Debian: Security Advisory (DLA-2407-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2407-1] tomcat8 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2407-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb October 14, 2020 https://wiki.debian.org/LTS -...

Security Bulletin: Multiple vulnerabilities have been identified in Apache Camel shipped with IBM Netcool/OMNIbus Probe DSL Factory Framework

Summary Apache Camel is a dependency component shipped with the IBM Netcool/OMNIbus Probe DSL Factory Framework. Information about the security vulnerabilities affecting Apache Camel has been published. CVE-2020-11971, CVE-2020-11973, CVE-2020-11972 Vulnerability Details CVEID: CVE-2020-11971...

CVE-2020-13651

CVE-2020-13651 concerns DigDash versions (2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430). A user-supplied data input is used to generate the JNLP file that a client uses to obtain the Java application. By supplying an attacker-controlled URL, the client can retriev...

CVE-2020-13651

An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430. It allows a user to provide data that will be used to generate the JNLP file used by a client to obtain the right Java application. By providing an attacker-controlled URL, the client...

Oracle Weblogic SOAPInvokeState Remote Code Execution Vulnerability

WebLogic is an application server produced by Oracle Corporation of the United States, is a JAVAEE architecture-based middleware, WebLogic is used to develop, integrate, deploy and manage large-scale distributed Web applications, network applications and database applications. WebLogic is used to...

Privilege Escalation

The gcc and gcc4 is vulnerable to Privilege Escalation. A flaw was found in the way GNU Libtool's libltdl library looked for libraries to load. It was possible for libltdl to load a malicious library from the current working directory. In certain configurations, if a local attacker is able to tri...

Arbitrary Code Execution

lcms is vulnerable to arbitrary code execution. The vulnerability exists in the way LittleCMS handled color profiles. An attacker could use these flaws to create a specially-crafted image file which could cause a Java application to crash or, possibly, execute arbitrary code when opened...

Arbitrary Code Execution

lcms is vulnerable to arbitrary code execution. The vulnerability exists in the way LittleCMS handled color profiles. An attacker could use these flaws to create a specially-crafted image file which could cause a Java application to crash or, possibly, execute arbitrary code when opened...

CVE-2019-5326

An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component...

Design/Logic Flaw

An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component...

CVE-2019-5326

CVE-2019-5326 affects Aruba Airwave VisualRF with code execution on the AMP platform due to the ability to overwrite a disk file that is later deserialized by a Java component. The vulnerability arises from improper deserialization of a file write, enabling an administrative user with write acces...

CVE-2019-5326

An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component...

fastjson-remote-code-execute-poc

This repository is an exploit module for a remote code execution RCE vulnerability in the FastJSON library, version 1.2.24. The exploit is likely targeting a Java application that uses this library. The repository contains metadata from the IntelliJ IDEA project, which includes information about...

CVE-2017-3511

An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges...

CVE-2018-2634

The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application...

Vulnado - Purposely Vulnerable Java Application To Help Lead Secure Coding Workshops

This application and exercises will take you through some of the OWASP top 10 Vulnerabilities and how to prevent them. Up and running 1. Install Docker for MacOS or Windows. You'll need to create a Docker account if you don't already have one. 2. git clone git://github.com/ScaleSec/vulnado 3. cd...

CVE-2019-0327

SAP NetWeaver for Java Application Server - Web Container, engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5, servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5, allows an attacker to upload files including script files without proper file format validation...

CVE-2019-0327

SAP NetWeaver for Java Application Server - Web Container, engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5, servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5, allows an attacker to upload files including script files without proper file format validation...

CVE-2019-0327

This CVE affects SAP NetWeaver for Java Application Server Web Container. The vulnerability allows an attacker to upload files (including script files) due to inadequate file format validation in engineapi (versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5) and servercode (versions 7.2, 7.3, 7.31, 7.4, 7.5)...