168 matches found
EUVD-2021-0894
Malware in sbrugna...
EUVD-2025-0229
Malicious code in bioql PyPI...
EUVD-2023-34685
Malicious code in bioql PyPI...
EUVD-2022-4306
Malicious code in bioql PyPI...
EUVD-2022-1253
Malicious code in bioql PyPI...
CVE-2025-10252
A flaw has been found in SEAT Queue Ticket Kiosk up to 20250827. This affects an unknown part of the component Java RMI Registry Handler. This manipulation causes deserialization. The attack can only be done within the local network. The attack is considered to have high complexity. It is indicat...
CVE-2025-10252 SEAT Queue Ticket Kiosk Java RMI Registry deserialization
A flaw has been found in SEAT Queue Ticket Kiosk up to 20250827. This affects an unknown part of the component Java RMI Registry Handler. This manipulation causes deserialization. The attack can only be done within the local network. The attack is considered to have high complexity. It is indicat...
CVE-2025-10252
CVE-2025-10252 affects SEAT Queue Ticket Kiosk (up to 20250827) via a deserialization flaw in the Java RMI Registry Handler. The issue is exploitable only over a local network, with high attack complexity and low overall impact per CVSS metrics (LOW). The vendor has not responded to disclosures. ...
Man-In-The-Middle (MITM)
org.apache.cassandra:cassandra-all is vulnerable to a Man-In-The-Middle attack. The vulnerability is due to improper RMI registry protections due to the ability of a local attacker to manipulate the RMI registry, allowing them to capture JMX interface credentials and perform unauthorized operatio...
GHSA-RGFX-7P65-3FF4 Apache Cassandra: unrestricted deserialization of JMX authentication credentials
In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...
CVE-2024-27137
In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...
Design/Logic Flaw
nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker...
BIT-CASSANDRA-2020-13946
In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and...
PT-2025-2395 · Apache · Apache Cassandra
Name of the Vulnerable Software and Affected Versions: Apache Cassandra versions 4.0.2 through 5.0.2 Description: A local attacker without access to the Apache Cassandra process or configuration files can manipulate the RMI registry to perform a man-in-the-middle attack. This allows the attacker ...
[SECURITY] [DLA 3657-1] activemq security update
Debian LTS Advisory DLA-3657-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany November 20, 2023 https://wiki.debian.org/LTS Package : activemq Version : 5.15.16-0+deb10u1 CVE ID : CVE-2020-13920 CVE-2021-26117 CVE-2023-46604 Debian Bug : 1054909 982590 Several...
Code injection
Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry listening on TCP port 2099 by default and two RMI interfaces listening on a single, dynamically assigned TCP high port. Port 2099 serves as a Java Remote Method Invocation RMI...
CVE-2023-0925 Software AG webMethods OneData Deserialization Vulnerability
Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry listening on TCP port 2099 by default and two RMI interfaces listening on a single, dynamically assigned TCP high port. Port 2099 serves as a Java Remote Method Invocation RMI...
CVE-2023-30262
An issue found in MIM software Inc MIM License Server and MIMpacs services v.6.9 thru v.7.0 fixed in v.7.0.10 allows a remote unauthenticated attacker to execute arbitrary code via the RMI Registry service...
Design/Logic Flaw
An issue found in MIM software Inc MIM License Server and MIMpacs services v.6.9 thru v.7.0 fixed in v.7.0.10 allows a remote unauthenticated attacker to execute arbitrary code via the RMI Registry service...
CVE-2023-30262
An issue found in MIM software Inc MIM License Server and MIMpacs services v.6.9 thru v.7.0 fixed in v.7.0.10 allows a remote unauthenticated attacker to execute arbitrary code via the RMI Registry service...