slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

Sandbox Breakout / Arbitrary Code Execution in static-eval

Affected versions of static-eval pass untrusted user input directly to the global function constructor, resulting in an arbitrary code execution vulnerability when user input is parsed via the package. Proof of concept js var evaluate = require'static-eval'; var parse = require'esprima'.parse; va...

GHSA-5MJW-6JRH-HVFQ Sandbox Breakout / Arbitrary Code Execution in static-eval

Affected versions of static-eval pass untrusted user input directly to the global function constructor, resulting in an arbitrary code execution vulnerability when user input is parsed via the package. Proof of concept js var evaluate = require'static-eval'; var parse = require'esprima'.parse; va...

py-cryptography -- tag forgery vulnerability

The Python Cryptographic Authority PyCA project reports: finalizewithtag allowed tag truncation by default which can allow tag forgery in some cases. The method now enforces the mintaglength provided to the GCM constructor...

CVE-2016-9897

Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

CVE-2016-9897

Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

CVE-2016-9897

Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

GHSA-3PXP-6963-46R9 Command Injection in pdfinfojs

Versions of pdfinfojs before 0.4.1 are vulnerable to command injection. This is exploitable if an attacker can control the filename parameter that is passed into the pdfinfojs constructor. Recommendation Update to version 0.4.1 or later...

CVE-2017-16226

The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution...

CVE-2017-16226

The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution...

Code injection

The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution...

CVE-2017-16226

The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution...

static-eval Arbitrary Code Execution Vulnerability

static-eval is a module for evaluating statically analyzable expressions. A security vulnerability exists in static-eval. An attacker can exploit this vulnerability to execute arbitrary code by accessing the constructor of the global function...

CVE-2018-8013

In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization...

Deserialization of untrusted data

In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization...

CVE-2018-8013

In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 6.4.20 (RHSA-2018:1448)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1448 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...

slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

RHEL 6 / 7 : jboss-ec2-eap package for EAP 7.1.2 (Important) (RHSA-2018:1249)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1249 advisory. The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services AWS...

slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...