Qlik Talend JobServer和Qlik Talend Runtime 安全漏洞

Qlik Talend JobServer and Qlik Talend Runtime are both products of Qlik, a US-based company. Qlik Talend JobServer is a data integration task execution and scheduling service component. Qlik Talend Runtime is a data integration and application runtime environment platform. Both Qlik Talend...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the RMI integration. An attacker can execute arbitrary code with the privileges of the user running the instrumented JVM by sending specially crafted serialized data to a network-exposed JMX or RMI...

EUVD-2021-18852

Malware in sbrugna...

EUVD-2017-16372

Malware in sbrugna...

EUVD-2020-29422

Malware in sbrugna...

EUVD-2018-17256

Malware in sbrugna...

EUVD-2018-17257

Malware in sbrugna...

EUVD-2021-28391

Malicious code in bioql PyPI...

Microsoft Intune Management Extension < 1.41.203.0 (CVE-2021-31980)

Remote code execution vulnerability in the Microsoft Intune Management Extension 1.41.203.0. The vulnerability allows an unauthenticated attacker to execute arbitrary code on a target machine over the network. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid243954;...

Intune Management Extension(IME) Installed (Windows)

Binary data microsoftimeinstalled.nbin...

Microsoft Intune Management Extension < 1.45.204.0 (CVE-2021-41363)

Security feature bypass vulnerability in the Microsoft Intune Management Extension 1.45.204.0. This vulnerability could allow an attacker to bypass security features in the Intune Management Extension. Exploiting this vulnerability requires the attacker to have local user privileges. %NASLMINLEVE...

CVE-2020-11998

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack:...

CVE-2020-8574

Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation JMX RMI service enabled allowing unauthorized code execution to local users...

PT-2024-12602 · Loftware · Loftware Spectrum

Name of the Vulnerable Software and Affected Versions: Loftware Spectrum versions through 4.6 Description: The issue concerns an unprotected JMX Registry in Loftware Spectrum. Recommendations: For versions through 4.6, consider restricting access to the JMX Registry as a temporary mitigation...

PT-2024-22337 · Ngrinder · Ngrinder

Name of the Vulnerable Software and Affected Versions: nGrinder versions prior to 3.5.9 Description: The issue allows a connection to a malicious JMX/RMI server by default, potentially leading to the execution of arbitrary code via the RMI registry by a remote attacker. Recommendations: For...

PT-2024-20529 · Typo3 Cms +1 · Typo3/Cms +1

Name of the Vulnerable Software and Affected Versions: sf event mgt versions prior to 7.4.0 Description: The existing access control check for events in the backend module of sf event mgt, an event management and registration extension for the TYPO3 CMS, got broken during the update to TYPO3 12.4...

VulnCheck KEV: CVE-2016-8735

Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension JMX ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues...

SUSE CVE-2012-5071

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX...

SUSE CVE-2013-2457

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from...

Airspan AirVelocity 1500 安全漏洞

The Airspan AirVelocity 1500 is a revolutionary indoor high-performance small cell from Airspan USA. Designed to bring public access LTE networks to indoor spaces A security vulnerability exists in versions prior to Airspan AirVelocity 1500 15.18.00.2511, which stems from NET-SNMP-EXTEND-MIB bein...