19 matches found
CVE-2020-11023
The connected Astra Linux bulletin confirms CVE-2020-11023: in jQuery versions >= 1.0.3 and < 3.5.0, passing HTML containing elements from untrusted sources to DOM manipulation methods (e.g., .html(), .append()) may lead to untrusted code execution. Patch released in jQuery 3.5.0. Remediat...
CVE-2015-9251
CVE-2015-9251 affects jQuery before 3.0.0, enabling XSS when a cross-domain Ajax request omits the dataType option and text/javascript responses are executed. Connected advisories confirm the issue and indicate an upgrade resolves it; remediation is to upgrade jQuery to a fixed version as provide...
CVE-2016-7103
CVE-2016-7103 is a cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0, exploitable via the closeText parameter of the Dialog widget. The issue allows remote script/HTML injection. Remediation per connected documents is to upgrade to jQuery UI 1.12.0 or later (fixed version).
CVE-2019-5482
CVE-2019-5482 is a heap buffer overflow in curl/libcurl’s TFTP handler (tftp_receive_packet) affecting curl versions up to 7.65.3. Public advisories detail that a small TFTP blocksize can trigger overflow, potentially enabling DoS or arbitrary code execution. Public fixes exist across distributio...
CVE-2021-29425
CVE-2021-29425 affects Apache Commons IO up to version 2.6, specifically FileNameUtils.normalize. With inputs such as "//../foo" or "\..\foo", normalization can yield a value that does not escape to higher directories, potentially enabling access to the parent directory if the resulting path is u...
CVE-2019-5436
CVE-2019-5436 affects curl/libcurl with a heap buffer overflow in the TFTP receiving code (tftp_receive_packet). Exploitation can lead to DoS or arbitrary code execution. Upstream fix released in curl 7.65.0; advisories from CentOS, Arch Linux, Debian, and others document the vulnerability and re...
CVE-2019-5481
CVE-2019-5481 is a double-free vulnerability in curl’s FTP-Kerberos code, affecting curl 7.52.0 through 7.65.3. Exploitation involves a malicious FTP server sending a very large data block, which can cause memory corruption leading to a crash or denial of service (DoS). Multiple connected advisor...
CVE-2021-27568
CVE-2021-27568 affects Netplex json-smart-v1 and json-smart-v2 (NumberFormatException uncaught), leading to potential denial of service or exposure of sensitive information when unhandled exceptions occur in the library. Connected IBM advisories confirm the vulnerability in IBM DOORS-related prod...
CVE-2021-30129
CVE-2021-30129 affects Apache Mina SSHD's sshd-core; a crafted request can trigger an OutOfMemory DoS in the SFTP and port forwarding features. Remediation: upgrade to Apache Mina SSHD 2.7.0 (fix documented in the IBM PEM advisory referencing this CVE). If applying via IBM PEM, follow their patch...
CVE-2019-10219
The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...
CVE-2015-3197
OpenSSL CVE-2015-3197 affects the SSLv2 handling in OpenSSL 1.0.1 prior to 1.0.1r and 1.0.2 prior to 1.0.2f, where SSLv2 ciphers marked as disabled could still be negotiated, enabling a MITM through SSLv2 traffic. The issue is tied to the get_client_master_key and get_client_hello paths in ssl/s2...
CVE-2021-2351
CVE-2021-2351 affects Oracle Database Server’s Advanced Networking Option, with affected versions 12.1.0.2, 12.2.0.1, and 19c. The vulnerability allows unauthenticated network access via Oracle Net to compromise the Advanced Networking Option, with access requiring user interaction (UI_R) and ris...
CVE-2019-5443
Technical details about CVE-2019-5443 are not publicly provided in the provided documents. The available information is a high-level summary; monitor for updates.
CVE-2021-41973
CVE-2021-41973 affects Apache MINA, where a specially crafted HTTP request can cause the HTTP Header decoder to loop indefinitely, leading to a denial of service. The root cause is the decoder assuming headers begin at the buffer start and looping if extra data is present. Mitigation: upgrade MIN...
CVE-2022-21405
CVE-2022-21405 affects Oracle OSS Support Tools (component: Oracle Explorer) with affected version 18.3. The vulnerability enables a high-privilege attacker who can log on to the infrastructure running OSS Support Tools to compromise the tooling; exploitation requires user interaction and may imp...
CVE-2021-2303
CVE-2021-2303 affects Oracle OSS Support Tools, component Diagnostic Assistant, with the vulnerable version prior to 2.12.41. The issue allows a high-privilege attacker, over HTTP from the network, to compromise OSS Support Tools and potentially access all data handled by the tools. ZDI also note...
CVE-2018-2616
CVE-2018-2616 affects Oracle OSS Support Tools, specifically the Diagnostic Assistant subcomponent, prior to version 2.11.33. An attacker with network access over HTTP and low privileges can take over OSS Support Tools (impacting Confidentiality, Integrity, Availability). Related connections in t...
CVE-2018-2617
CVE-2018-2617 affects Oracle OSS Support Tools, specifically the Diagnostic Assistant subcomponent of Oracle Support Tools, with versions prior to 2.11.33. The vulnerability allows an unauthenticated, network-accessible attacker to access OSS Support Tools via HTTP, potentially exposing confident...
CVE-2018-2615
Summary of CVE-2018-2615 (Oracle OSS Support Tools – Diagnostic Assistant) Affected product: Oracle OSS Support Tools (Oracle Support Tools) – Diagnostic Assistant subcomponent. Vulnerability: A remote code execution flaw in Diagnostic Assistant present in OSS Support Tools version prior to 2.11....