There is an Assertion ‘context_p->stack_depth == context_p->context_stack_depth’ failed at js-parser-statm.c:2756 in parser_parse_statements in JerryScript 2.2.0. Date published : 2021-06-10 https://github.com/jerryscript-project/jerryscript/issues/3820
There is an Assertion ‘context_p->stack_top_uint8 == LEXER_EXPRESSION_START’ at js-parser-expr.c:3565 in parser_parse_expression in JerryScript 2.2.0. Date published : 2021-06-10 https://github.com/jerryscript-project/jerryscript/issues/3819
There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_match in JerryScript 2.2.0. Date published : 2021-06-10 https://github.com/jerryscript-project/jerryscript/issues/3753
There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_collect_empty in JerryScript 2.2.0. Date published : 2021-06-10 https://github.com/jerryscript-project/jerryscript/issues/3749
There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_ref_ecma_string in JerryScript 2.2.0 Date published : 2021-06-10 https://github.com/jerryscript-project/jerryscript/issues/3748
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service Date published...
Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows Date published : 2021-06-10 https://security.netapp.com/advisory/ntap-20210702-0001/ http://httpd.apache.org/security/vulnerabilities_24.html
The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the ‘offset’ variable before using it as an index into an array for reading. Date published : 2021-06-09 https://github.com/bluez/bluez/issues/70
A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious,...
A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status...
** DISPUTED ** Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are configurable security flags and we are unable to reproduce them with the available information." Date published...
** DISPUTED ** portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that is being queried is authorized...
The Refined GitHub browser extension before 21.6.8 might allow XSS via a link in a document. NOTE: github.com sends Content-Security-Policy headers to, in general, address XSS and other concerns. Date published : 2021-06-09 https://github.com/sindresorhus/refined-github/releases/tag/21.6.8...
In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before 2019.1.5 (11.1.5), 2019.2.x before 2019.2.2 (11.2.2), 2020.x before 2020.0.5 (12.0.5), 2020.1.x before 2020.1.4 (12.1.4), and 2021.x before 2021.0.1 (13.0.1), a SQL injection vulnerability exists in...