluster Computing" DUCC module of Apache UIMA, an authenticated user that has the permissions ...
Apache UIMA DUCC allows remote code execution
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache UIMA DUCC. When using the "Distributed UIMA Cluster Computing" DUCC module of Apache UIMA, an authenticated user that has the permissions ...
PT-2023-22046 · Apache · Apache Uima Ducc
Name of the Vulnerable Software and Affected Versions: Apache UIMA DUCC affected versions not specified Description: The issue is related to an Improper Neutralization of Special Elements used in a Command, also known as a 'Command Injection' vulnerability. When using the Distributed UIMA Cluster...
Apache UIMA DUCC 命令注入漏洞
Apache UIMA DUCC is a cluster management system from the Apache Apache Foundation in the United States. The system provides tools, management and scheduling tools. Apache UIMA DUCC suffers from a command injection vulnerability that arises from improper neutralization of specific elements used wh...
USN-5816-2: Firefox regressions
USN-5816-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security openin...
USN-5816-1 firefox vulnerabilities
Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. CVE-2023-23597 Tom...
Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5816-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5816-1 advisory. Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new...
CVE-2023-23597
A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefo...
Fedora 31 : webkit2gtk3 (2020-d2736ee493)
Update to 2.28.3 : - Fix kinetic scrolling with async scrolling. - Fix web process hangs on large GitHub pages. - Bubblewrap sandbox should not attempt to bind empty paths. - Fix threading issues in the media player. - Fix several crashes and rendering issues. - Security fixes: CVE-2020-9802,...
Fedora 32 : webkit2gtk3 (2020-ab074c6cdf)
Update to 2.28.3 : - Fix kinetic scrolling with async scrolling. - Fix web process hangs on large GitHub pages. - Bubblewrap sandbox should not attempt to bind empty paths. - Fix threading issues in the media player. - Fix several crashes and rendering issues. - Security fixes: CVE-2020-9802,...
SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2020:1135-1)
This update for webkit2gtk3 to version 2.28.1 fixes the following issues : Security issues fixed : CVE-2020-10018: Fixed a denial of service because the mdeferredFocusedNodeChange data structure was mishandled bsc1165528. CVE-2020-11793: Fixed a potential arbitrary code execution caused by a...
SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:0468-1)
This update for webkit2gtk3 to version 2.26.4 fixes the following issues : Security issues fixed : CVE-2019-8835: Fixed multiple memory corruption issues bsc1161719. CVE-2019-8844: Fixed multiple memory corruption issues bsc1161719. CVE-2019-8846: Fixed a use-after-free issue bsc1161719...
SUSE-SU-2020:0468-1 Security update for webkit2gtk3
This update for webkit2gtk3 to version 2.26.4 fixes the following issues: Security issues fixed: - CVE-2019-8835: Fixed multiple memory corruption issues bsc1161719. - CVE-2019-8844: Fixed multiple memory corruption issues bsc1161719. - CVE-2019-8846: Fixed a use-after-free issue bsc1161719. -...
Denial of Service Vulnerability in Eastland Technologies KGW3101 Serial Server
Beijing Eastland Technology Co., Ltd. is a company specializing in industrial Internet technology and industry. A denial of service vulnerability exists in the KGW3101 serial port server of Dongtu Technology, which can be exploited by an attacker to cause the web process of the device to restart...
Security Bulletin: Cross-Site Scripting vulnerability affects IBM Business Process Manager web Process Designer (CVE-2017-1494)
Summary IBM Business Process Manager web Process Designer is vulnerable to Cross-Site Scripting. Vulnerability Details CVEID: CVE-2017-1494 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the We...
Fedora 26 : webkitgtk4 (2018-6a9fea1b3a)
This update addresses the following vulnerabilities : - CVE-2018-4200 Additional fixes : - Do TLS error checking on GTlsConnection::accept-certificate to finish the load earlier in case of errors. - Properly close the connection to the nested wayland compositor in the Web Process. - Avoid paintin...
Design/Logic Flaw
A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions...
CVE-2018-0001
A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions...
CVE-2018-0001
A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions...
Fedora 24 : webkitgtk4 (2017-37f68e3534)
This update addresses the following vulnerabilities : - CVE-2017-2538 Additional fixes : - Fix web process deadlock when seeking youtube videos. - Fix blob downloads. - Improve theme rendering performance when using GTK+ = 3.20. - Fix positioning of popup menus in Wayland. - Fix JavaScriptCore...