The vulnerability of the Apache jUDDI software lies in its ability to restore unreliable data from memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Apache jUDDI software lies in the recovery of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Vulnerabilities fixed in Xen

Xen's developers have fixed several vulnerabilities in Xen. A local malicious person could exploit the vulnerabilities to cause a denial-of-service, both in the guest system as well as the underlying host. Also, potentially the vulnerabilities could be exploited to obtain sensitive data in memory...

The vulnerability of the software for updating Schneider Electric Software Update (SESU) lies in the possibility of restoring unreliable data in memory, allowing a hacker to execute arbitrary code.

The vulnerability of the software for updating Schneider Electric Software Update SESU involves the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of Huawei AnyOffice mobile office platform, related to the restoration of unreliable data in memory, allows a hacker to execute arbitrary code or gain full control over the application.

The vulnerability of Huawei AnyOffice mobile office platform relates to the recovery of unreliable data in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or gain full control over the application through a specially crafted request...

IBM Cloud Pak for Applications 信息泄露漏洞

IBM Cloud Pak for Applications is an application from IBM Corporation. An information disclosure vulnerability exists in IBM Cloud Pak for Applications, which stems from the fact that the system does not effectively restrict access to in-memory data, which could be exploited by an attacker to gai...

Amazon Linux 2 : systemd, --advisory ALAS2-2021-1647 (ALAS-2021-1647)

The version of systemd installed on the remote host is prior to 219-78. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1647 advisory. It was discovered that systemd is vulnerable to a state injection attack when deserializing the state of a service...

PT-2021-15406 · Gallagher · Gallagher Command Centre

Name of the Vulnerable Software and Affected Versions: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3 Description: The issue concerns a Cleartext Storage of Sensitive Information in Memory vulnerability in the Gallagher Command Centre Server. This vulnerability allows the Cloud...

The vulnerability of Apache Commons Collections and Cisco’s software products lies in the possibility of restoring unreliable data structures in memory, allowing attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of Apache Commons Collections and Cisco’s software products lies in the rehydration of unreliable data structures in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

The vulnerability of the org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource component in the Jackson-databind library of the FasterXML project allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource component in the Jackson-databind library of the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability may allow an attacker to compromise the confidentialit...

The vulnerability of the org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource component in the Jackson-databind library of the FasterXML project allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource component in the Jackson-databind library of the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability may allow an attacker to compromise the...

The vulnerability of the org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool component in the Jackson-databind library of the FasterXML project allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool component in the Jackson-databind library of the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

Important: redis:6 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

Design/Logic Flaw

IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401...

The vulnerability of the Apache OFBiz resource planning software lies in its ability to restore unreliable data in memory, allowing an attacker to execute arbitrary code.

The vulnerability of Apache OFBiz’s resource planning software lies in its ability to restore unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted request...

New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks

Academics from Vrije University in Amsterdam and ETH Zurich have published a new research paper describing yet another variation of the Rowhammer attack. Dubbed SMASH Synchronized MAny-Sided Hammering, the technique can be used to successfully trigger the attack from JavaScript on modern DDR4 RAM...

The vulnerability of the Apache OFBiz resource planning software lies in its ability to restore unreliable data in memory, allowing attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of Apache OFBiz’s resource planning software lies in the recovery of unreliable data in memory. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the RemoteJavaScript service in the IBM QRadar SIEM system for incident collection and analysis allows a perpetrator to execute arbitrary code or cause a service failure.

The vulnerability of the RemoteJavaScript service in the IBM QRadar SIEM system relates to the restoration of unreliable data in memory, resulting from deserialization. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or trigger a service failure through a speciall...

Google Chrome 安全漏洞

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. An insufficient policy enforcement vulnerability exists in appcache in Google Chrome versions prior to 89.0.4389.72. A remote attacker can exploit this vulnerabilit...

The vulnerability of the Log4j Java logging library, related to the restoration of unreliable data in memory, allows a hacker to execute arbitrary code.

The vulnerability of the Log4j logging library in Java programs relates to the restoration of unreliable data in memory. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

The vulnerability of the Jackson-databind library in the FasterXML project, related to the restoration of unreliable data in memory, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Jackson-databind library in the FasterXML project relates to the restoration of unreliable data in memory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to compromise the confidentiality, integrity, and accessibility of the protected...