252 matches found
africa.shuwari.sbt:sbt-js_2.12_1.0 (>=0.14.1 <=0.16.1), africa.shuwari.sbt:sbt-netbeans_2.12_1.0 (>=0.1.0 <=0.1.1) +561 more potentially affected by CVE-2023-46122 via org.scala-sbt:sbt (>=0.99.2 <=1.9.6)
org.scala-sbt:sbt MAVEN version =0.99.2, =0.14.1, =0.1.0, =0.9.6, =0.12.1, =0.9.6, =0.9.6, =0.9.6, =0.9.6, =0.14.1, =0.9.6, =0.14.1, =0.1.0, =0.1.0, =0.1.1 and more Source cves: CVE-2023-46122 Source advisory: OSV:GHSA-H9MW-GRGX-2FHF...
africa.shuwari.sbt:sbt-js_2.12_1.0 (>=0.14.1 <=0.16.1), africa.shuwari.sbt:sbt-netbeans_2.12_1.0 (>=0.1.0 <=0.1.1) +693 more potentially affected by CVE-2023-46122 via org.scala-sbt:io_2.12 (>=1.0.0 <=1.9.1)
org.scala-sbt:io2.12 MAVEN version =1.0.0, =0.14.1, =0.1.0, =0.9.6, =0.12.1, =0.9.6, =0.9.6, =0.9.6, =0.9.6, =0.14.1, =0.9.6, =0.14.1, =0.1.0, =0.1.0, =0.1.1 and more Source cves: CVE-2023-46122 Source advisory: OSV:GHSA-H9MW-GRGX-2FHF...
CVE-2023-46122
sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorizedkeys. Within sbt's main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however...
CVE-2023-46122 Arbitrary file write via archive extraction (Zip Slip) vulnerability in sbt
sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorizedkeys. Within sbt's main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however...
CVE-2023-46122 Arbitrary file write via archive extraction (Zip Slip) vulnerability in sbt
sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorizedkeys. Within sbt's main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however...
CVE-2023-46122
CVE-2023-46122 affects sbt’s IO.unzip and can enable arbitrary file writes when extracting a crafted zip/JAR, with potential to overwrite the root SSH authorized_keys. Within sbt, IO.unzip is used in pullRemoteCache and Resolvers.remote, and many projects call IO.unzip directly. Root cause: archi...
CVE-2023-46122 Arbitrary file write via archive extraction (Zip Slip) vulnerability in sbt
sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorizedkeys. Within sbt's main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however...
Oracle Primavera Gateway (October 2023 CPU)
The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory. - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering component: Admin JSON-java. Supported versions that are...
scala: deserialization gadget chain
A flaw was found in Scala's LazyList that permits code execution during deserialization. This issue could allow an attacker to craft a LazyList containing a malicious Function0 call to execute arbitrary code on a server that deserializes untrusted data...
Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.5.0 release and security update
Red Hat AMQ Streams 2.5.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Security Bulletin: Multiple vulnerabilities in scala-compiler-2.11.8.jar affect IBM Application Performance Management products
Summary There are multiple vulnerabilities in scala-compiler-2.11.8.jar used by IBM Application Performance Management. IBM Application Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2017-15288 DESCRIPTION: Scala could allow a local authenticated attacke...
Security Bulletin: Due to use of Scala, IBM Cloud Pak for Multicloud Management Monitoring could allow a remote authenticated attacker to execute arbitrary code on the system. [CVE-2022-36944]
Summary Scala is used by IBM Cloud Pak for Multicloud Management Monitoring, to process large amounts of data smoothly and efficiently. The vulnerability has been addresssed. Vulnerability Details CVEID:CVE-2022-36944 DESCRIPTION: Scala could allow a remote authenticated attacker to execute...
Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.4.0 release and security update
Red Hat AMQ Streams 2.4.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
scala: deserialization gadget chain
A flaw was found in Scala's LazyList that permits code execution during deserialization. This issue could allow an attacker to craft a LazyList containing a malicious Function0 call to execute arbitrary code on a server that deserializes untrusted data...
Security Bulletin: IBM Cloud Pak for Network Automation v2.4.3 addresses multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation v2.4.3 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-1304 DESCRIPTION: e2fsprogs could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read/write...
CVE-2022-36944
A flaw was found in Scala's LazyList that permits code execution during deserialization. This issue could allow an attacker to craft a LazyList containing a malicious Function0 call to execute arbitrary code on a server that deserializes untrusted data. Mitigation Users of Scala's LazyList should...
com.github.arielf-camacho:kafka-utils_2.12 (>=1.0.1 <=1.0.3), com.github.j5ik2o:akka-persistence-dynamodb-kafka-write-adaptor_2.12 (=1.1.0) +56 more potentially affected by CVE-2023-29471 via com.typesafe.akka:akka-stream-kafka_2.12 (>=0.13 <=4.0.1)
com.typesafe.akka:akka-stream-kafka2.12 MAVEN version =0.13, =1.0.1, =1.0.1, =2.0.5, =1.0.0, =0.3, =0.0.0-NIGHTLY01122020, =0.0.0-NIGHTLY01122020, =0.0.0-NIGHTLY01122020, =0.0.0-NIGHTLY01122020, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.6.8-RC1 and more Source cves:...
com.lightbend.lagom:lagom-javadsl-integration-client_2.11 (>=1.5.0 <=1.5.5), com.lightbend.lagom:lagom-javadsl-kafka-broker_2.11 (>=1.5.0 <=1.5.5) +7 more potentially affected by CVE-2023-29471 via com.typesafe.akka:akka-stream-kafka_2.11 (>=1.0 <=1.1.0)
com.typesafe.akka:akka-stream-kafka2.11 MAVEN version =1.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.0, =1.1.0-RC2 Source cves: CVE-2023-29471 Source advisory: OSV:GHSA-55VQ-XPJF-R2XC...
GHSA-Q6G2-G7F3-RR83 vulnerabilities
Vulnerabilities for packages: druid...
GHSA-Q6G2-G7F3-RR83 vulnerabilities
Vulnerabilities for packages: druid...