768 matches found
CVE-2022-29936
USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Oracle Corporation product...
CVE-2022-29936
CVE-2022-29936 concerns USU Oracle Optimization prior to 5.17. The vulnerability arises from Java deserialization of the file path /v2/quantum/save-data-upload-big-file, enabling remote code execution. Public descriptions specify that authenticated users (described as quantum users in some source...
Command Execution Vulnerability in Atlassian Bitbucket Data Center
Atlassian Bitbucket Data Center is the data center version of Atlassian Bitbucket by Atlassian Australia. Atlassian Bitbucket Data Center suffers from a command execution vulnerability that can be exploited by an attacker to execute arbitrary code via Java deserialization...
CVE-2022-26133
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java...
CVE-2022-26133
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java...
Deserialization of untrusted data
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java...
CVE-2022-26133
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java...
CVE-2022-26133
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java...
CVE-2022-26133
CVE-2022-26133 affects Atlassian Bitbucket Data Center via SharedSecretClusterAuthenticator. A remote, unauthenticated attacker can execute arbitrary code through Java deserialization. Vulnerable versions include: 5.14.0 and later before 7.6.14; 7.7.0 and later before 7.17.6; 7.18.0 and later bef...
Atlassian Bitbucket Data Center 代码问题漏洞
Atlassian Bitbucket Data Center is the data center version of Atlassian Bitbucket by Atlassian Australia. Atlassian Bitbucket Data Center suffers from a command execution vulnerability that can be exploited by an attacker to execute arbitrary code via Java deserialization...
Security Bulletin: IBM Maximo Asset Management is vulnerable to Java Deserialization (CVE-2020-4521)
Summary IBM Maximo Asset Management is vulnerable to Java Deserialization. Vulnerability Details CVEID:CVE-2020-4521 DESCRIPTION: IBM Maximo Asset Management could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sendin...
CVE-2022-20763 Cisco Webex Meetings Java Deserialization Vulnerability
A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. This vulnerability is due to improper deserialization of Java code within login requests. An attacker could exploit this vulnerability by...
CVE-2022-20763 Cisco Webex Meetings Java Deserialization Vulnerability
A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. This vulnerability is due to improper deserialization of Java code within login requests. An attacker could exploit this vulnerability by...
Cisco Webex Meetings 代码问题漏洞
Cisco Webex Meetings is a videoconferencing solution from Cisco. A security vulnerability exists in Cisco Webex Meetings, which is caused by improper deserialization of Java code in login requests. A remote attacker could exploit this vulnerability to inject arbitrary Java code...
CVE-2020-19229
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter...
CVE-2020-19229
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter...
CVE-2020-19229
CVE-2020-19229 affects Jeesite 1.2.7 which bundles Apache Shiro 1.2.3. The issue arises from a Java deserialization vulnerability via the rememberMe parameter when a cipher key is not configured, enabling remote code execution. Public details indicate the root cause is CVE-2016-4437 (Apache Shiro...
卓源软件 Jeesite 代码问题漏洞
Zhuo source software Jeesite is China's Zhuo source software company of a set of open source Java EE enterprise-class rapid development platform . The platform includes system permissions components , data permissions components , data dictionary components , core tools components , view...
CVE-2020-19229
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter. Recent assessments: Assessed Attacker Value: 0...
Aiven Ltd: Kafka Connect RCE via connector SASL JAAS JndiLoginModule configuration
Summary: When configuring the connector via the Aiven API or the Kafka Connect REST API, the attacker can set the database.history.producer.sasl.jaas.config connector property for the io.debezium.connector.mysql.MySqlConnector connector. This is likely true for other debezium connectors too. By...