GHSA-57QH-VMJR-5JXG Snipe-IT remote code execution

Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...

Snipe-IT remote code execution

Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...

CVE-2024-48987

Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...

CVE-2024-48987

Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...

RUSTSEC-2024-0402 Borsh serialization of HashMap is non-canonical

The borsh serialization of the HashMap did not follow the borsh specification. It potentially produced non-canonical encodings dependent on insertion order. It also did not perform canonicty checks on decoding. This can result in consensus splits and cause equivalent objects to be considered...

PT-2024-40947 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 0.15.1 Description: The issue concerns the borsh serialization of the HashMap, which did not adhere to the borsh specification. This led to potential non-canonical encodings that depended on the insertion order, an...

CVE-2024-48987

Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...

CVE-2024-48987

CVE-2024-48987 affects Snipe-IT prior to 7.0.10. The vulnerability enables remote code execution through cookie handling when an attacker knows the APP_KEY, with risk amplified by default APP_KEY values in .env files in the repository. Affected component is the cookie deserialization path; root c...

CVE-2024-48987

Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...

PT-2024-33316 · Snipe-It · Snipe-It

Name of the Vulnerable Software and Affected Versions: Snipe-IT versions prior to 7.0.10 Description: The issue allows remote code execution when an attacker knows the APP KEY, which is associated with cookie serialization. This is worsened by the availability of .env files from the product's...

CentOS 6 : java-1.8.0-ibm (RHSA-2020:0469)

The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0469 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE:...

CentOS 7 : java-1.7.1-ibm (RHSA-2020:0468)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0468 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE:...

CentOS 7 : java-1.8.0-ibm (RHSA-2020:0470)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0470 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE:...

CentOS 6 : java-1.7.1-ibm (RHSA-2020:0467)

The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0467 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE:...

CentOS 7 : java-1.8.0-openjdk (RHSA-2022:0306)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0306 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that ar...

CentOS 6 : java-1.8.0-ibm (RHSA-2020:2239)

The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2239 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Kerberos. Supported versions that are affected are Java SE: 7u231...

Exploit for Deserialization of Untrusted Data in Flask-Caching_Project Flask-Caching

It is an offensive tool for web exploitation. This PoC exploit t...

Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications

A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit SDK that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-47561 CVSS score: 9.3, impacts all versions of the software prior t...

K000141355: Multiple PHP vulnerabilities

Security Advisory Description CVE-2016-4342 ext/phar/pharobject.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact v...

ROS-20241003-01

Vulnerability of dmaentryalloccheckleak function of dma-debug component of Linux operating system kernel is related to incorrect locking. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service Vulnerability in the vaddr-test component of the Linux operati...