11 matches found
CVE-2020-11023
The connected Astra Linux bulletin confirms CVE-2020-11023: in jQuery versions >= 1.0.3 and < 3.5.0, passing HTML containing elements from untrusted sources to DOM manipulation methods (e.g., .html(), .append()) may lead to untrusted code execution. Patch released in jQuery 3.5.0. Remediat...
CVE-2019-11358
CVE-2019-11358 is a prototype pollution vulnerability in jQuery (before 3.4.0) where mishandling of extend(true, {}, ...) can extend Object.prototype if an unsanitized source object has an enumerable proto property. The Core issue is triggered when a polluted prototype is introduced via nested ob...
CVE-2019-10247
CVE-2019-10247 affects Eclipse Jetty when configured to list contexts in 404 responses. Jetty versions 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older disclose the fully qualified directory base resource location in the HTML output of a not-found Context, via the DefaultHandler...
CVE-2016-8610
CVE-2016-8610 is a denial-of-service flaw in OpenSSL affecting TLS/SSL alert packet processing during handshakes. The issue exists in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0, enabling a remote attacker to cause high CPU usage and denial of service by sending many alert messages. Con...
CVE-2019-10246
CVE-2019-10246 is described in connected IBM security bulletins as an Eclipse Jetty vulnerability where a server configured to Listing directory contents could expose the fully-qualified Base Resource directory name to remote clients, potentially revealing sensitive information. IBM Cognos Analyt...
CVE-2018-11058
CVE-2018-11058 affects RSA BSAFE Micro Edition Suite (4.0.x before 4.0.11; 4.1.x before 4.1.6) and RSA BSAFE Crypto-C Micro Edition (4.0.x before 4.0.5.3). The issue is a buffer over-read when parsing ASN.1 data, exploitable by remotely crafted ASN.1 input. Connected Nessus entries (e.g., Oracle ...
CVE-2018-11055
RSA BSAFE Micro Edition Suite (MES) contains an Improper Clearing of Heap Memory Before Release vulnerability in MES versions 4.0.x before 4.0.11 and 4.1.x before 4.1.6.1. Decoded PKCS#12 data in heap memory is not zeroized before memory release, enabling a local attacker to access previously dec...
CVE-2018-15769
CVE-2018-15769 affects RSA BSAFE Micro Edition Suite: versions before 4.0.11 (4.0.x) and before 4.1.6.2 (4.1.x). The issue is a key management flaw that can allow a TLS server using Ephemeral/Anonymous Diffie-Hellman (DHE/ADH) ciphers to cause a Denial-of-Service on TLS clients during the handsha...
CVE-2018-11056
The CVE describes a DoS risk in Dell EMC RSA BSAFE Micro Edition Suite (MES) before 4.1.6.1 (4.1.x line) and RSA BSAFE Crypto-C Micro Edition before 4.0.5.3 (4.0.x line). The vulnerability is an Uncontrolled Resource Consumption (Resource Exhaustion) when parsing ASN.1 data, allowing a remote att...
CVE-2018-11054
CVE-2018-11054 affects RSA BSAFE Micro Edition Suite (MES) 4.1.6. An integer overflow vulnerability exists in the MES ASN.1 processing, allowing a remote attacker to trigger a Denial of Service by sending maliciously constructed ASN.1 data. The provided documents confirm the vulnerability details...
CVE-2018-11057
CVE-2018-11057 affects Dell EMC RSA BSAFE Micro Edition Suite (MES) versions before 4.0.11 (in 4.0.x) and before 4.1.6.1 (in 4.1.x). The vulnerability is a covert timing channel during RSA decryption, i.e., Bleichenbacher-style timing leakage, enabling a remote attacker to recover an RSA key. The...