Code injection

The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user...

UBUNTU-CVE-2024-1713

A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum...

The vulnerability of the JavaScript module for signing and encrypting JSON objects “jose” allows for uncontrolled resource consumption, enabling attackers to cause service failures.

The vulnerability of the JavaScript module for signing and encrypting JSON objects related to Jose is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several SAP products, including Netweaver, HANA, Fiori and Business Objects. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS...

PT-2024-2101 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient access control in the Windows kernel, allowing an attacker to elevate their privileges using specially crafted malicious COM objects. This can affect th...

EulerOS 2.0 SP8 : python-cryptography (EulerOS-SA-2024-1293)

According to the versions of the python-cryptography packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions...

Fedora: Security Advisory for bsf (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for jaxb-api (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for jaxb-api2 (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for objenesis (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for python-javaobj (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: xstream-1.4.20-6.fc40

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

[SECURITY] Fedora 40 Update: snakeyaml-1.33-3.fc40

SnakeYAML features: a complete YAML 1.1 parser. In particular, SnakeYAML can parse all examples from the specification. Unicode support including UTF-8/UTF-16 input/output. high-level API for serializing and deserializing native Java objects. support for all types from the YAML types repository...

[SECURITY] Fedora 40 Update: python-javaobj-0.4.3-12.fc40

python-javaobj is a python library that provides functions for reading and writing writing is WIP currently Java objects serialized or will be deserialized by ObjectOutputStream. This form of object representation is a standard data interchange format in Java world...

[SECURITY] Fedora 40 Update: R-rJava-1.0.6-9.fc40

Low-level interface to Java VM very much like .C/.Call and friends. Allows creation of objects, calling methods and accessing fields...

[SECURITY] Fedora 40 Update: objenesis-3.3-9.fc40

Objenesis is a small Java library that serves one purpose: to instantiate a new object of a particular class. Java supports dynamic instantiation of classes using Class.newInstance; however, this only works if the class has an appropriate constructor. There are many times when a class cannot be...

[SECURITY] Fedora 40 Update: jmock-2.12.0-16.fc40

Mock objects help you design and test the interactions between the objects in your programs. The jMock library: makes it quick and easy to define mock objects, so you don't break the rhythm of programming. lets you precisely specify the interactions between your objects, reducing the brittleness ...

[SECURITY] Fedora 40 Update: jaxb-api-4.0.1-5.fc40

The Jakarta XML Binding provides an API and tools that automate the mapping between XML documents and Java objects...

[SECURITY] Fedora 40 Update: hamcrest-2.2-16.fc40

Provides a library of matcher objects also known as constraints or predicate s allowing 'match' rules to be defined declaratively, to be used in other frameworks. Typical scenarios include testing frameworks, mocking libraries a nd UI validation rules...

[SECURITY] Fedora 40 Update: easymock-4.3-8.fc40

EasyMock provides Mock Objects for interfaces in JUnit tests by generating them on the fly using Java's proxy mechanism. Due to EasyMock's unique style of recording expectations, most refactorings will not affect the Mock Objects. So EasyMock is a perfect fit for Test-Driven Development...