24 matches found
EUVD-2018-0619
Malware in sbrugna...
EUVD-2022-5807
Malicious code in bioql PyPI...
CVE-2024-29212
Due to an unsafe de-serialization method used by the Veeam Service Provider ConsoleVSPC server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution RCE on the VSPC server machine...
CVE-2024-29212
CVE-2024-29212 affects Veeam Service Provider Console (VSPC). Multiple connected sources confirm an unsafe deserialization in VSPC server communications between the management agent and components, enabling Remote Code Execution (RCE) under certain conditions. Affected versions are reportedly VSP...
Security Bulletin: Multiple vulnerabilities in Apache Camel core affect IBM Application Performance Management products
Summary Apache Camel core is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2014-0002 DESCRIPTION: Apache Camel could allow a remote attacker to obtain sensitive information, caused by an error in t...
CVE-2017-12628
The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation...
GHSA-XJ7Q-Q94C-6WR3 Apache James Privilege Escalation
The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation...
Security Bulletin: Vulnerability in IBM TRIRIGA Application Platform (CVE-2015-7450)
Summary IBM TRIRIGA Platform is vulnerable to Java Object De-Serialization Vulnerability. Vulnerability Details CVEID: CVE-2015-7450 CVSS Base Score: 9.80 CVSS Temporal Score: See X-Force for the current score CVSS Environmental Score: Undefined CVSS Vector:...
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks
Apache Camel's camel-jackson and camel-jacksonxml components are vulnerable to Java object de-serialisation vulnerability. Camel allows to specify such a type through the 'CamelJacksonUnmarshalType' property. De-serializing untrusted data can lead to security flaws as demonstrated in various...
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization. De-serializing untrusted data can lead to security flaws...
CVE-2018-1000224
The CVE-2018-1000224 issue affects Godot Engine: vulnerable in (De)Serialization paths in core/io/marshalls.cpp across all versions earlier than 2.1.5 and 3.0 before 3.0.6. It exposes a Signed/unsigned comparison, wrong buffer size checks, integer overflow, and missing padding initialization, ena...
CVE-2017-12628
The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation...
Privilege escalation
The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation...
CVE-2017-12628
The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation...
CVE-2017-3159
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws...
CVE-2017-3159
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws...
Design/Logic Flaw
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws...
CVE-2017-3159
CVE-2017-3159 affects Apache Camel's camel-snakeyaml component, enabling Java deserialization that can lead to remote code execution when untrusted data is deserialized. The NVD entry assigns a high/critical impact (CVSS v3 base 9.8, NETWORK/LOW complexity, no authentication) with potential execu...
CVE-2017-3159
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws...
CVE-2016-8749
It was found that Apache Camel's camel-jackson and camel-jacksonxml components are vulnerable to Java object de-serialisation vulnerability. Camel allows such a type through the 'CamelJacksonUnmarshalType' property. De-serializing untrusted data can lead to security flaws as demonstrated in vario...