Monthly Archive: September 2020

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted a JSON request with invalid characters. IBM X-Force ID: 184439. Date published...

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. IBM X-Force ID: 184438. Date published :...

IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link...

An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used...

Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension. Date...

Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Date published : 2020-09-21 https://www.debian.org/security/2021/dsa-4824 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWNBJFBPKYCYSZTS54FHNCRZG6KC2AIJ/

Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Date published : 2020-09-21 https://www.debian.org/security/2021/dsa-4824 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWNBJFBPKYCYSZTS54FHNCRZG6KC2AIJ/

Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension....

Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Date published : 2020-09-21 https://www.debian.org/security/2021/dsa-4824 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWNBJFBPKYCYSZTS54FHNCRZG6KC2AIJ/

Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension....

Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Date published : 2020-09-21 https://www.debian.org/security/2021/dsa-4824 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWNBJFBPKYCYSZTS54FHNCRZG6KC2AIJ/

Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering. Date published...

Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields...

Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions...