60 matches found
SUSE CVE-2018-2800
Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...
GHSA-Q4Q3-R45F-7GWG Apache Geode vulnerable to Deserialization of Untrusted Data
Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Any user still on Java 8 who wishes to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15 and Java 11. ...
Xiaomi Mi Sound Information Disclosure Vulnerability
Xiaomi Mi Sound is a smart audio app by Chinese company Xiaomi Xiaomi. Xiaomi Mi Sound suffers from an information disclosure vulnerability, which stems from the fact that part of the interface can be remotely invoked, which can be exploited by an attacker to obtain sensitive information...
Xiaomi Mi Sound APP 信息泄露漏洞
Xiaomi Mi Sound is a smart audio app by Chinese company Xiaomi Xiaomi. Xiaomi Mi Sound suffers from an information disclosure vulnerability, which stems from the fact that part of the interface can be remotely invoked, which can be exploited by an attacker to obtain sensitive information...
NetScout nGeniusONE 代码注入漏洞
NetScout nGeniusONE is a centralized application management and network performance solution from NetScout, Inc. A code injection vulnerability exists in NetScout nGeniusONE version 6.3.2, which can be exploited by an attacker to execute Java RMI code...
The vulnerability of the `readRemoteInvocation` method implementation in the HTTP request handler based on the Servlet-API `HttpInvokerServiceExporter` of the Spring Framework allows a attacker to execute arbitrary code.
The vulnerability of the readRemoteInvocation method implemented by the HTTP-request handler based on the Servlet-API HttpInvokerServiceExporter in the Spring Framework software platform is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious...
wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service
A vulnerability was found in Wildfly's Enterprise Java Beans EJB, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the...
wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service
A vulnerability was found in Wildfly's Enterprise Java Beans EJB, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the...
wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service
A vulnerability was found in Wildfly's Enterprise Java Beans EJB, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the...
wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service
A vulnerability was found in Wildfly's Enterprise Java Beans EJB, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the...
wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service
A vulnerability was found in Wildfly's Enterprise Java Beans EJB, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the...
CVE-2019-14958
JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation...
Design/Logic Flaw
JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation...
CVE-2019-14958
JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation...
UBUNTU-CVE-2019-0187
Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...
The vulnerability of the Cisco Unity Express autocalendar, related to the restoration of a questionable data structure in memory, allows an attacker to execute arbitrary commands.
The vulnerability of the Cisco Unity Express aut secretary relates to the restoration of unreliable data structures Java objects in memory during the processing of requests by the Java RMI Remote Method Invocation service. This vulnerability could allow a malicious actor to execute arbitrary...
GHSA-XJRR-XV9M-4PW5 Improper Input Validation in alilibaba:fastjson
parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is...
CVE-2018-10611
Java remote method invocation RMI input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services...
Apache JMeter Remote Command Execution Vulnerability
Apache Jmeter is an open source Java application designed to test functional behavior and measure performance for load ... Apache JMeter suffers from a remote command execution vulnerability in distributed mode using an insecure RMI connection, which can be exploited by an attacker to execute...
DEBIAN-CVE-2018-1297
When using Distributed Test only RMI based, Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...