Lucene search
+L

13 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-42084

Malicious code in bioql PyPI...

7.5CVSS6.9AI score0.00848EPSS
Exploits0References2
spring
spring
added 2024/10/08 12:0 a.m.8 views

This Week in Spring - October 8th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Antwerp, Belgium, for the amazing Devoxx Belgium 2024 event! I am so happy to be back here, one of the best shows in the Java ecosystem! We've got a lot to get into so let's dive right in! From Spring Cloud Data Flow...

7.2AI score
Exploits0
nessus
nessus
added 2024/06/27 12:0 a.m.25 views

CentOS 7 : java-1.8.0-ibm (RHSA-2024:4160)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4160 advisory. - The IBM SDK, Java Technology Edition's Object Request Broker ORB 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service...

7.5CVSS6.9AI score0.00848EPSS
Exploits0References2
ibm
ibm
added 2024/06/17 2:45 p.m.29 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a denial of service due to IBM Java SDK (CVE-2024-38264)

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a denial of service due to IBM Java SDK, Java Technology Edition. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-38264 DESCRIPTION: The IBM SDK, Jav...

7.5CVSS5.8AI score0.01299EPSS
Exploits0Affected Software2
cve
cve
added 2024/05/10 5:21 p.m.133 views

CVE-2023-38264

CVE-2023-38264 affects IBM SDK, Java Technology Edition ORB (7.1.0.0–7.1.5.21 and 8.0.0.0–8.0.8.21) due to improper enforcement of JEP 290 MaxRef and MaxDepth deserialization filters, enabling potential denial-of-service through unsafe deserialization. The Connected IBM advisories confirm multipl...

7.5CVSS6.1AI score0.00848EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2024/05/10 5:21 p.m.23 views

CVE-2023-38264 IBM SDK, Java Technology Edition denial of service

The IBM SDK, Java Technology Edition's Object Request Broker ORB 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: 260578...

5.9CVSS6.3AI score0.00848EPSS
Exploits0References2
redhatcve
redhatcve
added 2024/05/10 8:27 a.m.58 views

CVE-2023-38264

The IBM SDK, Java Technology Edition's Object Request Broker ORB is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters...

5.9CVSS7AI score0.00848EPSS
Exploits0References6
ibm
ibm
added 2023/09/29 11:56 a.m.20 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product is affected as Java deserialization filters (JEP 290) ignored during IBM ORB deserialization (CVE-2022-40609)

Summary The IBM® Engineering Lifecycle Engineering product is as IBM ORB does not honour JEP 290 deserialization filters when deserializing serialised object data. This exposes the Java process to a variety of attacks ranging from denial of service to remote code execution via "gadgets" in third...

9.8CVSS9.1AI score0.01827EPSS
Exploits0Affected Software1
ibm
ibm
added 2023/08/14 2:20 p.m.33 views

Security Bulletin: IBM ELM affected as Java deserialization filters (JEP 290) ignored during IBM ORB deserialization (CVE-2022-40609)

Summary IBM ELM affected as IBM ORB does not honour JEP 290 deserialization filters when deserializing serialised object data. This exposes the Java process to a variety of attacks ranging from denial of service to remote code execution via "gadgets" in third party components. The fix ensures tha...

9.8CVSS9.1AI score0.01827EPSS
Exploits0Affected Software1
osv
osv
added 2022/05/24 7:12 p.m.66 views

GHSA-58PR-HPRX-7HG6 RCE vulnerability in Jenkins Code Coverage API Plugin

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply JEP-200 deserialization protection to Java objects it deserializes from disk. This results in a remote code execution RCE vulnerability exploitable by attackers able to control agent processes. Jenkins Code Coverage API Plugin 1.4....

8.8CVSS9.1AI score0.02213EPSS
Exploits0References5
github
github
added 2022/05/24 7:12 p.m.26 views

RCE vulnerability in Jenkins Code Coverage API Plugin

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply JEP-200 deserialization protection to Java objects it deserializes from disk. This results in a remote code execution RCE vulnerability exploitable by attackers able to control agent processes. Jenkins Code Coverage API Plugin 1.4....

8.8CVSS9AI score0.02213EPSS
Exploits0References5Affected Software1
openbugbounty
openbugbounty
added 2022/03/12 6:25 p.m.14 views

jep-air.nl Improper Access Control vulnerability OBB-2427026

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

0.1AI score
Exploits0
cve
cve
added 2008/07/07 11:0 p.m.81 views

CVE-2008-2806

CVE-2008-2806 affects Mozilla Firefox <= 2.0.0.15 and SeaMonkey

7.5CVSS6.3AI score0.02553EPSS
Exploits1References22Affected Software3
Rows per page
Query Builder