191 matches found
CVE-2024-45772 Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users ar...
CVE-2024-45772
CVE-2024-45772 (Apache Lucene Replicator) : A deserialization of untrusted data vulnerability affects Lucene Replicator in versions 4.4.0 through before 9.12.0; the deprecated org.apache.lucene.replicator.http package is affected, while org.apache.lucene.replicator.nrt is not. The issue can be tr...
HP SiteScope SOAP Call GetSiteScopeConfiguration Configuration Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP SiteScope SOAP Call getSiteScopeConfiguration Configuration Access', 'Description' = %q This module exploits an authentication bypass...
Apache Tapestry HMAC secret key leak
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Tapestry HMAC secret key leak', 'Description' = %q This exploit finds the HMAC secret key used in Java serialization by Apache Tapestry...
CVE-2023-39475
CVE-2023-39475 affects Inductive Automation Ignition through the ParameterVersionJavaSerializationCodec deserialization of untrusted data. The root cause is lack of validation of user-supplied data in this class, allowing a remote attacker to execute arbitrary code in the context of SYSTEM withou...
CVE-2024-32876
NewPipe is an Android app for video streaming written in Java. It supports exporting and importing backups, as a way to let users move their data to a new device effortlessly. However, in versions 0.13.4 through 0.26.1, importing a backup file from an untrusted source could have resulted in...
USN-6692-1: Gson vulnerability
It was discovered that Gson incorrectly handled deserialization of untrusted input data. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service...
[SECURITY] Fedora 40 Update: xstream-1.4.20-6.fc40
XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...
SUSE CVE-2015-7501
Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid JDG 6.x; Data Virtualization JDV 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works FSW 6.x; Operations Network JBoss ON 3.x; Portal 6.x; SOA Platform SOA-P 5.x; Web Server JWS 3.x;...
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...
SUSE CVE-2013-2456
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the...