Lucene search
K

52 matches found

BDU FSTEC
BDU FSTEC
added 2019/09/05 12:0 a.m.6 views

The vulnerability of the org.slf4j.ext.EventData component in the slf4j-ext library of SLF4J allows attackers to circumvent existing security restrictions.

The vulnerability of the org.slf4j.ext.EventData component in the slf4j-ext library of SLF4J lies in the possibility of memory corruption due to an unreliable data structure. Exploiting this vulnerability allows a remote attacker to circumvent existing security restrictions...

10CVSS5.6AI score0.15087EPSS
Exploits0References5Affected Software9
RedHat Linux
RedHat Linux
added 2019/07/22 2:53 p.m.2 views

jackson-databind: arbitrary code execution in slf4j-ext class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.6AI score0.12679EPSS
Exploits0References4
Openbugbounty
Openbugbounty
added 2019/07/10 7:3 a.m.7 views

facade-sur-mesure.fr Cross Site Scripting vulnerability

Security Researcher Renzi Helped patch 6742 vulnerabilities Received 8 Coordinated Disclosure badges Received 36 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting facade-sur-mesure.fr website and its users. Following...

0.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/04/24 6:46 p.m.2 views

jackson-databind: arbitrary code execution in slf4j-ext class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.6AI score0.12679EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/07/05 3:28 p.m.2 views

slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

9.8CVSS7.2AI score0.15087EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/05/14 8:51 p.m.3 views

slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

9.8CVSS7.2AI score0.15087EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/04/03 6:20 p.m.3 views

slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

9.8CVSS7.2AI score0.15087EPSS
Exploits0References4
OSV
OSV
added 2018/03/20 4:29 p.m.2 views

UBUNTU-CVE-2018-8088

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series...

9.8CVSS6.8AI score0.15087EPSS
Exploits0References5
Fedora
Fedora
added 2017/04/20 4:49 p.m.17 views

[SECURITY] Fedora 24 Update: jenkins-xstream-1.4.7-11.jenkins1.fc24

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

0.2AI score
Exploits0
OSV
OSV
added 2017/04/17 12:0 a.m.5 views

UBUNTU-CVE-2017-5648

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was...

9.1CVSS7.1AI score0.13225EPSS
Exploits0References4
Veracode
Veracode
added 2017/04/11 2:17 a.m.40 views

Information Disclosure

Tomcat is vulnerable to information disclosure. The library does not use the appropriate facade object when making calls to certain application listeners. This allows an untrusted application to retain a reference to the object and access or modify the associated information...

9.1CVSS8.5AI score0.13225EPSS
Exploits0References25Affected Software7
Fedora
Fedora
added 2014/02/22 12:56 a.m.34 views

[SECURITY] Fedora 19 Update: xstream-1.3.1-5.1.fc19

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

9.8CVSS0.4AI score0.84362EPSS
Exploits5
Rows per page
Query Builder