37 matches found
OESA-2024-1667 infinispan security update
Infinispan is an extremely scalable, highly available data grid platform - 100% open source, and written in Java. The purpose of Infinispan is to expose a data structure that is highly concurrent, designed ground-up to make the most of modern multi-processor/multi-core architectures while at the...
CVE-2023-1304
An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the...
CVE-2023-1304
An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the...
CVE-2023-1304
CVE-2023-1304 affects InsightCloudSec. An authenticated attacker can use an exposed getattr() via a Jinja template to smuggle OS commands and invoke actions normally restricted to private methods. Affected are InsightCloudSec versions prior to the fixes; the issue was resolved in Managed and SaaS...
infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...
infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...
infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...
infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...
infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...
infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...
CVE-2019-10174
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...
Design/Logic Flaw
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...
CVE-2019-10174
CVE-2019-10174 concerns Infinispan. The public ReflectionUtil.invokeAccessibly method allows an application class to invoke private methods in any class with Infinispan’s privileges, enabling unintended behavior changes via reflection. Connected advisories (OSV/RHSA) reference a security fix path...
infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...
Authorization Bypass
infinispan is vulnerable to authorization bypass. The vulnerability exists as the invokeAccessibly method in the ReflectionUtil class allows the invokation of any private methods with Infinispan's privileges...
CVE-2019-10174
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...
SUSE-SU-2018:2561-1 Security update for cobbler
This update for cobbler fixes the following issues: Security issues fixed: - Forbid exposure of private methods in the API CVE-2018-10931, CVE-2018-1000225, bsc1104287, bsc1104189, bsc1105442 - Check access token when calling 'modifysetting' API endpoint bsc1104190, bsc1105440, CVE-2018-1000226...