EUVD-2023-42084

Malicious code in bioql PyPI...

This Week in Spring - October 8th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Antwerp, Belgium, for the amazing Devoxx Belgium 2024 event! I am so happy to be back here, one of the best shows in the Java ecosystem! We've got a lot to get into so let's dive right in! From Spring Cloud Data Flow...

CentOS 7 : java-1.8.0-ibm (RHSA-2024:4160)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4160 advisory. - The IBM SDK, Java Technology Edition's Object Request Broker ORB 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a denial of service due to IBM Java SDK (CVE-2024-38264)

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a denial of service due to IBM Java SDK, Java Technology Edition. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-38264 DESCRIPTION: The IBM SDK, Jav...

CVE-2023-38264

CVE-2023-38264 affects IBM SDK, Java Technology Edition ORB (7.1.0.0–7.1.5.21 and 8.0.0.0–8.0.8.21) due to improper enforcement of JEP 290 MaxRef and MaxDepth deserialization filters, enabling potential denial-of-service through unsafe deserialization. The Connected IBM advisories confirm multipl...

CVE-2023-38264 IBM SDK, Java Technology Edition denial of service

The IBM SDK, Java Technology Edition's Object Request Broker ORB 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: 260578...

CVE-2023-38264

The IBM SDK, Java Technology Edition's Object Request Broker ORB is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product is affected as Java deserialization filters (JEP 290) ignored during IBM ORB deserialization (CVE-2022-40609)

Summary The IBM® Engineering Lifecycle Engineering product is as IBM ORB does not honour JEP 290 deserialization filters when deserializing serialised object data. This exposes the Java process to a variety of attacks ranging from denial of service to remote code execution via "gadgets" in third...

Security Bulletin: IBM ELM affected as Java deserialization filters (JEP 290) ignored during IBM ORB deserialization (CVE-2022-40609)

Summary IBM ELM affected as IBM ORB does not honour JEP 290 deserialization filters when deserializing serialised object data. This exposes the Java process to a variety of attacks ranging from denial of service to remote code execution via "gadgets" in third party components. The fix ensures tha...

GHSA-58PR-HPRX-7HG6 RCE vulnerability in Jenkins Code Coverage API Plugin

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply JEP-200 deserialization protection to Java objects it deserializes from disk. This results in a remote code execution RCE vulnerability exploitable by attackers able to control agent processes. Jenkins Code Coverage API Plugin 1.4....

RCE vulnerability in Jenkins Code Coverage API Plugin

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply JEP-200 deserialization protection to Java objects it deserializes from disk. This results in a remote code execution RCE vulnerability exploitable by attackers able to control agent processes. Jenkins Code Coverage API Plugin 1.4....

jep-air.nl Improper Access Control vulnerability OBB-2427026

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2008-2806

CVE-2008-2806 affects Mozilla Firefox <= 2.0.0.15 and SeaMonkey