CVE-2018-1320

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...

Man-in-the-Middle (MitM)

spring-rabbit is vulnerable to man-in-the-middle attacks. The Spring RabbitMQ Java client does not perform SSL hostname validation and accepts SSL certificates as long as they are trusted. This allows attackers to perform man-in-the-middle attacks between the RabbitMQ Java client and server...

Remote code execution

The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks...

CVE-2016-0750

The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks...

CVE-2016-0750

The CVE-2016-0750 issue affects the Infinispan project’s hotrod Java client prior to 9.1.0.Final, where bytearray message contents could be deserialized during certain events. A malicious attacker could inject a crafted serialized object to trigger deserialization on the client and potentially ac...

Security Bulletin: Critical Security Vulnerability in Rational Directory Server (Tivoli and Apache) (CVE-2014-3089)

Summary A security vulnerability impacts IBM Rational Directory Server RDS 5.2.x, 5.1.1.x and Rational Directory Administrator RDA 6.x Java Client library. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more...

client: unchecked deserialization in marshaller util

The hotrod java client in infinispan automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks...

Infinispan 'hotrod java' client-side remote code execution vulnerability

Infinispan is a distributed in-memory data grid. A remote code execution vulnerability exists in the Infinispan 'hotrod java' client, which allows remote attackers to exploit the vulnerability by submitting a special request to execute arbitrary code in the context of the application...

Important: Red Hat Security Advisory: Red Hat JBoss Data Grid 7.1.1 security update

Red Hat JBoss Data Grid 7.1.1 is now available for download from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2016-0750

The hotrod java client in infinispan automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks...

CVE-2015-7934

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors...

CVE-2015-7931

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support...

Design/Logic Flaw

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors...

Information disclosure

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support...

CVE-2015-7934

The CVE-2015-7934 entry concerns the Adcon Telemetry A840 Telemetry Gateway Base Station’s Java client, where the Java client reveals the full pathname of log files on the server. The vulnerability is an information disclosure (log-file pathnames) that could be exploited remotely, with no client ...

CVE-2015-7931

The CVE-2015-7931 vulnerability affects the Adcon Telemetry A840 Telemetry Gateway Base Station, where the Java client does not authenticate the station device and lacks SSL support. This enables MITM-style spoofing and reading plaintext packet data, causing information disclosure/confidentiality...

CVE-2015-7931

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support...

CVE-2015-7934

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors...

Design/Logic Flaw

The RDS Java Client library in IBM Rational Directory Server RDS 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator RDA 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading a...

CVE-2014-3089

CVE-2014-3089 affects IBM Rational Directory Server (RDS) Java Client libraries and related components. The vulnerability arises because the RDS Java Client library carries the cleartext password for the root user, allowing an attacker with local access to obtain sensitive data by reading the lib...