CVE-2025-9437

The CVE-2025-9437 entry describes a denial-of-service vulnerability in the Studio 5000 Logix Designer add-on profile (AOP) used with Rockwell Automation’s ArmorStart Classic distributed motor controller. Technical details across connected sources indicate the issue stems from inputting invalid va...

EUVD-2020-0399

Malware in sbrugna...

Fedora: Security Advisory for aopalliance (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for objenesis (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: objenesis-3.3-9.fc40

Objenesis is a small Java library that serves one purpose: to instantiate a new object of a particular class. Java supports dynamic instantiation of classes using Class.newInstance; however, this only works if the class has an appropriate constructor. There are many times when a class cannot be...

[SECURITY] Fedora 40 Update: aopalliance-1.0-39.fc40

Aspect-Oriented Programming AOP offers a better solution to many problems than do existing technologies, such as EJB. AOP Alliance intends to facilitate and standardize the use of AOP to enhance existing middleware environments such as J2EE, or development environements e.g. Eclipse. The AOP...

Access Control Error Vulnerability in Spring Security

Spring Security is a Spring-based enterprise applications can provide a declarative security access control solution for the security framework . It provides a set of beans that can be configured in the Spring application context , taking full advantage of the Spring IoC, DI Control Inversion...

This Week in Spring - September 12th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you this fine 12th of September? I'm doing alright, elated, even. I've just returned from beautiful Oslo, Norway, and I've got a busy 30 days or so ahead, starting today. I'm visiting Seattle, WA; Mexico City, Mexico;...

Deno 安全漏洞

Deno is open source a simple , modern and secure JavaScript and TypeScript runtime environment . It uses V8 and is built with Rust. A security vulnerability exists in Deno 1.8.0 and earlier versions that exploits a vulnerability that allows a malicious program to clear the first two lines of the...

com.aiwiown:aiwiown-spring-cache (>=1.0.0 <=1.0.2-2.0.1), com.connexta.libera:libera (>=1.0.1 <=1.1.1) +101 more potentially affected by CVE-2020-8441 via org.jyaml:jyaml (=1.3)

org.jyaml:jyaml MAVEN version =1.3 is affected by a known vulnerability. The following packages have a transitive dependency on org.jyaml:jyaml and may be impacted: - com.aiwiown:aiwiown-spring-cache =1.0.0, =1.0.1, =1.0.0, =1.0.1, =0.1.3, =0.1.2, =0.1.2, =0.1.3, =0.1.3, =0.1.2, =0.1.2, =0.1.2,...

GHSA-F866-M9MV-2XR3 Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data

Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by 1 serializing a...

CVE-2021-22665

Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system...

CVE-2021-22665

Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system...

Privilege escalation

Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system...

CVE-2021-22665

CVE-2021-22665 affects Rockwell Automation DriveTools SP (v5.13 and below) and Drives AOP (v4.12 and below), where an attacker with limited local privileges can exploit an Uncontrolled Search Path Element (CWE-427) to escalate privileges and gain complete control of the system. The Red Hat/NVD/IC...

Rockwell Automation DriveTools SP and Drives AOP

1. EXECUTIVE SUMMARY CVSS v3 7.5 Vendor : Rockwell Automation Equipment : DriveTools SP and Drives AOP Vulnerability : Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability may result in privilege escalation and total loss of device confidentiality,...

Rockwell Automation DriveTools SP and Drives AOP Code Issue Vulnerability

A code issue vulnerability exists in Rockwell Automation DriveTools SP and Drives AOP that arises from improper design or implementation during code development for a networked system or product...

jackson-databind: Serialization gadgets in org.springframework:spring-aop

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

jackson-databind: Serialization gadgets in org.springframework:spring-aop

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

jackson-databind: Serialization gadgets in org.springframework:spring-aop

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...