25 matches found
Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.4 security update
A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Changes in OWASP API Security Top-10 2023RC | API Security Newsletter
Welcome to our March API newsletter, recapping some of the events of last month. And what a month it was. Among other buzzworthy news, OWASP published the initial Release Candidate for the 2023 API Security Top-10 list – we analyzed the ins & outs and presented them over the course of a couple of...
Important: Red Hat Security Advisory: Red Hat Data Grid 7.3.10 security update
An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Metasploit Weekly Wrap-Up
Pre-authenticated Remote Code Execution in VMware NSX Manager using XStream CVE-2021-39144 There’s nothing quite like a pre-authenticated remote code execution vulnerability in a piece of enterprise software. This week, community contributor h00die-gr3y added a module that targets VMware NSX...
VMware NSX Manager XStream Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware NSX Manager XStream unauthenticated RCE', 'Description' = %q VMware Cloud Foundation NSX-V contains a remote code execution vulnerability...
XStream Command Injection (CVE-2021-39144)
A command injection vulnerability exists in XStream. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
VMware Cloud Foundation has a significant RCE flaw
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A Remote Code Execution RCE vulnerability through the XStream open-source library tagged as CVE-2021-39144 in the VMware Cloud Foundation, which is a hybrid cloud platform for hosting enterprise...
VMware Releases Patch for Critical RCE Flaw in Cloud Foundation Platform
VMware on Tuesday shipped security updates to address a critical security flaw in its VMware Cloud Foundation product. Tracked as CVE-2021-39144, the issue has been rated 9.8 out of 10 on the CVSS vulnerability scoring system, and relates to a remote code execution vulnerability via XStream open...
Moderate: Red Hat Security Advisory: Red Hat Data Grid 8.3.0 security update
An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Moderate: Red Hat Security Advisory: Red Hat Decision Manager 7.12.0 security update
An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...
Critical: Red Hat Security Advisory: Red Hat Process Automation Manager 7.12.0 security update
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
Important: xstream
Issue Overview: A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to...
Moderate: Red Hat Security Advisory: Red Hat Integration Camel-K 1.6 release and security update
A minor version update from 1.4.2 to 1.6 is now available for Red Hat Integration Camel K that includes bug fixes and enhancements. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a...
[SECURITY] [DSA 5004-1] libxstream-java security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5004-1 [email protected] https://www.debian.org/security/ Markus Koschany November 10, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DSA 5004-1] libxstream-java security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5004-1 [email protected] https://www.debian.org/security/ Markus Koschany November 10, 2021 https://www.debian.org/security/faq -...
RHEL 7 : xstream (RHSA-2021:3956)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3956 advisory. XStream is a Java XML serialization library to serialize objects to and deserialize object from XML. Security Fixes: xstream: Arbitrary code...
Fedora: Security Advisory for xstream (FEDORA-2021-fbad11014a)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for xstream (FEDORA-2021-d894ca87dc)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE: Security Advisory for xstream (openSUSE-SU-2021:3476-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for xstream (important)
openSUSE Security Update: Security update for xstream Announcement ID: openSUSE-SU-2021:3476-1 Rating: important References: 1189798 Cross-References: CVE-2021-39139 CVE-2021-39140 CVE-2021-39141 CVE-2021-39144 CVE-2021-39145 CVE-2021-39146 CVE-2021-39147 CVE-2021-39148 CVE-2021-39149...