RHEL 7 : java-11-openjdk (RHSA-2022:0204)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0204 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixe...

CLSA-2021-1639681874 Fix CVE(s): CVE-2021-3984, CVE-2021-3973, CVE-2021-3974, CVE-2021-4019, CVE-2021-4069

SECURITY UPDATE: Using freed memory with regexp using a mark - debian/patches/CVE-2021-3974.patch: Get the line again after getting the mark position - CVE-2021-3974 SECURITY UPDATE: Illegal memory access when C-indenting - debian/patches/CVE-2021-3984.patch: Also set the cursor column -...

Mozilla: Use-after-free in accessibility features of a document

A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug could only be triggered when accessibility was enabled.. This vulnerability affects Thunderbird 78.12, Firefox ESR 78.12, and Firefox 90...

OESA-2021-1020 squid security update

Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests.\r\n\r\n Security Fixes:\r\n\r\n An issue was discovered in Squid through 4.7. When handling the tag...

PT-2020-17080 · Wikimedia +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35 Description: The issue allows for XSS via a qbfind message supplied by an administrator in the CologneBlue skin. This can be exploited when an administrator supplies a malicious qbfind message. Recommendations:...

SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2020:2143-1)

This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.8+10 July 2020 CPU, bsc1174157 - Security fixes : + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming +...

squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow

A flaw was found in Squid through version 4.7. When handling the tag esi:when, when ESI is enabled, Squid calls the ESIExpression::Evaluate function which uses a fixed stack buffer to hold the expression. While processing the expression, there is no check to ensure that the stack won't overflow...

squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow

A flaw was found in Squid through version 4.7. When handling the tag esi:when, when ESI is enabled, Squid calls the ESIExpression::Evaluate function which uses a fixed stack buffer to hold the expression. While processing the expression, there is no check to ensure that the stack won't overflow...

ALPINE-CVE-2019-12519

An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the...

PT-2019-16996 · Ibm · Ibm Api Connect

Name of the Vulnerable Software and Affected Versions: IBM API Connect versions 5.0.0.0 through 5.0.8.6 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For versio...

ALPINE-CVE-2016-1585

In all versions of AppArmor mount rules are accidentally widened when compiled...

The vulnerability of the Vijeo Designer Lite software lies in its insufficient control over memory boundaries, allowing a malicious actor to cause system failures in the application.

The vulnerability of the Vijeo Designer Lite software is related to insufficient control over memory boundaries during operation. Exploiting this vulnerability can allow an attacker to cause a malfunction of the application upon opening a DOP project file...

ResourceSpace 8.6 - 'collection_edit.php' SQL Injection

Exploit Title: ResourceSpace &redirect=yes&ref=3620&submitted=true&name=PWNED&keywords=&copy=&save=%C2%A0%C2%A0Save%C2%A0%C2%A0'...

when-release.com XSS vulnerability

Open Bug Bounty ID: OBB-708148 Description| Value ---|--- Affected Website:| when-release.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...

when-release.ru XSS vulnerability

Open Bug Bounty ID: OBB-649479 Description| Value ---|--- Affected Website:| when-release.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

when-release.com XSS vulnerability

Open Bug Bounty ID: OBB-649315 Description| Value ---|--- Affected Website:| when-release.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

when-release.com XSS vulnerability

Open Bug Bounty ID: OBB-570968 Description| Value ---|--- Affected Website:| when-release.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

when-release.ru XSS vulnerability

Open Bug Bounty ID: OBB-488314 Description| Value ---|--- Affected Website:| when-release.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

when-release.com XSS vulnerability

Open Bug Bounty ID: OBB-477877 Description| Value ---|--- Affected Website:| when-release.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure...

postgresql: CASE/WHEN with inlining can cause untrusted pointer dereference

A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code...