Deserialization of Untrusted Data in superset

Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation...

PYSEC-2018-74

Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation...

Remote code execution

Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation...

PYSEC-2018-74

Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation...

CVE-2018-8021

Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation...

CVE-2018-8021

Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation...

[SECURITY] Fedora 28 Update: tomcat-8.5.32-1.fc28

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Apache Releases Security Update for Apache Struts 2

The Apache Software Foundation has released a security update to address a vulnerability in Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review Apache...

Apache Releases Security Updates for Apache Tomcat

The Apache Software Foundation has released security updates to address vulnerabilities in Apache Tomcat versions 9.0.0.M9 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. A remote attacker could exploit one of these vulnerabilities to obtain sensitive information. NCCIC...

Apache PDFBox 1.8.14 / 2.0.10 Denial Of Service Vulnerability

Exploit for windows platform in category dos / poc CVE-2018-8036 DoS OOM Vulnerability in Apache PDFBox's AFMParser Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache PDFBox 1.8.0 to 1.8.14 Apache PDFBox 2.0.0 to 2.0.10 Earlier, unsupported Apache PDFBox versions...

WMI Exec

A similar approach to psexec but executing commands through WMI. !/usr/bin/env python3 Copyright c 2003-2018 CORE Security Technologies This software is provided under under a slightly modified version of the Apache Software License. See the accompanying LICENSE file for more information. import...

Apache Hadoop 2.7.3 Privilege Escalation Vulnerability

Exploit for multiple platform in category remote exploits CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability Severity: Critical Vendor: The Apache Software Foundation Versions Affected: All the Apache Hadoop versions from 2.2.0 to 2.7.3 Description: A user who can escalate to yarn us...

[SECURITY] Fedora 27 Update: tomcat-8.0.50-1.fc27

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Apache Software Foundation Releases Security Update

The Apache Software Foundation has released a security update to address a vulnerability in Struts 2. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. NCCIC/US-CERT encourages users and administrators to review the Apache Security Bulletin and make the...

FreeBSD : tomcat -- Security constraints ignored or applied too late (55c4233e-1844-11e8-a712-0025908740c2)

The Apache Software Foundation reports : Security constraints defined by annotations of Servlets were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order...

Apache Tomcat Security Bypass Vulnerability(CVE-2018-1305)

Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.4 Apache Tomcat 8.5.0 to 8.5.27 Apache Tomcat 8.0.0.RC1 to 8.0.49 Apache Tomcat 7.0.0 to 7.0.84 Description: Security constraints defined by annotations of Servlets were only applied once a Servlet had been...

Apache ActiveMQ suffers from an information disclosure vulnerability

Apache ActiveMQ is the United States Apache Apache Software Foundation developed a set of open source messaging middleware , which supports Java messaging services , clustering , Spring Framework and so on. Apache ActiveMQ 5.14.0 to 5.15.2 versions of the information leakage vulnerability , an...

tomcat -- Security constraints ignored or applied too late

The Apache Software Foundation reports: Security constraints defined by annotations of Servlets were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order...

Apache Hadoop 0.23.x Private File Disclosure Vulnerability

A vulnerability allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host. Apache Hadoop...

Apache Software Foundation Releases Security Updates

The Apache Software Foundation has released security updates to address vulnerabilities in Apache Struts versions 2.5 to 2.5.14. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Apache Securit...