#java

Red Hat Security Advisory 2024-3527-03 - Red Hat AMQ Streams 2.7.0 is now available from the Red Hat Customer Portal. Issues addressed include buffer overflow, denial of service, integer overflow, memory leak, and resource exhaustion vulnerabilities.

iMLog versions prior to 1.307 suffer from a persistent cross site scripting vulnerability.

By Daily Contributors Amazon Web Services (AWS) Simple Storage Service (S3) is a foundational pillar of cloud storage, offering scalable object… This is a post from HackRead.com Read the original post: In the jungle of AWS S3 Enumeration

All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert javascript commands by using the url scheme `javascript:`.

Failing to properly validate the HTTP host-header TYPO3 CMS is susceptible to host spoofing. TYPO3 uses the HTTP host-header to generate absolute URLs in several places like 404 handling, http(s) enforcement, password reset links and many more. Since the host header itself is provided by the client it can be forged to any value, even in a name based virtual hosts environment. A blog post describes this problem in great detail.

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user: with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the `title` field. Another could having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be executed the moment another user accesses the image.

ORing IAP-420 version 2.01e suffers from remote command injection and persistent cross site scripting vulnerabilities.

Red Hat Security Advisory 2024-3472-03 - An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections. Issues addressed include a denial of service vulnerability.

Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read vulnerabilities that could lead to the exposure of sensitive contents of arbitrary memory in the application.

Ubuntu Security Notice 6779-2 - USN-6779-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory when audio input connected with multiple consumers. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Thomas Rinsma discovered that Firefox did not properly handle type check when handling fonts in PDF.js. An attacker could potentially exploit this issue to execute arbitrary javascript code in PDF.js. Irvan Kurniawan discovered that Firefox did not properly handle certain font styles when saving a page to PDF. An attacker could potentially exploi...