25 matches found
EUVD-2021-1775
Malware in sbrugna...
EUVD-2023-0537
Malicious code in bioql PyPI...
CVE-2022-24913
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider function in StdTempFileProvider.java, which uses the permissive File.createTempFile function, exposing temporary file contents...
EntropyReducer - Reduce Entropy And Obfuscate Youre Payload With Serialized Linked Lists
EntropyReducer: Reduce The Entropy Of Youre Payload And Obfuscate It With Serialized Linked Lists How Does It Work EntropyReducer algorithm is determined by BUFFSIZE and NULLBYTES values. The following is how would EntropyReducer organize your payload if BUFFSIZE was set to 4 , and NULLBYTES to 2...
Information Disclosure
java-merge-sort is vulnerable to information disclosure. The vulnerability exists because the File.createTempFile in the provide function of StdTempFileProvider.java does not properly set the correct POSIX permissions, allowing an attacker to gain sensitive information through the temporary file...
at.molindo:esi4j (>=0.3.0 <=3.0.2), at.molindo:scrutineer (>=2.0.0 <=3.0.0) +9 more potentially affected by CVE-2022-24913 via com.fasterxml.util:java-merge-sort (>=0.7.1 <=1.0.2)
com.fasterxml.util:java-merge-sort MAVEN version =0.7.1, =0.3.0, =2.0.0, =1.0.3, =2.3.0, =0.5.3, =0.5.3, =0.9.0, =0.5.3, =0.5.3, =0.9.0, =1.0.2, =1.0.4 Source cves: CVE-2022-24913 Source advisory: OSV:GHSA-QXXC-7MQ4-MF79...
Java Merge-sort Insecure Temporary File vulnerability
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider function in StdTempFileProvider.java, which uses the permissive File.createTempFile function, exposing temporary file contents...
GHSA-QXXC-7MQ4-MF79 Java Merge-sort Insecure Temporary File vulnerability
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider function in StdTempFileProvider.java, which uses the permissive File.createTempFile function, exposing temporary file contents...
CVE-2022-24913
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider function in StdTempFileProvider.java, which uses the permissive File.createTempFile function, exposing temporary file contents...
Session fixation
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider function in StdTempFileProvider.java, which uses the permissive File.createTempFile function, exposing temporary file contents...
CVE-2022-24913
CVE-2022-24913 affects com.fasterxml.util:java-merge-sort (versions before 1.1.0). The root cause is an insecure temporary file handling in StdTempFileProvider.java using File.createTempFile(), which can expose temporary file contents (confidentiality impact HIGH). Remediation: upgrade to 1.1.0 o...
CVE-2022-24913
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider function in StdTempFileProvider.java, which uses the permissive File.createTempFile function, exposing temporary file contents...
CVE-2022-24913
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider function in StdTempFileProvider.java, which uses the permissive File.createTempFile function, exposing temporary file contents...
java-merge-sort 安全漏洞
java-merge-sort is a basic standalone disk-based N-way merge-sort component for Java. A security vulnerability exists in java-merge-sort versions prior to 1.1.0, which stems from an insecure temporary file vulnerability in the StdTempFileProvider function in StdTempFileProvider.java, which allows...
PT-2023-12769 · Com.Fasterxml · Java-Merge-Sort
Name of the Vulnerable Software and Affected Versions: com.fasterxml.util:java-merge-sort versions prior to 1.1.0 Description: The issue is related to an Insecure Temporary File in the StdTempFileProvider function, located in StdTempFileProvider.java. This function utilizes the permissive...
at.molindo:esi4j (>=3.0.0 <=3.0.2), at.molindo:scrutineer (=3.0.0) +9 more potentially affected by CVE-2022-24913 via com.fasterxml.util:java-merge-sort (>=1.0.0 <=1.0.2)
com.fasterxml.util:java-merge-sort MAVEN version =1.0.0, =3.0.0, =6.5.0, =2.3.0, =0.5.3, =0.5.3, =0.9.0, =0.5.3, =0.5.3, =0.9.0, =1.0.2, =1.0.4 Source cves: CVE-2022-24913 Source advisory: SNYK:JAVA-COMFASTERXMLUTIL-3227926...
Insecure Temporary File
Overview com.fasterxml.util:java-merge-sort is a package for basic configurable disk-backed N-way merge sort Affected versions of this package are vulnerable to Insecure Temporary File. in the StdTempFileProvider function in StdTempFileProvider.java, which uses the permissive File.createTempFile...
Double free in algorithmica
An issue was discovered in the algorithmica crate through 2021-03-07 for Rust. In the affected versions of this crate, mergesort::merge wildly duplicates and drops ownership of T without guarding against double-free. Due to such implementation, simply invoking mergesort::merge on Vec can cause...
GHSA-JH37-772X-4HPW Double free in algorithmica
An issue was discovered in the algorithmica crate through 2021-03-07 for Rust. In the affected versions of this crate, mergesort::merge wildly duplicates and drops ownership of T without guarding against double-free. Due to such implementation, simply invoking mergesort::merge on Vec can cause...
Double free in algorithmica
An issue was discovered in the algorithmica crate through 2021-03-07 for Rust. In the affected versions of this crate, mergesort::merge wildly duplicates and drops ownership of T without guarding against double-free. Due to such implementation, simply invoking mergesort::merge on Vec can cause...