Lucene search
K

92 matches found

OSV
OSV
added 2023/03/30 12:30 p.m.14 views

GHSA-34M5-796P-MJCP Apache UIMA DUCC allows remote code execution

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache UIMA DUCC. When using the "Distributed UIMA Cluster Computing" DUCC module of Apache UIMA, an authenticated user that has the permissions ...

8.8CVSS8.8AI score0.02957EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/03/30 12:30 p.m.15 views

Apache UIMA DUCC allows remote code execution

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache UIMA DUCC. When using the "Distributed UIMA Cluster Computing" DUCC module of Apache UIMA, an authenticated user that has the permissions ...

8.8CVSS8.4AI score0.02957EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/30 12:0 a.m.7 views

PT-2023-22046 · Apache · Apache Uima Ducc

Name of the Vulnerable Software and Affected Versions: Apache UIMA DUCC affected versions not specified Description: The issue is related to an Improper Neutralization of Special Elements used in a Command, also known as a 'Command Injection' vulnerability. When using the Distributed UIMA Cluster...

8.8CVSS6.9AI score0.02957EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/03/30 12:0 a.m.6 views

Apache UIMA DUCC 命令注入漏洞

Apache UIMA DUCC is a cluster management system from the Apache Apache Foundation in the United States. The system provides tools, management and scheduling tools. Apache UIMA DUCC suffers from a command injection vulnerability that arises from improper neutralization of specific elements used wh...

8.8CVSS7.6AI score0.02957EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2023/02/06 3:30 a.m.77 views

USN-5816-2: Firefox regressions

USN-5816-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security openin...

8.2AI score
Exploits0References1
OSV
OSV
added 2023/01/23 6:29 a.m.10 views

USN-5816-1 firefox vulnerabilities

Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. CVE-2023-23597 Tom...

8.8CVSS7.1AI score0.00702EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2023/01/23 12:0 a.m.44 views

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5816-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5816-1 advisory. Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new...

8.8CVSS8.2AI score0.00702EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2023/01/18 12:0 a.m.31 views

CVE-2023-23597

A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefo...

6.5CVSS6.9AI score0.0034EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/07/20 12:0 a.m.77 views

Fedora 31 : webkit2gtk3 (2020-d2736ee493)

Update to 2.28.3 : - Fix kinetic scrolling with async scrolling. - Fix web process hangs on large GitHub pages. - Bubblewrap sandbox should not attempt to bind empty paths. - Fix threading issues in the media player. - Fix several crashes and rendering issues. - Security fixes: CVE-2020-9802,...

10CVSS6.8AI score0.77246EPSS
Exploits5References9
Tenable Nessus
Tenable Nessus
added 2020/07/14 12:0 a.m.67 views

Fedora 32 : webkit2gtk3 (2020-ab074c6cdf)

Update to 2.28.3 : - Fix kinetic scrolling with async scrolling. - Fix web process hangs on large GitHub pages. - Bubblewrap sandbox should not attempt to bind empty paths. - Fix threading issues in the media player. - Fix several crashes and rendering issues. - Security fixes: CVE-2020-9802,...

10CVSS6.8AI score0.77246EPSS
Exploits5References9
Tenable Nessus
Tenable Nessus
added 2020/04/29 12:0 a.m.52 views

SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2020:1135-1)

This update for webkit2gtk3 to version 2.28.1 fixes the following issues : Security issues fixed : CVE-2020-10018: Fixed a denial of service because the mdeferredFocusedNodeChange data structure was mishandled bsc1165528. CVE-2020-11793: Fixed a potential arbitrary code execution caused by a...

9.8CVSS7.8AI score0.09621EPSS
Exploits2References68
Tenable Nessus
Tenable Nessus
added 2020/02/26 12:0 a.m.221 views

SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:0468-1)

This update for webkit2gtk3 to version 2.26.4 fixes the following issues : Security issues fixed : CVE-2019-8835: Fixed multiple memory corruption issues bsc1161719. CVE-2019-8844: Fixed multiple memory corruption issues bsc1161719. CVE-2019-8846: Fixed a use-after-free issue bsc1161719...

9.3CVSS7.8AI score0.02655EPSS
Exploits0References20
OSV
OSV
added 2020/02/25 11:2 a.m.7 views

SUSE-SU-2020:0468-1 Security update for webkit2gtk3

This update for webkit2gtk3 to version 2.26.4 fixes the following issues: Security issues fixed: - CVE-2019-8835: Fixed multiple memory corruption issues bsc1161719. - CVE-2019-8844: Fixed multiple memory corruption issues bsc1161719. - CVE-2019-8846: Fixed a use-after-free issue bsc1161719. -...

9.3CVSS8.1AI score0.02655EPSS
Exploits0References12
CNVD
CNVD
added 2019/12/05 12:0 a.m.1 views

Denial of Service Vulnerability in Eastland Technologies KGW3101 Serial Server

Beijing Eastland Technology Co., Ltd. is a company specializing in industrial Internet technology and industry. A denial of service vulnerability exists in the KGW3101 serial port server of Dongtu Technology, which can be exploited by an attacker to cause the web process of the device to restart...

6.7AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.15 views

Security Bulletin: Cross-Site Scripting vulnerability affects IBM Business Process Manager web Process Designer (CVE-2017-1494)

Summary IBM Business Process Manager web Process Designer is vulnerable to Cross-Site Scripting. Vulnerability Details CVEID: CVE-2017-1494 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the We...

5.4CVSS5.5AI score0.00804EPSS
Exploits0Affected Software3
Tenable Nessus
Tenable Nessus
added 2018/05/23 12:0 a.m.39 views

Fedora 26 : webkitgtk4 (2018-6a9fea1b3a)

This update addresses the following vulnerabilities : - CVE-2018-4200 Additional fixes : - Do TLS error checking on GTlsConnection::accept-certificate to finish the load earlier in case of errors. - Properly close the connection to the nested wayland compositor in the Web Process. - Avoid paintin...

8.8CVSS7.5AI score0.0873EPSS
Exploits4References2
Prion
Prion
added 2018/01/10 10:29 p.m.16 views

Design/Logic Flaw

A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions...

7.5CVSS9.6AI score0.06335EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/01/10 10:29 p.m.3 views

CVE-2018-0001

A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions...

9.8CVSS5.9AI score0.06335EPSS
Exploits0References3
NVD
NVD
added 2018/01/10 10:29 p.m.23 views

CVE-2018-0001

A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions...

9.8CVSS9.8AI score0.06335EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/07/27 12:0 a.m.33 views

Fedora 24 : webkitgtk4 (2017-37f68e3534)

This update addresses the following vulnerabilities : - CVE-2017-2538 Additional fixes : - Fix web process deadlock when seeking youtube videos. - Fix blob downloads. - Improve theme rendering performance when using GTK+ = 3.20. - Fix positioning of popup menus in Wayland. - Fix JavaScriptCore...

8.8CVSS7.7AI score0.01827EPSS
Exploits0References2
Rows per page
Query Builder