133 matches found
GHSA-8QV5-68G4-248J vulnerabilities
Vulnerabilities for packages: spark-scala-2.13...
GHSA-8QV5-68G4-248J Scala subject to file deletion, code execution due to Java deserialization chain with LazyList object deserialization
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with LazyList object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make netwo...
CVE-2022-36944
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network...
CVE-2022-36944 vulnerabilities
Vulnerabilities for packages: spark-fips...
Deserialization of untrusted data
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network...
CVE-2022-36944
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network...
CVE-2022-36944
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network...
CVE-2022-36944
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1573 more potentially affected by CVE-2018-1000406 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.13)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2018-1000406 Source advisory: OSV:GHSA-3PR8-RF62-G893...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1573 more potentially affected by CVE-2018-1000862 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.13)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2018-1000862 Source advisory: OSV:GHSA-HPH9-9VCQ-F7GP...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1573 more potentially affected by CVE-2018-1000409 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.13)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2018-1000409 Source advisory: OSV:GHSA-RR6R-P7RW-369C...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1573 more potentially affected by CVE-2018-1000864 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.13)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2018-1000864 Source advisory: OSV:GHSA-9CJV-93G7-C6MV...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1573 more potentially affected by CVE-2018-1000861 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.13)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2018-1000861 Source advisory: OSV:GHSA-HHPM-5CP2-HG4X...
Mageia: Security Advisory (MGASA-2019-0326)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ch.j3t:zio-prefetcher_2.13 (=0.8.0-RC6), com.47deg:energy-monitor-persistence-app_2.13 (=0.2.0) +98 more potentially affected by CVE-2021-39185 via org.http4s:http4s-server_2.13 (>=0.23.0 <=0.23.19)
org.http4s:http4s-server2.13 MAVEN version =0.23.0, =0.0.1, =0.12.1, =0.2.0, =0.1.0, =0.20.2, =1.1.1, =0.0.1, =1.2.2, =1.2.2, =1.2.2, =1.4.10 and more Source cves: CVE-2021-39185 Source advisory: OSV:GHSA-52CF-226F-RHR6...
PYSEC-2021-103
Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When the % includeblock % template tag is used to output the value of a plain-text StreamField block...
Updated cpio packages fix security vulnerabilities
in cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive CVE-2015-1197. Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to privilege...
PT-2019-4757 · Gnu +7 · Cpio +7
Name of the Vulnerable Software and Affected Versions: cpio versions prior to 2.13 Description: The issue is related to the improper validation of input files when generating TAR archives. This can lead to the creation of archives containing files with permissions or in paths that the attacker di...
CVE-2018-20850
Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server...
UserPro <= 4.9.23 - Unauthenticated Cross-Site Scripting (XSS)
An XSS vulnerability that affects from version 2.13 to 4.9.23. PoC POST /wp-admin/admin-ajax.php Host: domain.com action=userproshortcodetemplate=userpro id=1 layout="float" collageperpage="20" emdpaginatetop="1" emdpaginate="1" emdgender="Gender,radi...