11230 matches found
Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans
Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could...
CVE-2024-45733
In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution RCE due to an insecure session storage configuration...
CVE-2024-45733 Remote Code Execution (RCE) due to insecure session storage configuration in Splunk Enterprise on Windows
In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution RCE due to an insecure session storage configuration...
CVE-2024-45733 Remote Code Execution (RCE) due to insecure session storage configuration in Splunk Enterprise on Windows
In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution RCE due to an insecure session storage configuration...
CVE-2024-45733
CVE-2024-45733 concerns Splunk Enterprise on Windows, affecting versions below 9.2.3 and 9.1.6 where a low-privileged user (not admin/power roles) can achieve remote code execution due to insecure session storage configuration. The vulnerability’s impact is described as RCE with high severity (CV...
CVE-2023-50780
Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could...
CVE-2023-50780 Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans
Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could...
CVE-2023-50780 Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans
Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could...
CVE-2023-50780
Apache ActiveMQ Artemis suffers a vulnerability where diagnostic MBeans (including the Log4J2 MBean) are exposed through the Jolokia endpoint, accessible to authenticated users. Before version 2.29.0 this exposure could allow an authenticated attacker to write arbitrary files to the filesystem an...
Veeam B&R RCE vulnerability CVE-2024-40711 is exploited in attacks
Veeam B &R RCE vulnerability CVE-2024-40711is exploited in attacks. On September 24, there were no signs of this vulnerability being exploited in the wild. And on October 10, Sophos X-Ops reported that they had observed a series of attacks exploiting this vulnerability over the course of a month...
Exploit for Use of Incorrectly-Resolved Name or Reference in Zohocorp Manageengine_Adselfservice_Plus
CVE-2021-40539 CVE-2021-40539: ADSelfService Plus RCE Vuln...
Fedora 40 : redis (2024-5d4eb04e76)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5d4eb04e76 advisory. Redis Community Edition 7.2.6 Released Wed 02 Oct 2024 20:17:04 IDT Upgrade urgency SECURITY: See security fixes below. Security fixes CVE-2024-3144...
Fedora 39 : redis (2024-68f9c0741f)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-68f9c0741f advisory. Redis Community Edition 7.2.6 Released Wed 02 Oct 2024 20:17:04 IDT Upgrade urgency SECURITY: See security fixes below. Security fixes CVE-2024-3144...
pac4j-core affected by a Java deserialization vulnerability
pac4j is a security framework for Java. pac4j-core prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the UserProfile class from pac4j-core. It can be exploited by providing an...
TerraMaster TOS 4.2.29 Code Injection / Local File Inclusion
============================================================================================================================================= | Title : TerraMaster TOS 4.2.29 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 6...
Ivanti Policy Secure 22.x < 22.7R1.1 RCE
The Ivanti Policy Secure installed on the remote host is prior to 22.7R1.1. It is, therefore, affected by a remote code execution vulnerability due to improper input validation in the admin portal. Note that Nessus has not tested for this issue but has instead relied only on the application's...
CVE-2023-25581
pac4j is a security framework for Java. pac4j-core prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the UserProfile class from pac4j-core. It can be exploited by providing an...
CVE-2023-25581 Deserialization of untrusted data in InternalAttributeHandler in pac4j
pac4j is a security framework for Java. pac4j-core prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the UserProfile class from pac4j-core. It can be exploited by providing an...
CVE-2023-25581
The CVE-2023-25581 entry concerns pac4j-core before 4.0.0, where a Java deserialization vulnerability in UserProfile attributes can be triggered by a serialized object with a {#sb64} prefix and Base64 encoding, potentially leading to RCE. Affected versions are prior to 4.0.0; 4.0.0 and later are ...
CVE-2023-25581 Deserialization of untrusted data in InternalAttributeHandler in pac4j
pac4j is a security framework for Java. pac4j-core prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the UserProfile class from pac4j-core. It can be exploited by providing an...