[SECURITY] Fedora 40 Update: bsf-2.4.0-54.fc40

Bean Scripting Framework BSF is a set of Java classes which provides scripting language support within Java applications, and access to Java objects and methods from scripting languages. BSF allows one to write JSPs in languages other than Java while providing access to the Java class library. In...

[SECURITY] Fedora 40 Update: apache-commons-digester-2.1-30.fc40

Many projects read XML configuration files to provide initialization of various Java objects within the system. There are several ways of doing this, and the Digester component was designed to provide a common implementation that can be used in many different projects...

pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user

pgAdmin prior to version 8.4 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is...

GHSA-RJ98-CRF4-G69W pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user

pgAdmin prior to version 8.4 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is...

CVE-2024-2044 Unsafe Deserialisation and Remote Code Execution by an Authenticated user in pgAdmin 4

pgAdmin = 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on...

nGrinder vulnerable to unsafe Java objects deserialization

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization...

CVE-2024-28213

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization...

CVE-2024-28213

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization...

SUSE CVE-2024-2002

A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to deallocfree an allocation twice, potentially causing unpredictable and various results...

nGrinder Security Vulnerabilities

nGrinder is a stress testing platform that enables you to perform script creation, test execution, monitoring and results report generator simultaneously. A security vulnerability exists in versions prior to nGrinder 3.5.9 that stems from allowing the acceptance of serialized Java objects from...

BIT-PARSE-2020-15270 Improper session expiration in Parse Server

Parse Server npm package parse-server broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not...

BIT-JENKINS-2021-21604

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator...

BIT-JASPERREPORTS-2021-35494

The Rest API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS...

SUSE CVE-2023-52562

In the Linux kernel, the following vulnerability has been resolved: mm/slabcommon: fix slabcaches list corruption after kmemcachedestroy After the commit in Fixes:, if a module that created a slab cache does not release all of its allocated objects before destroying the cache at rmmod time, we...

CVE-2024-25817

Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components...

DEBIAN-CVE-2024-25817

Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components...

UBUNTU-CVE-2024-25817

Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components...

CVE-2024-25817

Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components...

The vulnerabilities of the llcp_sock_connect() and llcp_sock_bind() functions in the NFC subsystem of Linux kernel allow attackers to cause service failures or disclose protected information.

The vulnerability of the llcpsockconnect and llcpsockbind functions in the NFC subsystem of Linux kernel is related to the use of memory after it is freed, resulting in the same object being assigned to two different sockets. Exploiting this vulnerability can allow an attacker to cause a service...

EUVD-2024-27018

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to...