Lucene search
+L

252 matches found

vulnersOsv
vulnersOsv
added 2023/10/24 1:51 a.m.7 views

africa.shuwari.sbt:sbt-js_2.12_1.0 (>=0.14.1 <=0.16.1), africa.shuwari.sbt:sbt-netbeans_2.12_1.0 (>=0.1.0 <=0.1.1) +561 more potentially affected by CVE-2023-46122 via org.scala-sbt:sbt (>=0.99.2 <=1.9.6)

org.scala-sbt:sbt MAVEN version =0.99.2, =0.14.1, =0.1.0, =0.9.6, =0.12.1, =0.9.6, =0.9.6, =0.9.6, =0.9.6, =0.14.1, =0.9.6, =0.14.1, =0.1.0, =0.1.0, =0.1.1 and more Source cves: CVE-2023-46122 Source advisory: OSV:GHSA-H9MW-GRGX-2FHF...

7.1CVSS7AI score0.0034EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/10/24 1:51 a.m.7 views

africa.shuwari.sbt:sbt-js_2.12_1.0 (>=0.14.1 <=0.16.1), africa.shuwari.sbt:sbt-netbeans_2.12_1.0 (>=0.1.0 <=0.1.1) +693 more potentially affected by CVE-2023-46122 via org.scala-sbt:io_2.12 (>=1.0.0 <=1.9.1)

org.scala-sbt:io2.12 MAVEN version =1.0.0, =0.14.1, =0.1.0, =0.9.6, =0.12.1, =0.9.6, =0.9.6, =0.9.6, =0.9.6, =0.14.1, =0.9.6, =0.14.1, =0.1.0, =0.1.0, =0.1.1 and more Source cves: CVE-2023-46122 Source advisory: OSV:GHSA-H9MW-GRGX-2FHF...

7.1CVSS7AI score0.0034EPSS
Exploits1
NVD
NVD
added 2023/10/23 4:15 p.m.32 views

CVE-2023-46122

sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorizedkeys. Within sbt's main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however...

7.1CVSS5.5AI score0.0034EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/10/23 3:51 p.m.39 views

CVE-2023-46122 Arbitrary file write via archive extraction (Zip Slip) vulnerability in sbt

sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorizedkeys. Within sbt's main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however...

3.9CVSS7AI score0.0034EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/10/23 3:51 p.m.17 views

CVE-2023-46122 Arbitrary file write via archive extraction (Zip Slip) vulnerability in sbt

sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorizedkeys. Within sbt's main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however...

3.9CVSS6.8AI score0.0034EPSS
Exploits1References4
CVE
CVE
added 2023/10/23 3:51 p.m.74 views

CVE-2023-46122

CVE-2023-46122 affects sbt’s IO.unzip and can enable arbitrary file writes when extracting a crafted zip/JAR, with potential to overwrite the root SSH authorized_keys. Within sbt, IO.unzip is used in pullRemoteCache and Resolvers.remote, and many projects call IO.unzip directly. Root cause: archi...

7.1CVSS5.5AI score0.0034EPSS
Exploits1References4Affected Software2
OSV
OSV
added 2023/10/23 3:51 p.m.28 views

CVE-2023-46122 Arbitrary file write via archive extraction (Zip Slip) vulnerability in sbt

sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorizedkeys. Within sbt's main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however...

3.9CVSS6.9AI score0.0034EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2023/10/18 12:0 a.m.32 views

Oracle Primavera Gateway (October 2023 CPU)

The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory. - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering component: Admin JSON-java. Supported versions that are...

9.8CVSS6.4AI score0.08343EPSS
Exploits6References5
RedHat Linux
RedHat Linux
added 2023/09/14 9:51 a.m.8 views

scala: deserialization gadget chain

A flaw was found in Scala's LazyList that permits code execution during deserialization. This issue could allow an attacker to craft a LazyList containing a malicious Function0 call to execute arbitrary code on a server that deserializes untrusted data...

9.8CVSS7.9AI score0.08343EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/09/14 9:51 a.m.39 views

Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.5.0 release and security update

Red Hat AMQ Streams 2.5.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS7.3AI score0.99615EPSS
Exploits14References19
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/07 6:42 a.m.62 views

Security Bulletin: Multiple vulnerabilities in scala-compiler-2.11.8.jar affect IBM Application Performance Management products

Summary There are multiple vulnerabilities in scala-compiler-2.11.8.jar used by IBM Application Performance Management. IBM Application Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2017-15288 DESCRIPTION: Scala could allow a local authenticated attacke...

7.8CVSS7.7AI score0.00375EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/07 4:8 a.m.47 views

Security Bulletin: Due to use of Scala, IBM Cloud Pak for Multicloud Management Monitoring could allow a remote authenticated attacker to execute arbitrary code on the system. [CVE-2022-36944]

Summary Scala is used by IBM Cloud Pak for Multicloud Management Monitoring, to process large amounts of data smoothly and efficiently. The vulnerability has been addresssed. Vulnerability Details CVEID:CVE-2022-36944 DESCRIPTION: Scala could allow a remote authenticated attacker to execute...

9.8CVSS9.6AI score0.08343EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2023/05/18 9:54 a.m.86 views

Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.4.0 release and security update

Red Hat AMQ Streams 2.4.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS6.8AI score0.95302EPSS
Exploits17References17
RedHat Linux
RedHat Linux
added 2023/05/18 9:54 a.m.6 views

scala: deserialization gadget chain

A flaw was found in Scala's LazyList that permits code execution during deserialization. This issue could allow an attacker to craft a LazyList containing a malicious Function0 call to execute arbitrary code on a server that deserializes untrusted data...

9.8CVSS7.8AI score0.08343EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/15 1:2 p.m.50 views

Security Bulletin: IBM Cloud Pak for Network Automation v2.4.3 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation v2.4.3 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-1304 DESCRIPTION: e2fsprogs could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read/write...

9.8CVSS9AI score0.99615EPSS
Exploits13Affected Software1
RedhatCVE
RedhatCVE
added 2023/05/11 4:52 p.m.42 views

CVE-2022-36944

A flaw was found in Scala's LazyList that permits code execution during deserialization. This issue could allow an attacker to craft a LazyList containing a malicious Function0 call to execute arbitrary code on a server that deserializes untrusted data. Mitigation Users of Scala's LazyList should...

8.1CVSS9.3AI score0.08343EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2023/04/27 9:30 p.m.5 views

com.github.arielf-camacho:kafka-utils_2.12 (>=1.0.1 <=1.0.3), com.github.j5ik2o:akka-persistence-dynamodb-kafka-write-adaptor_2.12 (=1.1.0) +56 more potentially affected by CVE-2023-29471 via com.typesafe.akka:akka-stream-kafka_2.12 (>=0.13 <=4.0.1)

com.typesafe.akka:akka-stream-kafka2.12 MAVEN version =0.13, =1.0.1, =1.0.1, =2.0.5, =1.0.0, =0.3, =0.0.0-NIGHTLY01122020, =0.0.0-NIGHTLY01122020, =0.0.0-NIGHTLY01122020, =0.0.0-NIGHTLY01122020, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.6.8-RC1 and more Source cves:...

5.5CVSS6AI score0.00152EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/04/27 9:30 p.m.7 views

com.lightbend.lagom:lagom-javadsl-integration-client_2.11 (>=1.5.0 <=1.5.5), com.lightbend.lagom:lagom-javadsl-kafka-broker_2.11 (>=1.5.0 <=1.5.5) +7 more potentially affected by CVE-2023-29471 via com.typesafe.akka:akka-stream-kafka_2.11 (>=1.0 <=1.1.0)

com.typesafe.akka:akka-stream-kafka2.11 MAVEN version =1.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.0, =1.1.0-RC2 Source cves: CVE-2023-29471 Source advisory: OSV:GHSA-55VQ-XPJF-R2XC...

5.5CVSS6AI score0.00152EPSS
Exploits0
Chainguard
Chainguard
added 2023/03/22 6:30 a.m.47 views

GHSA-Q6G2-G7F3-RR83 vulnerabilities

Vulnerabilities for packages: druid...

7AI score
Exploits0
Wolfi
Wolfi
added 2023/03/22 6:30 a.m.6 views

GHSA-Q6G2-G7F3-RR83 vulnerabilities

Vulnerabilities for packages: druid...

7AI score
Exploits0
Rows per page
Query Builder