4220 matches found
Security Bulletin: Multiple vulnerabilities in Java SE affect IBM TXSeries for Multiplatforms
Summary Java SE is used by IBM TXSeries for Multiplatforms to run WebSphere Liberty, Fix Installer and Java based CICS applications in the product. The following CVEs are applicable: Denial of service CVEs - CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340,...
CVE-2021-35095
Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobile...
Race condition
Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobile...
CVE-2021-35095
CVE-2021-35095 is a Qualcomm/Qualcomm-derived issue affecting Snapdragon components (Snapdragon Connectivity and Snapdragon Mobile) where improper serialization of message queue client registrations can cause a race condition, allowing multiple gunyah message clients to register with the same lab...
CVE-2021-35095
Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobile...
Apache Airflow < 1.10.11 Multiple Vulnerabilities
The version of Apache Airflow is prior to 1.10.11. It is, therefore, affected by multiple vulnerabilities, including the following: - An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker Redis, RabbitMQ directly, it i...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. Vulnerability Details CVEID: CVE-2022-21341...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK (January 2022) affects IBM InfoSphere Information Server
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2022. Vulnerability Details CVEID: CVE-2021-35603 DESCRIPTION: An unspecifie...
Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. IBM Sterling Connect:Direct Web Service has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21365 DESCRIPTION: An unspecified vulnerability in Java SE related to the ImageIO component could...
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to denial of service due to FasterXML jackson-databind
Summary IBM Sterling Connect:Direct Web Services FasterXML jackson-databind. A denial of service vulnerability in FasterXML jackson-databind has been addressed. Vulnerability Details IBM X-Force ID: 217968 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by an...
EulerOS 2.0 SP3 : java-1.7.0-openjdk (EulerOS-SA-2022-1732)
According to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported...
EulerOS 2.0 SP3 : java-1.8.0-openjdk (EulerOS-SA-2022-1733)
According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported...
RegionProtect 参数注入漏洞
RegionProtect is a plugin. A security vulnerability exists in versions of RegionProtect prior to 1.1.0, which stems from a YAML injection issue in the application. An attacker can exploit the vulnerability by passing mismatched parameters to achieve denial of service attacks...
CVE-2017-12628
The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation...
GHSA-QVQ6-CW53-RMWG Drools Improper Input Validation vulnerability allows remote attackers to execute arbitrary code in JBoss EAP
The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted...
Fat Free CRM allows remote attackers to obtain sensitive information via a direct request
Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json...
GHSA-4XQ9-VW89-P5CX Fat Free CRM allows remote attackers to obtain sensitive information via a direct request
Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json...
Injection in Apache NiFi
In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node...
GHSA-XJ7Q-Q94C-6WR3 Apache James Privilege Escalation
The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation...
CVE-2020-10969
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality. Mitigation The following conditions are needed for an exploit, we recommend avoidi...