OpenTelemetry: Unsafe Deserialization in RMI Instrumentation may Lead to Remote Code Execution

In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. An attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this to potentially achieve remote code execution. Al...

GHSA-XW7X-H9FJ-P2C7 OpenTelemetry: Unsafe Deserialization in RMI Instrumentation may Lead to Remote Code Execution

In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. An attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this to potentially achieve remote code execution. Al...

EUVD-2024-0671

Malicious code in bioql PyPI...

CVE-2024-23830

MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround,...

Design/Logic Flaw

MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround,...

CVE-2024-23830 MantisBT Host Header Injection vulnerability

MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround,...

MantisBT Security Vulnerabilities

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A security vulnerability exists in MantisBT versions prior to 2.26.1, which originates from an unauthenticated...

SUSE CVE-2021-29622

Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirec...

UBUNTU-CVE-2021-29622

Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirec...

CVE-2021-29622

Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirec...

Node-RED-Dashboard Path Traversal Vulnerability

A path traversal vulnerability exists in Node-RED-Dashboard before 2.26.2, which can be exploited by an attacker to traverse paths...

openSUSE Security Update : seamonkey (openSUSE-SU-2014:0855-1)

seamonkey was updated to version 2.26.1 to fix nine security issues. These security issues were fixed : - Miscellaneous memory safety hazards CVE-2014-1533/CVE-2014-1534 - Use-after-free and out of bounds issues found using Address Sanitizer CVE-2014-1536/CVE-2014-1537/CVE-2014-1538 -...

PT-2012-1129 · Gnome +2 · Gdk-Pixbuf +2

Name of the Vulnerable Software and Affected Versions: gdk-pixbuf versions prior to 2.26.1 Description: The issue is related to multiple integer overflows in the read bitmap file data function in io-xbm.c, which can be triggered by a negative height or width in an XBM file. This can cause a...