Download
| Alert*
|
oval:org.secpod.oval:def:1700606
A flaw was found in jQuery. HTML containing elements from untrusted sources are passed, even after sanitizing, to one of jQuery"s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity oval:org.secpod.oval:def:505960 Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix: * jquery: Passing HTML containing option elements to manipulation methods could result in untrusted code execution ... oval:org.secpod.oval:def:1505291 [0.10.10-4.0.1] - Replace HAM-logo.png with a generic one [0.10.10-4] - Fixed unfencing in - Resolves: rhbz#bz1991654 [0.10.10-3] - Added add/remove syntax for command - Resolves: rhbz#1992668 [0.10.10-2] - Fixed create resources with depth operation attribute - Resolves: rhbz#1998454 [0.10.10-1] - ... oval:org.secpod.oval:def:4501230 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. The following packages have been upgraded to a later upstream version: pcs . Security Fix: * jquery: Cross-site scripting via HTML tags containing whitespaces * jquery: Untrusted code execution ... oval:org.secpod.oval:def:1505225 bind-dyndb-ldap [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 ipa [4.9.2-3.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] [4.9.2-3] - ipa-client-install displays false message "sudo binary does not ... oval:org.secpod.oval:def:67444 The host is installed with Oracle Database Server 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c or 19c and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle the ORDS issue. Successful exploitation allows unauthorized update, insert or delete access to ... oval:org.secpod.oval:def:4501261 Rocky Enterprise Software Foundation Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix: * jquery: Passing HTML containing elements to manipulation methods could result in u ... oval:org.secpod.oval:def:1504780 [4.6.8-5.0.1] - Blank out header-logo.png product-name.png - Replace login-screen-logo.png [Orabug: 20362818] [4.6.8-5.el7_9.4] - Resolves: #1897253 IPA WebUI inaccessible after upgrading to RHEL 8.3.- idoverride-memberof.js missing - wgi/plugins.py: ignore empty plugin directories - Resolves: #1895 ... oval:org.secpod.oval:def:73615 Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix: * jquery: Passing HTML containing option elements to manipulation methods could result in untrusted code execution ... oval:org.secpod.oval:def:1505087 [3.0.0-7.0.1] - Backport jQuery CVE-2020-11023 fixes from jQuery v3.5.0 to bundled v1.10.2 [Orabug: 33181852] oval:org.secpod.oval:def:506066 Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix: * jquery: Passing HTML containing option elements to manipulation methods could result in untrusted code execution ... oval:org.secpod.oval:def:2500446 AlmaLinux Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. oval:org.secpod.oval:def:2500380 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. oval:org.secpod.oval:def:68019 The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * jquery: Cross-site scripting via cross-domain ajax requests * bootstrap: XSS in the data-target attribute * bootstrap: Cross-site Scripting in the collapse data-parent attribu ... oval:org.secpod.oval:def:604867 Several vulnerabilities were discovered in Drupal, a fully-featured content management framework, which could result in an open redirect or cross-site scripting. oval:org.secpod.oval:def:2106105 Oracle Solaris 11 - ( CVE-2020-11022 ) oval:org.secpod.oval:def:504689 The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * jquery: Cross-site scripting via cross-domain ajax requests * bootstrap: XSS in the data-target attribute * bootstrap: Cross-site Scripting in the collapse data-parent attribu ... oval:org.secpod.oval:def:2500205 The Public Key Infrastructure Core contains fundamental packages required by AlmaLinux Certificate System. oval:org.secpod.oval:def:1505309 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:118705 Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:118704 Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:1505554 [1.10.4.custom-4.0.1] - Backport jQuery CVE-2020-11022 and CVE-2020-11023 fixes to bundled jQuery v1.10.2 [Orabug: 33869588] [1.10.4.custom-4] - removed %%defattr from specfile - removed Group from specfile - removed BuildRoot from specfiles * Tue May 10 2016 Grant Gainey 1.10.4.custom-3 - jquery-ui ... oval:org.secpod.oval:def:64148 Several vulnerabilities were discovered in Drupal, a fully-featured content management framework, which could result in an open redirect or cross-site scripting. oval:org.secpod.oval:def:67433 The host is installed with Oracle Database Server 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c or 19c and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle the ORDS issue. Successful exploitation allows unauthorized update, insert or delete access to ... |
