208 matches found
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
POC for CVE-2021-44228 This python script was created while I...
CVE-2021-45046
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...
Default configuration
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...
CVE-2021-45046 Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...
CVE-2021-45046
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Log4j2-CVE-2021-44228-revshell Usage For reverse...
CVE-2021-45046
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
log4j-CVE-2021-44228-test demo projects to highlight how to ex...
openSUSE: Security Advisory for java-1_8_0-openj9 (openSUSE-SU-2021:3615-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security Bulletin: Apache CXF vulnerability identified in IBM Tivoli Application Dependency Discovery Manager (CVE-2020-13954)
Summary This security bulletin addresses the vulnerability in Open Source Apache CXF that affect IBM Tivoli Application Dependency Discovery Manager. Vulnerability Details CVEID: CVE-2020-13954 DESCRIPTION: Apache CXF is vulnerable to cross-site scripting, caused by improper validation of...
CVE-2021-41034
The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The stacks involved are Jav...
CVE-2021-41034
The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The stacks involved are Jav...
Design/Logic Flaw
The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The stacks involved are Jav...
Security Bulletin: Multiple vulnerabilities have been identified in Oracle Oct 2020 CPU for Java 8 shipped with IBM® Intelligent Operations Center (CVE-2020-14779, CVE-2020-14792,CVE-2020-14796,CVE-2020-14797,CVE-2020-14798)
Summary Multiple vulnerabilities have been identified in Oracle Oct 2020 CPU for Java 8 which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerabili...
Security Bulletin: Multiple vulnerabilities have been identified in Oracle Jan 2021 CPU for Java 8 shipped with IBM® Intelligent Operations Center (CVE-2020-14803) (CVE-2020-27221)
Summary Multiple vulnerabilities have been identified in Oracle Jan 2021 CPU for Java 8 which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerabili...
Security Bulletin: A security vulnerability has been identified in Oracle Oct 2020 CPU for Java 8 shipped with IBM® Intelligent Operations Center (CVE-2020-14782)
Summary A security vulnerability has been identified in Oracle Oct 2020 CPU for Java 8 which is shipped with IBM® Intelligent Operations Center. Information about this security vulnerability affecting IBM® Intelligent Operations Center has been published and addressed the applicable CVEs...
Security Bulletin: A security vulnerability has been identified in Oracle Oct 2020 CPU for Java 8 shipped with IBM® Intelligent Operations Center (CVE-2020-2773)
Summary A security vulnerability has been identified in Oracle Oct 2020 CPU for Java 8 which is shipped with IBM® Intelligent Operations Center. Information about this security vulnerability affecting IBM® Intelligent Operations Center has been published and addressed the applicable CVEs...
Security Bulletin: A security vulnerability has been identified in Oracle Oct 2020 CPU for Java 8 shipped with IBM® Intelligent Operations Center (CVE-2020-14781)
Summary A security vulnerability has been identified in Oracle Oct 2020 CPU for Java 8 which is shipped with IBM® Intelligent Operations Center. Information about this security vulnerability affecting IBM® Intelligent Operations Center has been published and addressed the applicable CVEs...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2021
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 SR10-FP85 and Version 8 SR6-FP30 used by IBM Tivoli Application Dependency Discovery Manager TADDM. These issues were disclosed as part of the IBM Java SDK updates in Apr2021. Vulnerability Details CVEID:...
Deserialization of untrusted data
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/ request to the server. The vulnerabilit...