CVE-2016-0750

The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks...

CVE-2016-0750

The CVE-2016-0750 issue affects the Infinispan project’s hotrod Java client prior to 9.1.0.Final, where bytearray message contents could be deserialized during certain events. A malicious attacker could inject a crafted serialized object to trigger deserialization on the client and potentially ac...

Security Bulletin: Critical Security Vulnerability in Rational Directory Server (Tivoli and Apache) (CVE-2014-3089)

Summary A security vulnerability impacts IBM Rational Directory Server RDS 5.2.x, 5.1.1.x and Rational Directory Administrator RDA 6.x Java Client library. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more...

client: unchecked deserialization in marshaller util

The hotrod java client in infinispan automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks...

Infinispan 'hotrod java' client-side remote code execution vulnerability

Infinispan is a distributed in-memory data grid. A remote code execution vulnerability exists in the Infinispan 'hotrod java' client, which allows remote attackers to exploit the vulnerability by submitting a special request to execute arbitrary code in the context of the application...

Important: Red Hat Security Advisory: Red Hat JBoss Data Grid 7.1.1 security update

Red Hat JBoss Data Grid 7.1.1 is now available for download from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2016-0750

The hotrod java client in infinispan automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks...

CVE-2015-7934

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors...

CVE-2015-7931

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support...

Design/Logic Flaw

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors...

Information disclosure

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support...

CVE-2015-7934

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors...

CVE-2015-7931

The CVE-2015-7931 vulnerability affects the Adcon Telemetry A840 Telemetry Gateway Base Station, where the Java client does not authenticate the station device and lacks SSL support. This enables MITM-style spoofing and reading plaintext packet data, causing information disclosure/confidentiality...

CVE-2015-7931

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support...

CVE-2015-7934

The CVE-2015-7934 entry concerns the Adcon Telemetry A840 Telemetry Gateway Base Station’s Java client, where the Java client reveals the full pathname of log files on the server. The vulnerability is an information disclosure (log-file pathnames) that could be exploited remotely, with no client ...

Design/Logic Flaw

The RDS Java Client library in IBM Rational Directory Server RDS 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator RDA 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading a...

CVE-2014-3089

CVE-2014-3089 affects IBM Rational Directory Server (RDS) Java Client libraries and related components. The vulnerability arises because the RDS Java Client library carries the cleartext password for the root user, allowing an attacker with local access to obtain sensitive data by reading the lib...

October 2013 Oracle Java Critical Patch Update

On Tuesday, for the first time, Java security updates were included with the quarterly Oracle Critical Patch Update – and just as quickly, Java wasted no time elevating itself as the top concern for Oracle admins and security experts. Of the 51 Java patches released, 50 allow for remote code...

Code injection

Unspecified vulnerability in the Agile EDM component in Oracle Supply Chain Products Suite 6.1.1.0, 6.1.2.0, and 6.1.2.2 allows remote authenticated users to affect integrity via unknown vectors related to Java Client...

CVE-2013-2441

Technical details about CVE-2013-2441 are not publicly available in the provided documents. Monitor for updates from Oracle CPU advisories and CVE references.