950 matches found
CVE-2023-32217
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments...
CVE-2023-32336
IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285...
CVE-2023-30262
An issue found in MIM software Inc MIM License Server and MIMpacs services v.6.9 thru v.7.0 fixed in v.7.0.10 allows a remote unauthenticated attacker to execute arbitrary code via the RMI Registry service...
CVE-2022-44553
The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically...
CVE-2020-8574
Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation JMX RMI service enabled allowing unauthorized code execution to local users...
CVE-2019-14958
JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation...
Arbitrary Command Injection
Overview aworld is an Ant Agent Package Affected versions of this package are vulnerable to Arbitrary Command Injection through the subprocess.run and subprocess.Popen functions in shelltool.py. This allows an attacker to inject malicious commands due to insufficient sanitization of user-supplied...
undertow: client side invocation timeout raised when calling over HTTP2
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...
PT-2025-15231 · Red Hat · Red Hat Jboss Enterprise Application Platform +1
Name of the Vulnerable Software and Affected Versions: WildFly affected versions not specified JBoss Enterprise Application Platform EAP affected versions not specified Description: A security flaw exists within the Enterprise JavaBeans EJB remote invocation mechanism, stemming from untrusted dat...
Red Hat JBoss Enterprise Application Platform和Red Hat Wildfly 代码问题漏洞
Red Hat JBoss Enterprise Application Platform EAP and Red Hat Wildfly are both products of Red Hat, Inc.Red Hat JBoss Enterprise Application Platform is an open source, J2EE-based middleware platform. J2EE-based middleware platform. The platform is mainly used for building, deploying and hosting...
Header Injection
org.apache.camel, camel-support is vulnerable to a Header Injection. The vulnerability is due to insufficient header filtering, where only headers starting with "Camel", "camel", or "org.apache.camel." are blocked, allows attackers to forge header names and manipulate method invocation in the...
CVE-2024-45580
Memory corruption while handling multuple IOCTL calls from userspace for remote invocation...
CVE-2024-45580
Memory corruption while handling multuple IOCTL calls from userspace for remote invocation...
CVE-2024-45580
Memory corruption while handling multuple IOCTL calls from userspace for remote invocation...
CVE-2024-45580 Use After Free in DSP Service
Memory corruption while handling multuple IOCTL calls from userspace for remote invocation...
CVE-2024-45580
CVE-2024-45580: A memory corruption issue in Qualcomm kernel due to handling multiple IOCTL calls from user space for remote invocation. Affected: Qualcomm components using the kernel/ DSP service stack where IOCTL processing could lead to arbitrary memory corruption. Impact as described: high fo...
CVE-2024-45580 Use After Free in DSP Service
Memory corruption while handling multuple IOCTL calls from userspace for remote invocation...
CVE-2024-28181
turboboost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should...
Man-in-the-Middle (MitM)
Overview org.apache.cassandra:cassandra-all is a maven plugin for the Apache Cassandra Project. Which, develops a highly scalable second-generation distributed database, bringing together Dynamo's fully distributed design and Bigtable's ColumnFamily-based data model. Affected versions of this...
AZL-56430 CVE-2024-27137 affecting package cassandra 5.0.0-2
In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...