1118 matches found
GHSA-CRG9-44H2-XW35 Apache ActiveMQ is vulnerable to Remote Code Execution
Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. Users...
CVE-2023-5814
A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been classified as critical. This affects an unknown part of the file /classes/Master.php?f=savereminder. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The...
CVE-2023-5814 SourceCodester Task Reminder System sql injection
A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been classified as critical. This affects an unknown part of the file /classes/Master.php?f=savereminder. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The...
[SECURITY] Fedora 37 Update: python-asgiref-3.5.2-1.fc37
ASGI is a standard for Python asynchronous web apps and servers to communicate with each other, and positioned as an asynchronous successor to WSGI. This package includes ASGI base libraries, such as: Sync-to-async and async-to-sync function wrappers, asgiref.sync Server base classes,...
Security Bulletin: IBM Operations Analytics Predictive Insights v1.3.6 ifix7 contains fixes for multiple security vulnerabilities.
Summary IBM Operations Analytics Predictive Insights v1.3.6 ifix7 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-32007 DESCRIPTION: Apache Spark could allow a remote authenticated attacker to execute arbitrary commands on the...
OSV-2023-989 Heap-buffer-overflow in load_sections_64
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63074 Crash type: Heap-buffer-overflow READ Crash state: loadsections64 parseclasses64 classes...
PT-2023-36067 · Git +1 · Radare2
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read crash has been reported. The crash involves the load sections 64, parse classes 64, and classes functions. No information is...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a denial of service due to IBM MQ (CVE-2023-28513).
Summary Features requiring MQ client connectivity in IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a denial of service due to IBM MQ CVE-2023-28513. The fix includes IBM Managed File Transfer and IBM MQ classes for Java at version 9.2.0.15 Vulnerability Details...
[SECURITY] Fedora 39 Update: rubygem-activejob-7.0.7.2-1.fc39
Declare job classes that can be run by a variety of queueing backends...
CVE-2023-41331 SOFARPC Remote Command Execution (RCE) Vulnerability
SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out...
Drools Core Deserialization of Untrusted Data vulnerability
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects usually called gadgets and achieve code execution on the server...
GHSA-M5Q8-58WH-XXQ4 Drools Core Deserialization of Untrusted Data vulnerability
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects usually called gadgets and achieve code execution on the server...
CVE-2022-1415
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects usually called gadgets and achieve code execution on the server...
Design/Logic Flaw
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects usually called gadgets and achieve code execution on the server...
Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer
Impact A Parse Pointer can be used to access internal Parse Server classes. It can also be used to circumvent the beforeFind query trigger which can be an additional vulnerability for deployments where the beforeFind trigger is used as a security layer to modify an incoming query. Patches The...
RLSA-2023:3595 Important: python3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Arbitrary Code Execution
yamlbeans is vulnerable toArbitrary Code Execution. The vulnerability exists due to allowing arbitrary YAML tags by default which can represent arbitrary Java classes, which allows an attacker to execute arbitrary code if the application parses untrusted YAML files...
Esoteric YamlBeans Unsafe Deserialization vulnerability
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed...
GHSA-JM7R-4PG6-GF26 Esoteric YamlBeans Unsafe Deserialization vulnerability
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed...
CVE-2023-24621
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed...