14 matches found
EUVD-2021-10821
Malware in sbrugna...
Gentics CMS 5.36.29 Cross Site Scripting / Deserialization Vulnerability
Gentics CMS version 5.36.29 suffers from persistent cross site scripting and unsafe java deserialization vulnerabilities. ======================================================================= title: Stored Cross-Site Scripting & Unsafe Java Deserializiation product: Gentics CMS vulnerable...
CVE-2021-22097
In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100%...
CVE-2021-22097
CVE-2021-22097 affects Spring AMQP: versions 2.2.0–2.2.18 and 2.3.0–2.3.10, where Message.toString() deserializes a body with content-type application/x-java-serialized-object. A constructed malicious java.util.Dictionary object can cause 100% CPU in the application when toString() is invoked. Co...
Mcafee Database Security Server Code Issue Vulnerability (CNVD-2021-39504)
Mcafee Database Security Server is a database security software from Mcafee USA. The software provides users with a holistic view of the database and the corresponding security status, protecting business-critical databases from external, internal and insider database threats in real time. A code...
Mcafee Database Security Server Code Issue Vulnerability
Mcafee Database Security Server is a database security software from Mcafee USA. The software provides users with a holistic view of the database and the corresponding security status, protecting business-critical databases from external, internal and insider database threats in real time. A code...
CVE-2021-23895
Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...
CVE-2021-23895
Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...
CVE-2021-23895 Authorized deserialization of untrusted data in McAfee DBSec
Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...
Mcafee Database Security Server 代码问题漏洞
Mcafee Database Security Server is a database security software from Mcafee USA. The software provides users with a holistic view of the database and the corresponding security status, protecting business-critical databases from external, internal and insider database threats in real time. A code...
Mcafee Database Security Server 代码问题漏洞
Mcafee Database Security Server is a database security software from Mcafee USA. The software provides users with a holistic view of the database and the corresponding security status, protecting business-critical databases from external, internal and insider database threats in real time. A code...
Design/Logic Flaw
Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01...
CVE-2018-6331
Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01...
CVE-2018-6331
Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01...