69 matches found
EUVD-2002-2051
Malware in sbrugna...
EUVD-2002-0930
Malware in sbrugna...
EUVD-2022-4483
Malicious code in bioql PyPI...
BIT-CASSANDRA-2020-13946
In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and...
SUSE CVE-2008-5349
Unspecified vulnerability in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service CPU consumption via a crafted RSA public key...
SUSE CVE-2012-1711
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA...
SUSE CVE-2012-1718
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect availability via unknown vectors related to Security...
SUSE CVE-2013-2464
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different...
SUSE CVE-2013-2468
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than...
Man-in-the-middle attack in Apache Cassandra
In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and...
Security Bulletin: JRE vulnerability (CVEID: 178768) impacts IBM Aspera High-Speed Transfer Server/IBM Aspera High-Speed Transfer Endpoint version 3.9.6.2 and earlier
Summary JRE vulnerability TPS0000256, CVEID: 178768 impacts IBM Aspera High-Speed Transfer Server/IBM Aspera High-Speed Transfer Endpoint version 3.9.6.2 and earlier. The fix for this set of vulnerabilities was delivered in IBM Aspera High-Speed Transfer Server V4.0.0 and IBM Aspera High-Speed...
Apache Cassandra < 2.1.22 / 2.2.x < 2.2.18 / 3.0.x < 3.0.22 / 3.11.x < 3.11.8 Information Disclosure Vulnerability
The version of Apache Cassandra running on the remote host is prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2. It is, therefore, affected by information disclosure vulnerability. An unauthenticated, local attacker without access to the Apache Cassandra process or configuration files can...
CVE-2020-13946
CVE-2020-13946 relates to an Apache Cassandra RMI registry manipulation vulnerability enabling a local attacker to perform a man-in-the-middle attack to capture JMX credentials and gain unauthorized access. The connected CIRCL entry confirms affected ranges: Cassandra 4.0.2 through 5.0.2 (Java 11...
Fixed in Apache Tomcat 7.0.99
Low: Session fixation CVE-2019-17563 When using FORM authentication there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a securit...
Fixed in Apache Tomcat 9.0.29
Moderate: Local Privilege Escalation CVE-2019-12418 When Tomcat is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and...
Fixed in Apache Tomcat 8.5.49
Note: The issue below was fixed in Apache Tomcat 8.0.48 but the release vote for the 8.0.48 release candidate did not pass. Therefore, although users must download 8.0.49 to obtain a version that includes the fix for this issue, version 8.0.48 is not included in the list of affected versions...
OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous...
OpenJDK: SerialJavaObject package restriction (JDBC, 8009554)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous...
JDK: java.lang.reflect.Method invoke() code execution
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600,...
ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004987)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate...