13 matches found
EUVD-2019-0196
Malware in sbrugna...
CVE-2023-46120
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. maxBodyLebgth was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may...
CVE-2023-46120
CVE-2023-46120 affects the RabbitMQ Java Client. The issue arises because maxBodyLebgth was not used when receiving Message objects, allowing an attacker to send a very large Message that could cause memory overflow and DoS/OOM in the consumer. The vulnerability is patched in RabbitMQ Java Client...
CVE-2021-25738
CVE-2021-25738: The vulnerability arises from loading specially crafted YAML via the Kubernetes Java Client library, enabling code execution. Connected documents consistently describe this YAML-loading path as the root cause and code execution outcome. The public data does not provide precise aff...
EulerOS Virtualization 3.0.6.6 : thrift (EulerOS-SA-2021-1457)
According to the versions of the thrift packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with...
Huawei EulerOS: Security Advisory for thrift (EulerOS-SA-2019-1458)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Eclipse Paho Java client library input validation error vulnerability
Eclipse Paho Java client library is the Eclipse Foundation of a use of the Java language written in MQTT Message Queuing Telemetry Transport client library . An input validation error vulnerability exists in the Eclipse Paho Java client library version 1.2.0. The vulnerability originates from a...
CVE-2019-11777
CVE-2019-11777 – confirmed in connected documents : The Eclipse Paho Java client library (v1.2.0) could bypass host name verification when connecting to an MQTT server over TLS, if a host name verifier is configured, allowing a server to impersonate another and feed the client library with incorr...
EulerOS Virtualization 3.0.1.0 : thrift (EulerOS-SA-2019-1458)
According to the versions of the thrift packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security...
CVE-2018-1320
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...
CVE-2018-1320
CVE-2018-1320 affects Apache Thrift: Java client library versions 0.5.0–0.11.0. The issue stems from an assert in TSaslTransport.isComplete that validates SASL handshakes; disabling this check can leave SASL negotiation validation incomplete, enabling a security bypass. Multiple connected sources...
CVE-2018-1320
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...
Security Bulletin: Critical Security Vulnerability in Rational Directory Server (Tivoli and Apache) (CVE-2014-3089)
Summary A security vulnerability impacts IBM Rational Directory Server RDS 5.2.x, 5.1.1.x and Rational Directory Administrator RDA 6.x Java Client library. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more...