34 matches found
Unity Linux 20.1070e Security Update: infinispan (UTSA-2026-016716)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016716 advisory. It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker cou...
EUVD-2020-3167
Malware in sbrugna...
EUVD-2016-0773
Malware in sbrugna...
EUVD-2022-2317
Malicious code in bioql PyPI...
Deserialization of Untrusted Data in Infinispan
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks...
GHSA-46R5-59FG-2FJC Deserialization of Untrusted Data in Infinispan
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks...
OESA-2021-1139 infinispan security update
Infinispan is an extremely scalable, highly available data grid platform - 100% open source, and written in Java. The purpose of Infinispan is to expose a data structure that is highly concurrent, designed ground-up to make the most of modern multi-processor/multi-core architectures while at the...
CVE-2020-10746
A flaw was found in Infinispan org.infinispan:infinispan-server-runtime version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion...
Design/Logic Flaw
A flaw was found in Infinispan org.infinispan:infinispan-server-runtime version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion...
CVE-2020-10746
A flaw was found in Infinispan org.infinispan:infinispan-server-runtime version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion...
CVE-2020-10746
A flaw was found in Infinispan org.infinispan:infinispan-server-runtime version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion...
Infinispan: REST and HotRod APIs unsecured locally by default
A flaw was found in Infinispan org.infinispan:infinispan-server-runtime version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion...
infinispan: Unsafe deserialization of malicious object injected into data cache
It was found that the Hotrod client in Infinispan would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks...
CVE-2017-15089
It was found that the Hotrod client in Infinispan would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks...
infinispan: Unsafe deserialization of malicious object injected into data cache
It was found that the Hotrod client in Infinispan would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks...
CVE-2016-0750
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks...
CVE-2016-0750
The CVE-2016-0750 issue affects the Infinispan project’s hotrod Java client prior to 9.1.0.Final, where bytearray message contents could be deserialized during certain events. A malicious attacker could inject a crafted serialized object to trigger deserialization on the client and potentially ac...
Red Hat JBoss Data Grid Hotrod Client Insecure Deserialization (CVE-2017-15089)
An insecure deserialization vulnerability exists in the Hotrod client that ships with Red Hat JBoss Data Grid. This vulnerability is due the Hotrod client unsafely reading serialized data from the JBoss Data Grid cache...
infinispan: Unsafe deserialization of malicious object injected into data cache
It was found that the Hotrod client in Infinispan would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.2.1 security update
Red Hat Single Sign-On 7.2.1 is now available for download from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...