Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server. Date published : 2020-09-16 https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1851 http://www.openwall.com/lists/oss-security/2020/09/16/3
Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server. Date published : 2020-09-16 https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1813 http://www.openwall.com/lists/oss-security/2020/09/16/3
A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions. It is caused by inadequate filtering on the link custom attributes. Date published...
A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated...
The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400. Date published : 2020-09-16 https://bugzilla.redhat.com/show_bug.cgi?id=1793970
A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their...
An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap. Date published : 2020-09-16 https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01
This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is...
Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts external connections,...
CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging...
CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields. Date published : 2020-09-16 https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01
Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities. Date...
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of...
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability. Date published : 2020-09-16...