January 8, 2019—KB4480957 (Security-only update)

January 8, 2019—KB4480957 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections against an additional subclass of speculative execution...

January 8, 2019—KB4480972 (Security-only update)

January 8, 2019—KB4480972 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections against an additional subclass of speculative execution...

January 8, 2019—KB4480116 (OS Build 17763.253)

January 8, 2019—KB4480116 OS Build 17763.253 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that affects PowerShell remoting loop back using non-administrator accounts...

January 8, 2019—KB4480975 (Monthly Rollup)

January 8, 2019—KB4480975 Monthly Rollup Improvements and fixes This security update addresses the following issues: Provides protections against an additional subclass of speculative execution side-channel vulnerability known as Speculative Store Bypass CVE-2018-3639 for AMD-based computers. The...

January 8, 2019—KB4480970 (Monthly Rollup)

January 8, 2019—KB4480970 Monthly Rollup Improvements and fixes This security update addresses the following issues: Provides protections against an additional subclass of speculative execution side-channel vulnerability known as Speculative Store Bypass CVE-2018-3639 for AMD-based computers. The...

Ajera Timesheets 9.10.16 Deserialization

Exploit Title: Ajera Timesheets = 9.10.16 - Deserialization of untrusted data Date: 2019-01-03 Exploit Author: Anthony Cole Vendor Homepage: https://www.deltek.com/en/products/project-erp/ajera Version: = 9.10.16 Contact: http://twitter.com/acole76 Website: http://twitter.com/acole76 Tested on:...

GHSA-MM57-9J6Q-RXM2 Akka Java Serialization vulnerability

Akka versions =2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem...

Akka Java Serialization vulnerability

Akka versions =2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem...

GHSA-MR95-9RR4-668F Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor

Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS both classic and Artery Remoting. Akka allows configuration of custom random number generators. For historical reasons, Akka included t...

Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor

Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS both classic and Artery Remoting. Akka allows configuration of custom random number generators. For historical reasons, Akka included t...

CVE-2018-16115

Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS both classic and Artery Remoting. Akka allows configuration of custom random number generators. For historical reasons, Akka included t...

CVE-2018-16115

CVE-2018-16115 affects Lightbend Akka 2.5.x prior to 2.5.16, where an RNG bug in AES128CounterSecureRNG/AES256CounterSecureRNG used in Akka Remoting (TLS for classic and Artery) can cause repeated random numbers. This enables an attacker to eavesdrop, replay, or modify messages in Akka Remoting/C...

VulnCheck KEV: CVE-2017-1000353

Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would be deserialized using a new ObjectInputStream, bypassing the existing blocklist-based...

ICSA-18-128-02 Siemens Siveillance VMS (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION : Exploitable remotely Vendor : Siemens Equipment : Siveillance Video Management Software VMS Vulnerability : Deserialization of Untrusted Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-128-02...

CVE-2018-7891

The Milestone XProtect Video Management Software Corporate, Expert, Professional+, Express+, Essential+ 2016 R1 10.0.a to 2018 R1 12.1a contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution...

CVE-2018-7891

The Milestone XProtect Video Management Software Corporate, Expert, Professional+, Express+, Essential+ 2016 R1 10.0.a to 2018 R1 12.1a contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution...

CVE-2018-7891

The CVE-2018-7891 issue affects Milestone XProtect Video Management Software (VMS) versions 2016 R1 to 2018 R1. It is a deserialization vulnerability in .NET Remoting endpoints that could lead to remote code execution. The vulnerability is tied to vulnerable endpoints on the Recording/Management ...

JBoss Remoting 6.14.18 - Denial of Service Exploit

Exploit for multiple platform in category dos / poc Exploit Title: Exploit Denial of Service JBoss Remoting 4447/9999 Exploit Author: Frank Spierings Vendor Homepage: https://www.redhat.com/en/technologies/jboss-middleware/application-platform/get-started Software Link:...

JBoss Remoting 6.14.18 Denial Of Service

Exploit Title: Exploit Denial of Service JBoss Remoting 4447/9999 Date: 14-02-2018 Exploit Author: Frank Spierings Vendor Homepage: https://www.redhat.com/en/technologies/jboss-middleware/application-platform/get-started Software Link: http://ftp.redhat.com/pub/redhat/jboss/eap/ Version: JBoss EA...

JBoss Remoting 6.14.18 - Denial of Service

JBoss Remoting 6.14.18 - Denial of Service Exploit Title: Exploit Denial of Service JBoss Remoting 4447/9999 Date: 14-02-2018 Exploit Author: Frank Spierings Vendor Homepage: https://www.redhat.com/en/technologies/jboss-middleware/application-platform/get-started Software Link:...