|
2021-04-02
|
CVE-2021-1765
|
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.
|
Mac_os_x, Macos, Fedora
|
6.5
|
|
|
|
2020-04-29
|
CVE-2020-11023
|
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
|
Debian_linux, Drupal, Fedora, Jquery, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Oncommand_insight, Oncommand_system_manager, Snap_creator_framework, Snapcenter_server, Backports_sle, Leap, Application_express, Application_testing_suite, Banking_enterprise_collections, Banking_platform, Communications_analytics, Communications_element_manager, Communications_interactive_session_recorder, Communications_operations_monitor, Communications_session_report_manager, Communications_session_route_manager, Financial_services_regulatory_reporting_for_de_nederlandsche_bank, Healthcare_translational_research, Hyperion_financial_reporting, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_human_capital_management_resources, Primavera_gateway, Rest_data_services, Siebel_mobile, Storagetek_tape_analytics_sw_tool, Webcenter_sites, Weblogic_server
|
6.1
|
|
|
|
2020-04-29
|
CVE-2020-11022
|
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
|
Debian_linux, Drupal, Fedora, Jquery, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Oncommand_insight, Oncommand_system_manager, Snap_creator_framework, Snapcenter, Backports_sle, Leap, Agile_product_supplier_collaboration_for_process, Application_testing_suite, Banking_digital_experience, Communications_application_session_controller, Communications_billing_and_revenue_management, Communications_diameter_signaling_router_idih\:, Communications_webrtc_session_controller, Enterprise_manager_ops_center, Enterprise_session_border_controller, Financial_services_analytical_applications_infrastructure, Financial_services_analytical_applications_reconciliation_framework, Financial_services_asset_liability_management, Financial_services_balance_sheet_planning, Financial_services_basel_regulatory_capital_basic, Financial_services_basel_regulatory_capital_internal_ratings_based_approach, Financial_services_data_foundation, Financial_services_data_governance_for_us_regulatory_reporting, Financial_services_data_integration_hub, Financial_services_funds_transfer_pricing, Financial_services_hedge_management_and_ifrs_valuations, Financial_services_institutional_performance_analytics, Financial_services_liquidity_risk_management, Financial_services_liquidity_risk_measurement_and_management, Financial_services_loan_loss_forecasting_and_provisioning, Financial_services_market_risk_measurement_and_management, Financial_services_price_creation_and_discovery, Financial_services_profitability_management, Financial_services_regulatory_reporting_for_european_banking_authority, Financial_services_regulatory_reporting_for_us_federal_reserve, Healthcare_foundation, Hospitality_materials_control, Hospitality_simphony, Insurance_accounting_analyzer, Insurance_allocation_manager_for_enterprise_profitability, Insurance_data_foundation, Insurance_insbridge_rating_and_underwriting, Jdeveloper, Peoplesoft_enterprise_peopletools, Policy_automation, Policy_automation_connector_for_siebel, Policy_automation_for_mobile_devices, Retail_back_office, Retail_customer_management_and_segmentation_foundation, Retail_returns_management, Siebel_ui_framework, Weblogic_server
|
6.1
|
|
|
|
2021-04-08
|
CVE-2021-29154
|
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
|
Fedora, Linux_kernel
|
7.8
|
|
|
|
2021-03-25
|
CVE-2021-3450
|
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten....
|
Fedora, Freebsd, Cloud_volumes_ontap_mediator, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Santricity_smi\-S_provider_firmware, Storagegrid, Storagegrid_firmware, Openssl, Nessus, Nessus_agent, Linux
|
7.4
|
|
|
|
2021-03-19
|
CVE-2021-28834
|
Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
|
Fedora, Kramdown
|
9.8
|
|
|
|
2021-04-02
|
CVE-2021-1801
|
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy.
|
Ipad_os, Iphone_os, Macos, Tvos, Watchos, Fedora
|
6.5
|
|
|
|
2021-04-02
|
CVE-2021-1799
|
A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers.
|
Ipad_os, Iphone_os, Macos, Safari, Tvos, Watchos, Fedora
|
6.5
|
|
|
|
2019-02-11
|
CVE-2019-5736
|
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling,...
|
Mesos, Ubuntu_linux, Dc\/os, Kubernetes_engine, Docker, Fedora, Kubernetes_engine, Onesphere, Lxc, Runc, Service_management_automation, Hci_management_node, Solidfire, Backports_sle, Leap, Container_development_kit, Enterprise_linux, Enterprise_linux_server, Openshift
|
8.6
|
|
|
|
2019-09-09
|
CVE-2019-16168
|
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
|
Ubuntu_linux, Debian_linux, Fedora, Active_iq_unified_manager, E\-Series_santricity_os_controller, Oncommand_insight, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Santricity_unified_manager, Steelstore_cloud_integrated_storage, Communications_design_studio, Jdk, Jre, Mysql, Outside_in_technology, Solaris, Zfs_storage_appliance, Sqlite, Nessus_agent
|
6.5
|
|
|