CVE-2024-29234

creationtimestamp| type| source ---|---|--- 2025-08-01 05:46:45+00:00| seen| Telegram/CMZMNGfc6D4FUj9T7bb8i5XtWvl0M64F8r-7LHAnQzsQtw...

CVE-2024-29234

Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct...

CVE-2022-29234

BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4.1, an attacker could send messages to a locked chat within a grace period of 5s any lock setting in the meeting was changed. The attacker needs to be a participant in the meeting...

CVE-2023-29234

A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue...

Exploit for Deserialization of Untrusted Data in Apache Dubbo

Apache ActiveMQ远程命令执行漏洞 影响版本: 5.18.0=Apache ActiveMQ5.18.3, 5.17.0=Apache ActiveMQ5.17.6, 5.16.0=Apache ActiveMQ5.16.7, 5.15.0=Apache ActiveMQ5.15.15 利用方式: 利用ActiveMQ的反序列化漏洞,可以执行任意命令 漏洞回显复现: 漏洞脚本: https://github.com/Fw-fW-fw/activemqThrowable, https://github.com/sincere9/Apache-ActiveMQ-RCE Apach...

CVE-2024-29234

Synology Surveillance Station's Group.Save webapi is affected by an SQL Injection in versions prior to 9.2.0-11289 and 9.2.0-9289. An authenticated remote attacker could read non-sensitive data and trigger limited DoS via unspecified vectors. Root cause: improper neutralization of special element...

CVE-2024-29234

Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct...

CVE-2024-29234

Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct...

cc.uncarbon.framework:helio-starter-dubbo (>=1.7.0 <=1.11.1), io.basc.framework:dubbo (>=1.8.0 <=1.8.1) +15 more potentially affected by CVE-2023-29234 via org.apache.dubbo:dubbo (>=3.1.0 <=3.1.10)

org.apache.dubbo:dubbo MAVEN version =3.1.0, =1.7.0, =1.8.0, =0.0.1.RC1, =0.0.1.RC1, =2022.10, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =2.5.1, =1.0.7, =1.0.15.1 and more Source cves: CVE-2023-29234 Source advisory: OSV:GHSA-6X49-W35H-WQRJ...

cc.uncarbon.framework:helio-starter-dubbo (>=2.0.0 <=2.2.0), cn.dev33:sa-token-dubbo3 (>=1.35.0.RC <=1.45.0) +52 more potentially affected by CVE-2023-29234 via org.apache.dubbo:dubbo (>=3.2.0 <=3.2.4)

org.apache.dubbo:dubbo MAVEN version =3.2.0, =2.0.0, =1.35.0.RC, =2023.0.0.0, =2023.0.0.0-beta2, =4.0.5, =4.0.5, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =3.0.2, =3.0.6 - com.mobaijun:loadbalancer-spring-boot-starter =3.0.2 - com.mobaijun:test-spring-boot-starter-example =3.0.3 -...

CVE-2023-29234

A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue...

CVE-2023-29234 Bypass serialize checks in Apache Dubbo

A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue...

CVE-2023-29234

CVE-2023-29234 describes a deserialization vulnerability in Apache Dubbo. Affected versions are 3.1.0–3.1.10 and 3.2.0–3.2.4, where decoding a malicious package can lead to arbitrary code execution. Root cause: unsafe deserialization in the Dubbo framework. Impact: high with potential remote code...

CVE-2022-29234

creationtimestamp| type| source ---|---|--- 2022-06-02 07:25:12+00:00| seen| https://t.me/cibsecurity/43633...

CVE-2022-29234

BigBlueButton vulnerability CVE-2022-29234 allows a participant to send messages to a locked chat within a 5-second grace period after the lock settings take effect. Affected versions include 2.2 through 2.3.17 and 2.4.0. The issue is mitigated by patches in version 2.3.18 and 2.4.1, which close ...

CVE-2022-29234 Grace period for lock settings in public/private chats in BigBlueButton

BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4.1, an attacker could send messages to a locked chat within a grace period of 5s any lock setting in the meeting was changed. The attacker needs to be a participant in the meeting...