EUVD-2015-3321

Malicious code in bioql PyPI...

GHSA-W8V7-PRHW-XJPW Apache Flex BlazeDS unsafe deserialization

Previous versions of Apache Flex BlazeDS 4.7.2 and earlier did not restrict which types were allowed for AMFX object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such...

Apache Flex BlazeDS unsafe deserialization

Previous versions of Apache Flex BlazeDS 4.7.2 and earlier did not restrict which types were allowed for AMFX object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such...

The vulnerability of the Apache Flex BlazeDS component, a software tool for managing devices in OnCell Central Manager networks, allows a malicious individual to view the content of any file on the server or perform network scanning of both internal and external infrastructure.

The vulnerability of the Apache Flex BlazeDS component, a software tool for managing devices in OnCell Central Manager networks, is related to the lack of protection for operational data. Exploiting this vulnerability allows an attacker to remotely access and view the content of any file on the...

The vulnerability of the Apache Flex BlazeDS component, a software tool for managing devices in OnCell Central Manager networks, allows a hacker to execute arbitrary code.

The vulnerability of the Apache Flex BlazeDS component, a software tool for managing devices in OnCell Central Manager networks, is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

U.S. Dept Of Defense: [HTAF4-213] [Pre-submission] Unsafe AMF deserialization (CVE-2017-5641) in Apache Flex BlazeDS at the https://www.███████/daip/messagebroker/amf

The vulnerability was an unsafe AMF Action Message Format deserialization issue in Apache Flex BlazeDS, affecting the /daip/messagebroker/amf endpoint. Successful exploitation could allow an attacker to trigger a DNS lookup by sending a crafted AMF payload. The vulnerability was identified and...

Deserialization of untrusted data

Previous versions of Apache Flex BlazeDS 4.7.2 and earlier did not restrict which types were allowed for AMFX object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such...

CVE-2017-5641

Previous versions of Apache Flex BlazeDS 4.7.2 and earlier did not restrict which types were allowed for AMFX object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such...

CVE-2017-5641

CVE-2017-5641 is an insecure-deserialization issue in Apache Flex BlazeDS (AMF3) affecting BlazeDS

CVE-2017-5641

Previous versions of Apache Flex BlazeDS 4.7.2 and earlier did not restrict which types were allowed for AMFX object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such...

Java AMF3 deserialization vulnerability analysis-vulnerability warning-the black bar safety net

AMF Action Message Format is a binary serialization format, before the main Flash application in using this format. Recently, the Code White found to have multiple Java AMF library in the presence of vulnerabilities, and these vulnerabilities will lead to unauthenticated remote code execution...

HP Operations Manager i Apache Flex BlazeDS External Entity Injection Vulnerability

The remote HP Operations Manager i host is affected by an XML external entity XXE vulnerability in the bundled version of Apache Flex BlazeDS due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. A remote attacker can exploit this, via a specially...

Apache Flex BlazeDS 4.7.1 SSRF

CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1 Severity: Important Vendor: The Apache Software Foundation Versions Affected: BlazeDS 4.7.0 and 4.7.1 Description: The code in BlazeDS to deserialize AMF XML datatypes allows so-called SSRF Attacks Server Side Request Forgery in which...

VMware Patches Pesky XXE Bug in Flex BlazeDS

VMware has patched an information disclosure vulnerability affecting a number of its products that use Flex BlazeDS. The original vulnerability was discovered and disclosed in August by Matthias Kaiser of Code White GmbH. Researchers there found a XML External Entity flaw in Apache Flex BlazeDS...

Xxe

Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services LCDS 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containin...

CVE-2015-3269

CVE-2015-3269 is an XXE vulnerability in Apache Flex BlazeDS (used by flex-messaging-core.jar in LCDS) that allows a remote attacker to read arbitrary files via an AMF message containing an XML external entity declaration with an entity reference. Affected products include BlazeDS components in A...

CVE-2015-3269

Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services LCDS 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containin...

CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability

CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Flex BlazeDS 4.7.0 Description: When receiving XML encoded AMF messages containing DTD entities, the default XML parser configurations...