768 matches found
CVE-2023-34040 Java Deserialization vulnerability in Spring-Kafka When Improperly Configured
In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers...
CVE-2023-34040 Java Deserialization vulnerability in Spring-Kafka When Improperly Configured
In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers...
CVE-2023-37895
Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...
CVE-2023-37895 Apache Jackrabbit RMI access can lead to RCE
Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...
Security Bulletin: Multiple vulnerabilities of Apache common collections (commons-collections-3.2.jar) have affected APM WebSphere Application Server Agent
Summary APM WebSphere Application Server Agent is vulnerable to Apache common collections commons-collections-3.2.jar. The fix includes commons-collections-3.2.jar upgraded to commons-collections-3.2.2.jar. CVE-2015-4852, CVE-2017-15708 and CVE-2019-13116 Vulnerability Details CVEID:CVE-2015-4852...
New Fortinet's FortiNAC Vulnerability Exposes Networks to Code Execution Attacks
Fortinet has rolled out updates to address a critical security vulnerability impacting its FortiNAC network access control solution that could lead to the execution of arbitrary code. Tracked as CVE-2023-33299, the flaw is rated 9.6 out of 10 for severity on the CVSS scoring system. It has been...
CVE-2023-26436
Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default. Arbitrary code could be injected that is being executed when processin...
CVE-2023-26436
The CVE-2023-26436 issue affects Open-Xchange AppSuite (OX App Suite) via the documentconverterws API. Attackers able to access this endpoint can inject serialized Java objects that aren’t properly validated during deserialization, potentially allowing arbitrary code execution. The root cause is ...
mina-sshd: Java unsafe deserialization vulnerability
A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server...
mina-sshd: Java unsafe deserialization vulnerability
A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server...
CVE-2023-28500
A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL. Adobe LiveCycle ES4 version 11.0.1 and later may...
mina-sshd: Java unsafe deserialization vulnerability
A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server...
mina-sshd: Java unsafe deserialization vulnerability
A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server...
mina-sshd: Java unsafe deserialization vulnerability
A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server...
CVE-2022-37936
Unauthenticated Java deserialization vulnerability in Serviceguard Manager...
HPE Serviceguard 代码问题漏洞
HPE Serviceguard is a high availability and disaster recovery clustering solution from HPE. A security vulnerability exists in HPE Serviceguard that stems from the presence of an unauthenticated Java deserialization vulnerability...
mina-sshd: Java unsafe deserialization vulnerability
A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server...
CVE-2022-37936
Unauthenticated Java deserialization vulnerability in Serviceguard Manager...
CVE-2022-37936
Unauthenticated Java deserialization vulnerability in Serviceguard Manager...
CVE-2022-37936
CVE-2022-37936 affects HP Serviceguard Manager with an unauthenticated Java deserialization vulnerability. Root cause: deserialization flaw in Serviceguard Manager; impact on affected systems is high (network access, no auth, potential custody of data and execution of code). Remediation: HP relea...