SUSE CVE-2024-53866

The package manager pnpm prior to version 9.15.0 seems to mishandle overrides and global cache: Overrides from one workspace leak into npm metadata saved in global cache; npm metadata from global cache affects other workspaces; and installs by default don't revalidate the data including on first...

Linux Distros Unpatched Vulnerability : CVE-2020-8165

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A deserialization of untrusted data vulnernerability exists in rails 5.2.4.3, rails 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in...

org.infinispan:infinispan-cachestore-jdbc (>=15.0.0.Dev01 <=15.0.0.Dev10), org.infinispan:infinispan-cachestore-sql (>=15.0.0.Dev01 <=15.0.0.Dev10) +10 more potentially affected by CVE-2023-5384 via org.infinispan:infinispan-cachestore-jdbc-common (>=15.0.0.Dev01 <=15.0.0.Dev06)

org.infinispan:infinispan-cachestore-jdbc-common MAVEN version =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev06, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev10 Source cves: CVE-2023-538...

rubygem-activesupport: potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore

A flaw was found in rubygem-activesupport. An untrusted user input can be written to the cache store using the raw: true parameter which can lead to the result being evaluated as a marshaled object instead of plain text. The threat from this vulnerability is to data confidentiality and integrity ...

OESA-2021-1145 rubygem-rails security update

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration. Security Fixes: A deserialization of untrusted data vulnernerability exists in rails 5.2.4.3, rails 6.0.3.1 that can...

DEBIAN-CVE-2020-8165

A deserialization of untrusted data vulnernerability exists in rails 5.2.4.3, rails 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE...

UBUNTU-CVE-2020-8165

A deserialization of untrusted data vulnernerability exists in rails 5.2.4.3, rails 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE...

CVE-2020-8165

A flaw was found in rubygem-activesupport. An untrusted user input can be written to the cache store using the raw: true parameter which can lead to the result being evaluated as a marshaled object instead of plain text. The threat from this vulnerability is to data confidentiality and integrity ...

The vulnerabilities of the Caching components, CacheStore, and the software platform for data processing in Oracle Coherence allow a hacker to gain full control over the application.

The vulnerability of the Caching, CacheStore, and Invocation components of the Oracle Coherence data processing software platform is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain full control over the application through the IIOP an...

Arbitrary Code Execution

activesupport is vulnerable to arbitrary code execution. The vulnerability exists as the user input written to the cache store using the raw: true parameter can cause the cached code to be evaluated when read again...