DEBIAN-CVE-2017-20189

In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects...

CVE-2017-20189

In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects...

CVE-2017-20189

In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects...

The vulnerability of the xorg-x11-server package, related to the use of memory after it is freed during the processing of Button Action objects, allows for increasing privileges and executing arbitrary code in the root context.

The vulnerability of the xorg-x11-server package is related to the use of memory after it is freed during the processing of Button Action objects. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code in the root context...

python-cryptography security update

36.0.1-4.0.1 - Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates Orabug: 36119159 36.0.1-4 - Fix FTBFS caused by rsapkcs1implicitrejection OpenSSL feature, resolves rhbz2203840 36.0.1-3 - Fix CVE-2023-23931: Don't allow updateinto to mutate immutable objects, resolves rhbz21723...

CVE-2023-20258

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to improper processing of serialized Java objects by the affected...

CVE-2023-20258

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to improper processing of serialized Java objects by the affected...

Input validation

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to improper processing of serialized Java objects by the affected...

CVE-2023-20258

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to improper processing of serialized Java objects by the affected...

CVE-2023-7234 Integration Objects OPC UA Server Toolkit Improper Output Neutralization for Logs

OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client's self-defined description field...

Integration Objects OPC UA Server Toolkit (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Integration Objects Equipment : OPC UA Server Toolkit Vulnerability : Improper Output Neutralization for Logs 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a...

EulerOS Virtualization 2.11.1 : python-cryptography (EulerOS-SA-2023-2740)

According to the versions of the python-cryptography package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected...

Integration Objects OPC UA Server Toolkit Security Vulnerability

Integration Objects OPC UA Server Toolkit is a toolkit for developing OPC UA servers from Integration Objects. A security vulnerability exists in Integration Objects OPC UA Server Toolkit that originated from allowing an attacker to write malicious content to a log file...

Pimcore Access Control Error Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. An Access Control Error vulnerability exists in...

USN-6577-1: Linux kernel (AWS) vulnerabilities

Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. CVE-2023-20588 It was discovered...

tomcat: improper cleaning of recycled objects could lead to information leak

A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information...

Foxit PDF Reader Doc Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of D...

PT-2024-1486 · Cisco · Cisco Prime Infrastructure +1

Name of the Vulnerable Software and Affected Versions: Cisco Prime Infrastructure versions affected versions not specified Cisco Evolved Programmable Network EPN Manager versions affected versions not specified Description: The issue is related to improper processing of objects in memory,...

Ubuntu 23.10 : Linux kernel (Azure) vulnerabilities (USN-6572-1)

The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6572-1 advisory. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged...

DEBIAN-CVE-2022-2586

It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted...