EUVD-2023-2544

Malicious code in bioql PyPI...

CVE-2023-45146

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

CVE-2022-1415

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects usually called gadgets and achieve code execution on the server...

PT-2022-5284 · Drools +1 · Drools +1

Name of the Vulnerable Software and Affected Versions: Drools affected versions not specified Description: A flaw was found in Drools core where some utility classes did not use proper safeguards when deserializing data. This allows an authenticated attacker to construct malicious serialized...

PT-2022-25280 · Delta Electronics · Infrasuite Device Master

Name of the Vulnerable Software and Affected Versions: Delta Electronics InfraSuite Device Master versions 00.00.01a and prior Description: The database backup function in the software lacks proper authentication, allowing an attacker to provide malicious serialized objects. When deserialized,...

Delta Electronics InfraSuite Device Master 访问控制错误漏洞

Delta Electronics InfraSuite Device Master is used to simplify and automate critical device monitoring by Delta Electronics of Taiwan, China. An access control error vulnerability exists in versions prior to Delta Electronics InfraSuite Device Master 00.00.01a, which stems from a lack of proper...

CVE-2021-22855 Soar Cloud System Co., Ltd. HR Portal - Arbitrary Code Execution

The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands...