native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

CVE-2011-2729: Apache Tomcat® - Apache Tomcat 7 vulnerabilities

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

**Welcome on my page!**  
  
**What are you looking for?****Check my latest research.****Oracle Critical Patch Update Advisory - January 2019 - Security-In-Depth**  
**macOS Mojave 10.14 Carbon Core - Arbitrary code execurtion**  
**Apple iOS/tvOS/watchOS Remote memory corruption through certificate**  
**Apple macOS 10.12.1 and others SecureTransport SSL handshake OCSP MiTM and DoS**  
**Apple macOS 10.11/10/.12 Antyvirus bypass (0-day)**  
**GNU glibc catopen() Multiple unbounded stack allocations**  
**Magento CMS Multiple Man-In The Middle**  
**Projects:****CXSECURITY.COM - Open Bugtraq****(WLB2) _World Laboratory of Bugtraq_** is a huge collection of information on data communications safety. Its main objective is to inform about errors in various applications. The WLB tolerance does not exclude information on errors in a configuration or other entries of this kind of dangerous operations character. One of the basic foundations of "World Laboratory of Bugtraq" is interaction with users. Each safety note, can be reported, and then verified by the **CXSecurity**. 

     

**CIFREX.ORG - Tool for static code analysis****cIFrex** is a web application written in PHP,Python,C++, which supports search for vulnerabilities in the analysis of the source code. Using the database of filters based on regular expressions, you can quickly locating the code, in which the probability of failure is high. You will just need to have the source code on a computer with the access to cIFrex in order to be able to fully benefit from the possibilities of the new methodology.  
**Contact:****Email: submit@cxsec.org****

Use this GPG key to encrypt message

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBEyV/94BEAC40SpLGJC5QZyQcACeCWrVn7OHq+paHvO6j4SMLXzFqG/AmGpg
s76yvKJWUpaGetImw8VXYk06Gd5SlmMeZDi9zfzdEw4UXp81qkyWYOa6OEKlg1UJ
AHXdOTctF5x2yfZGtwU+BhtN6xmaJXQl7ZeQrH95RNPU+fDO+k7p0N9qztPzXCVZ
SREHcodD51CwbyLo1PM25XcC3vlvhVQFY36KCxoO5/BkUUIDoqAv9MaiPNBPM1Wm
4rv//Wz8un45geR+7cqEI5R7YxlqslV/RdhCsgeVF+s1eP+DB/pv2f/HWm7UuiQg
p6tU3X3dlbFzpeApm6TcTXrtttMPE8/w8sStSDNEsrI4uKG5v++vpOAu6mQj1u6i
5QPpgOECy0QdhXPSHlwOG6p1Yh5Tt+JcgqfDZ7LY4BGd2hkzKG6+kfi1328ndF3Q
vlWN1VK6uaRfC11obRHSba2xyLWnAroJjoLY9GEOt1rWeg+r7N8sQGCjQ/HObllx
FJ8W9OTL9Pr/khOdkQR57pRqUfILYeSbAs7ycYwxZe0aYtZgZYuKyZNmy9AsBKiD
6aYXMNITM/ioTt0FKvsshe7tyQq6m4leSo99sKajWnN0viO3r8UXlC6ZL+K2uuT4
pbAmYizfA7OGk5IiPduwgtiNCMegc3CED5xRayb5QXoxXmltUctmjb6zhQARAQAB
tCtNYWtzeW1pbGlhbiBBcmNpZW1vd2ljeiAoY3gpIDxtYXhAY3hpYi5uZXQ+iQI4
BBMBAgAiBQJMlf/eAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCDvPnc
1uW1MKq4D/99Rl6589i6dJnKyRWUxUVhEIIh3/Yl20oGCO40WHNRKtxhs+E07Ksc
3kEfoFHxaHxdb6AJPq5Y1b4xshvT9UnL4JHXEdl6uH56lgVOthgYgSZ5GmncweLW
HeXon5p2TbihL7NI8Qpotj5jC1v+toEzaDEpqHNVN1K26KVan2li9kDDbd6N9/5B
FEr4gAVwfmrHooh34NBqZZWL+ZXVeqLbUZ0+R8kOIgFOm1Za6MA2lGryAwpPk6qm
hURZ8ATkXM9Dwz02Y9h2mX//cb8VTRfFuuDgP7A5Xg1jJTCa41Z5uZTCzAOigCL1
XxG/YNX62fj5ZaIgXyrZ45OWVOTwdFFt//KQ4bixdv1JfwQGaID73ND77Q2GkpVQ
tuQAMNzi7sVpw4KO0NbuwptvxbMtJbJbMRLV7AMJIUcZ1syoEz3IGPc7DWe/4SIA
jHmXaHU7qw0jC5YqnuwdZwLmBzOp53+NoOYW2uRc38r4y6NZOaWjDzLlcr/vgNzJ
DTW52aXopAcw7cjUKLKfvBEO9nDSxN8aQPSpyigrTRzZ+wZZwhqycLfqEfLt0V9u
LFj+SWAkWRARkQPd/3+uLHIZmiQ5nEoTfxhhjLZiaWGXLndXEbcmQxnaaAgxvO0f
XEK48Eesh+AEKAzwKlC2L2zkvvWwVwoSBpOFnCWPgOP5X9sJSZHsGLkCDQRMlf/e
ARAAwL2uc54tTvkqDGt4yePJzwrev9aI+SsNEkD2niDE+IanQ8tJvcxa2MqgRU3j
qcgYbFHr5YLzQG+fW4hkCSkKyPhew+63TjfPJjhLjo7dqebW+zcXFgmcCvbv0+An
yxQacfsF+3Lbv+NBEYtSh3TiP/DKdcw/kfaOyQepbvfV162tTGwkTdcoVDkF69uX
Glmc4n3XhWd6cVy0XpzZARDfqKw/MQVvTvD3Lpr+NbjxksMGe8pcpWGBA1+J4rOE
zbCL4AQ841qblFliouBnJkaczdTEJVaXtG2iBTiBSdl6WrMKbR0lQAlKQTXe+kGb
ZCnXiV4LBfPVt9UKXQHN2+kgKhM3+b6steM8TsmMF5OUshsqY0q0aqfgW8goqZ+N
auQb2yYTTWYrvFB2zcmXXmtK2S7rMyQiGcLxUwTI97zUzM0HlCpx0i9IxZladCrp
t4X4jGTHAnxkTU0qmvCapXZmFRYSVH73rsq1PiV8IlTLOzpdju962Hg7Vx9fj0Nx
DPwdnkZi/y020ZTkkFDQknyNxMKIpjKiNJ72whcuve1TnpQt1bIxVkvWjKHRAdNy
A3hGn6TLRjYXnrtQCcD0HtBI3d7uuMpBAc50yaZsXks/wLL8vIjE/OnLvFqZJ/oL
dBpX6TDjmE+lfpgWExKQRSvM3z6QVXGj0OqRd3iwut34TvUAEQEAAYkCHwQYAQIA
CQUCTJX/3gIbDAAKCRCDvPnc1uW1ML2HD/9RHsfVMEYFPUYkUP/FoOVlzth6ijcz
AqFPVDdAd3J2UFfCYKkqMXq+LenNU9KREI6xJrktDVfL+R1sWHNwhx8vYDAQWZ62
VvKG36ZqgbSzYAxaBZA5HWNK3F4KzsTT7pzRNBU52ZsVMsHWA42nmxNlasHMRDZA
hSrkLPyIMtoL5lzZ2ELSQEezcpIqH1vGAicT2+tZeCLAHZTMpeKAZIuWjMEoQtXH
hE2syCv/K5lTDvjSGAPCi4By97WgecA/SWqdO6FH5vleLwj3PJBjF2iyPBgFDBD4
pLpp1P/xFDU/M7Rl0mcJH1nM82i1JKmohqTYJHeu7Kb3vY4C3NEwghVzsWhCLe1a
nIhh/qkPOGBghygI1cUVP8fo4nspqApvXtN2qdT6jy/PKMkqob66vusNY759kRVs
hpA0P8gTZ2jFm4VCrccBvR+yRrSZtFR0fphrwGoFwhHd2fTXtJo6JYhQOFUMg7m4
kBOeEUjmDoJFrxZycWowLLU9ao7jB+1qUCt9EsT6oA442CJcAP5kohHN+xzSiXhV
6uRII8B4I+c0Oyw4ld5VKVlk1nueVifZYFPKDJ07t48d8dGtUbGqNO93Mxy3YHfl
QvjN8M7Oov7LZ5kue6aL1IeWJxEfko/nZFaCfXqqIGwxspDWRwGuGDnKkqPGJR0t
fjZe+G0TJgIG+Q==
=9W/9
-----END PGP PUBLIC KEY BLOCK-----

Copyright **2022**, cxib.net**

CVE-2011-0419: All about me - Maksymilian Arciemowicz

Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 and 9.2 MP1 has unknown impact and local attack vectors.

Image

Featured Details

**Multiple ways to consume Secunia Research**

Secunia delivers software security research that provides reliable, curated and actionable vulnerability intelligence. Organizations can expect to receive standardized, validated and enriched vulnerability research on a specific version of a software product. Secunia Research supports four solutions:

SVG

**Data Platform**

Data Platform leverages Secunia Research to provide high-level insights based on major or minor versions of software in your normalized inventory

Learn More

SVG

**Flexera One**

Flexera One utilizes Secunia Research (alongside public NVD data) to provide more granular matching of build-level versions of software in your normalized inventory within its IT Asset Management and IT Visibility solutions

Learn More

How it works

**Accurate, reliable vulnerability insights at your fingertips**

The Secunia Research team from Flexera is comprised of several security specialists who conduct vulnerability research in various products in addition to testing, verifying and validating public vulnerability reports. Since its inception in 2002, the goal of the Secunia Research team is to provide the most accurate and reliable source of vulnerability intelligence.

Delivering the world’s best vulnerability intelligence requires skill and passion. Team members continually develop their skills exploring various high-profile closed and open-source software using a variety of approaches, focusing chiefly on thorough code audits and binary analysis. The team has received industry recognition, including naming members to Microsoft’s Most Valuable Security Researchers list.

Secunia researchers discover hard-to-find vulnerabilities that aren’t normally identified with techniques such as fuzzing, and the results have been impressive. Members of the Secunia Research team have discovered critical vulnerabilities in products from vendors including Microsoft, Symantec, IBM, Adobe, RealNetworks, Trend Micro, HP, Blue Coat, Samba, CA, Mozilla and Apple.

The team produces invaluable security advisories based on research of the vulnerabilities affecting any given software update. Sometimes a single update can address multiple vulnerabilities of varying criticalities and threats; but these advisories aggregate and distill findings down to a single advisory perfect for the prioritization of patching efforts within Software Vulnerability Manager. Criticality scores are consistently applied along with details around attack vector and other valuable details within Software Vulnerability Research. Illegitimate vulnerability reports are also investigated and rejected so you can focus only on what truly matters.

Informing IT, Transforming IT

**Industry insights to help keep you informed**

Tag

#oracle