24 matches found
EUVD-2022-29614
Malicious code in bioql PyPI...
EUVD-2025-27118
Malicious code in bioql PyPI...
CVE-2022-24818
GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case,...
Fedora 37 : java-1.8.0-openjdk (2022-dedbb92a08)
"The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-dedbb92a08 advisory. New in release OpenJDK 8u352 2022-10-18 Release announcement Full release notes Security Fixes JDK-8282252: Improve BigInteger/Decimal validation...
Medium: java-17-amazon-corretto
Issue Overview: Title: Wider MultiByte conversions Buffer overflow is possible due to incorrect byte count should be character count. CVE-2022-21618 Title: Improve NTLM support writeSecurityBuffer writes a serialized security buffer to be used for NTLM auth. One of the fields that are serialized ...
CVE-2022-24846 Unchecked JNDI lookups in GeoWebCache
GeoWebCache is a tile caching server implemented in Java. The GeoWebCache disk quota mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. While in GeoWebCache the JNDI strings are provided via local...
GeoServer Input Validation Error Vulnerability
GeoServer is written in Java open source software server . GeoServer has an input validation error vulnerability that can be exploited by an attacker to perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and lead to arbitrary code execution...
GeoWebCache 代码问题漏洞
GeoWebCache is a Java Web application used to cache map slices from various sources, such as the OGC Web Map Service WMS. A code issue vulnerability exists in GeoWebCache that stems from a disk quota mechanism that can perform unchecked JNDI lookups, which in turn can be used to perform class...
Deserialization of untrusted data
GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case,...
CVE-2022-24818 Unchecked JNDI lookups in GeoTools
GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case,...
CVE-2022-24818
CVE-2022-24818 – GeoTools is an open‑source Java library for geospatial data. It is affected by unchecked JNDI lookups that can lead to class deserialization and arbitrary code execution when JNDI names are user‑provided. The vulnerability requires admin‑level login to trigger, and is mitigated b...
GeoTools 输入验证错误漏洞
GeoTools is an open source Java library. Provides tools for geospatial data. GeoTools suffers from an input validation error vulnerability that stems from the GeoTools library having a number of data sources that can perform JNDI lookups, which are used to perform class deserialization and lead t...
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...
log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)
A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...
log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)
A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...
Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges
Web infrastructure company Cloudflare on Wednesday revealed that threat actors are actively attempting to exploit a second bug disclosed in the widely used Log4j logging utility, making it imperative that customers move quickly to install the latest version as a barrage of attacks continues to...
Apache Log4j allows insecure JNDI lookups
Overview Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j. CISA has published Apache Log4j Vulnerability Guidance and provides a Software List. Description Th...
PT-2021-5369
Name of the Vulnerable Software and Affected Versions Apache Log4j2 versions 2.15.0 Apache Log4j2 versions prior to 2.16.0 Java 8 Apache Log4j2 versions prior to 2.12.2 Java 7 Description The issue is related to the deserialization of untrusted data in the Apache Log4j2 library, which can be...
Apache Log4j < 2.15.0 Remote Code Execution (Nix)
The version of Apache Log4j on the remote host is 2.x 2.3.1 / 2.4 2.12.2 / 2.13 2.15.0. It is, therefore, affected by a remote code execution vulnerability in the JDNI parser due to improper log validation. An unauthenticated, remote attacker can exploit this to bypass authentication and execute...
OPENSUSE-SU-2019:0043-1 Security update for java-1_8_0-openjdk
This update for java-180-openjdk to version 8u191 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support bsc1112142 - CVE-2018-3139: Better HTTP Redirection bsc1112143 - CVE-2018-3149: Enhance JNDI lookups bsc1112144 - CVE-2018-3169: Improve field accesses...