28 matches found
Introspect 注入漏洞
Introspect is an open source application from Defog.ai. An injection vulnerability exists in Introspect 0.1.4 and earlier versions, which stems from code injection due to misbehavior of the parameter inputmodel in the file introspect/backend/integrationroutes.py...
CVE-2024-0440
Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files...
[SECURITY] Fedora 40 Update: gammaray-3.0.0-6.fc40
A tool to poke around in a Qt-application and also to manipulate the application to some extent. It uses various DLL injection techniques to hook into an application at run-time and provide access to a lot of interesting information. GammaRay can introspect Qt 6 and Qt 5 applications...
HPESBNW04285 rev.4 - Aruba Products, Remote Denial of Service (DoS)
Potential Security Impact: Remote: Denial of Service DoS SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. Aruba AirWave Management Platform 8.2.14.0 and below Aruba Fabric Composer 6.2.0 and below Aruba ClearPass Policy Manager 6.10.4 and below, 6.9.10 and below, 6.8.9 without Hotf...
HPESBNW04216 rev.3 - HPE Aruba Silver Peak Orchestrator and Aruba IntroSpect, Apache Log4j Library Remote Arbitrary Code Execution, Remote Code Execution, and Remote Denial of Service
Potential Security Impact: Remote: Arbitrary Code Execution, Code Execution, Denial of Service DoS SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. Silver Peak Orchestrator - All customer managed Orchestrator and legacy GMS products are affected by these vulnerabilities Aruba...
tomcat: security manager bypass via IntrospectHelper utility function
It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications...
tomcat: security manager bypass via IntrospectHelper utility function
It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications...
java-1_7_0-openjdk: update to 2.3.6 (critical)
java-170-openjdk was updated to icedtea-2.3.6 bnc803379 containing various security and bugfixes: Security fixes - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at constructi...