CVE-2023-46120 RabbitMQ Java client's lack of message size limitation leads to remote DoS attack

The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. maxBodyLebgth was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may...

GHSA-MM8H-8587-P46H RabbitMQ Java client's Lack of Message Size Limitation leads to Remote DoS Attack

Summary maxBodyLebgth was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. PoC RbbitMQ Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M here it only needs to be larger than the Consumer memo...

PT-2023-8230 · Rabbitmq +1 · Rabbitmq Java Client +1

Name of the Vulnerable Software and Affected Versions: RabbitMQ Java client versions prior to 5.18.0 Description: The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. maxBodyLebgth was not used when receiving Message objects...

The vulnerability of the Java client of the Aerospike Database management system allows a hacker to execute arbitrary code.

The vulnerability of the Java client of the Aerospike Database management system is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...

CVE-2023-36480

The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them...

CVE-2023-36480 Aerospike Java Client vulnerable to unsafe deserialization of server responses

The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them...

CVE-2023-36480 Aerospike Java Client vulnerable to unsafe deserialization of server responses

The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them...

CVE-2023-36480 Aerospike Java Client vulnerable to unsafe deserialization of server responses

The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them...

CVE-2023-36480

CVE-2023-36480 affects the Aerospike Java Client. The vulnerability arises from unsafe deserialization of server-provided data: messages may contain Java objects that the client deserializes via JBLOB payloads using Java’s ObjectInputStream, without sufficient validation. This can lead to Remote ...

Deserialization of Untrusted Data

The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them...

GHSA-JJ95-55CR-9597 Aerospike Java Client vulnerable to unsafe deserialization of server responses

GitHub Security Lab GHSL Vulnerability Report: GHSL-2023-044 The GitHub Security Lab team has identified a potential security vulnerability in Aerospike Java Client. We are committed to working with you to help resolve this issue. In this report you will find everything you need to effectively...

Aerospike Java Client vulnerable to unsafe deserialization of server responses

GitHub Security Lab GHSL Vulnerability Report: GHSL-2023-044 The GitHub Security Lab team has identified a potential security vulnerability in Aerospike Java Client. We are committed to working with you to help resolve this issue. In this report you will find everything you need to effectively...

PT-2023-4283 · Aerospike · Aerospike Java Client

Name of the Vulnerable Software and Affected Versions: Aerospike Java Client versions prior to 7.0.0 Aerospike Java Client versions prior to 6.2.0 Aerospike Java Client versions prior to 5.2.0 Aerospike Java Client versions prior to 4.5.0 Description: The Aerospike Java client has a vulnerability...

Advisory ROSA-SA-2023-2196

Software: bookkeeper 4.3.2 OS: ROSA-CHROME packageevrstring: bookkeeper-4.3.2-7.src.rpm CVE-ID: CVE-2022-32531 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: The Apache Bookkeeper Java client before 4.14.6, and also 4.15.0 does not close the connection to the accounting server when TLS hostname validatio...

Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM

A flaw was found in the Apache Pulsar Java Client. This flaw allows an attacker to use a Man-in-the-Middle MITM attack, manipulating network traffic and gaining the client's authentication data...

SUSE CVE-2018-2826

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Libraries. The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require...

SUSE CVE-2018-2942

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Windows DLL. Supported versions that are affected are Java SE: 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

SUSE CVE-2021-25738

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution...

Debian: Security Advisory (DSA-5307-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Bookkeeper vulnerable to Improper Certificate Validation

The Apache Bookkeeper Java Client before 4.14.6 and also 4.15.0 does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves the bookkeeper client vulnerable to a man in the middle attack. The problem affects BookKeeper client prior to versions 4.14.6 a...