6 matches found
EUVD-2022-4434
Malicious code in bioql PyPI...
GHSA-JV65-PF7V-F7P8 Deserialization of Untrusted Data in Hazelcast
In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code...
hazelcast: java deserialization in join cluster procedure leading to remote code execution
A flaw was found in the cluster join procedure in Hazelcast. This flaw allows an attacker to gain remote code execution via Java deserialization...
PYSEC-2013-38
The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority CA certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate...
PYSEC-2013-36
The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority CA certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate...
CVE-2012-5484
The CVE-2012-5484 issue affects FreeIPA 2.x and 3.x prior to 3.1.2 where the client fails to correctly obtain the CA certificate from the server, enabling a man-in-the-middle during the join procedure via a crafted certificate. Connected advisories indicate mitigations implemented in IPA client u...