Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-...

Jettison 缓冲区错误漏洞

Jettison is jettison-json open source Jettison is a Java library . Jettison is a Java library that is used to convert XML to JSON with the help of StAX. Jettison has a security vulnerability , the vulnerability stems from parsing untrusted XML or JSON data may be vulnerable to denial of service...

Debian: Security Advisory (DLA-3100-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the Nimbus JOSE + JWT Java library, related to incorrect verification of the cryptographic signature, allows a perpetrator to influence the integrity of the information.

The vulnerability of the Nimbus JOSE + JWT Java library is related to an incorrect verification of the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to influence the integrity of the information...

Oracle Linux 7 : java-11-openjdk (ELSA-2022-5687)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5687 advisory. 1:11.0.16.0.8-1.0.1 - link atomic for ix86 build 1:11.0.16.0.8-1 - Update to jdk-11.0.16+8 - Update release notes to 11.0.16+8 - Use same tarball namin...

protobuf-java: potential DoS in the parsing procedure for binary data

A flaw was found in protobuf-java. Google Protocol Buffer protobuf-java allows the interleaving of com.google.protobuf.UnknownFieldSet fields. By persuading a victim to open specially-crafted content, a remote attacker could cause a timeout in the ProtobufFuzzer function, resulting in a denial of...

ae.teletronics.ejabberd:EjabberdXMLRPCClient (>=1.0.2 <=1.1.0), br.eti.kinoshita:testlink-java-api (>=1.9.0-1 <=1.9.20-1) +281 more potentially affected by CVE-2016-5004 via org.apache.xmlrpc:xmlrpc-common (>=3.0 <=3.1.3)

org.apache.xmlrpc:xmlrpc-common MAVEN version =3.0, =1.0.2, =1.9.0-1, =0.0.1, =0.0.1, =2.6.1.19, =8.1.0.286, =8.1.0.286, =8.1.0.286, =1.0.0.RELEASE, =0.5, =0.5, =0.7, =0.9 and more Source cves: CVE-2016-5004 Source advisory: OSV:GHSA-R2PG-W96P-PCPJ...

Improper Input Validation in Bouncy Castle

The TLS implementation in the Bouncy Castle Java library before 1.48 and C library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attack...

at.chrl:chrl-jms (=1.1.0), at.researchstudio.sat:won-core (>=0.2 <=0.9) +499 more potentially affected by CVE-2016-3088 via org.apache.activemq:activemq-client (>=5.10.0 <=5.13.5)

org.apache.activemq:activemq-client MAVEN version =5.10.0, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.6 - at.researchstudio.sat:won-owner =0.3 - at.researchstudio.sat:won-owner-webapp =0.3 and more Source cves: CVE-2016-3088 Source advisory: OSV:GHSA-RXQH-FC23-GXP2...

br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2), com.cybersource:cybersource-sdk-java (>=6.0.1 <=6.1.0) +333 more potentially affected by CVE-2015-0226 via org.apache.ws.security:wss4j (>=1.5.2 <=1.6.16)

org.apache.ws.security:wss4j MAVEN version =1.5.2, =1.2.1, =6.0.1, =1.0.1, =1.1.0.Beta5, =1.1.0.Beta5, =1.1.0.Beta5, =1.1.0.Beta1, =1.0.0, =1.2.0 and more Source cves: CVE-2015-0226 Source advisory: OSV:GHSA-VJWC-5HFH-2VV5...

NewStart CGSL CORE 5.05 / MAIN 5.05 : xstream Multiple Vulnerabilities (NS-SA-2022-0033)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has xstream packages installed that are affected by multiple vulnerabilities: - XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a...

Denial of Service (DoS)

Overview org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java. Affected versions of this package are vulnerable to Denial of Service DoS due to missing nested depth limitation for collections. NOTE: This vulnerability has also been identified as: CVE-2022-38749 Details Denial of Service D...

CVE-2022-24818

GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case,...

CVE-2022-24818

CVE-2022-24818 – GeoTools is an open‑source Java library for geospatial data. It is affected by unchecked JNDI lookups that can lead to class deserialization and arbitrary code execution when JNDI names are user‑provided. The vulnerability requires admin‑level login to trigger, and is mitigated b...

CVE-2022-24818 Unchecked JNDI lookups in GeoTools

GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case,...

Elide SQL Injection Vulnerability

Elide is a Java library. Elide is vulnerable to SQL injection, which can be exploited by attackers to execute arbitrary SQL statements...

CVE-2022-24827

Elide (Java) SQL Injection vulnerability (CVE-2022-24827) affects analytic queries that use Parameterized Columns of type TEXT in the Elide Aggregation Data Store. The issue stems from the TEXT parameter handling that can be interpreted as SQL comments (–) after a patch in 6.1.2, allowing bypass ...

CVE-2022-24827 SQL Injection in elide-datastore-aggregation

Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. When leveraging the following together: Elide Aggregation Data Store for Analytic Queries, Parameterized Columns A column that requires a client provided parameter, and a parameterized column of typ...

Security Bulletin: IBM Security Verify Governance Products NOT Affected by CVE-2021-44228 Exploit

Summary IBM Security Verify Governance Products NOT Affected by CVE-2021-44228 Exploit Vulnerability Details After conducting extensive research product code base, it is determined that none of the products outlined below are using the vulnerable Java library log4j version with JNDI exploit...

Update on 0-day vulnerabilities in Spring (Spring4Shell and CVE-2022-22963)

Quick update There are two vulnerabilities: one 0-day in Spring Core which is named Spring4Shell very severe, exploited in the wild no CVE yet and another one in Spring Cloud Function less severe, CVE-2022-22963 Wallarm has rolled out the update to detect and mitigate both vulnerabilities No...