32 matches found
MiracleLinux 4 : bind-9.7.3-2.2.0.1.AXS4.P3 (AXSA:2011-406:01)
"The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-406:01 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves ho...
Security Bulletin: Due to use of Apache Jena SDB, IBM Jazz Reporting Service is affected by a JDBC Deserialisation attack.
Summary Apache Jena SDB is used internally by IBM Jazz Reporting Service CVE-2022-45136. Vulnerability Details CVEID:CVE-2022-45136 DESCRIPTION: Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the...
Deserialization Of Untrusted Data
jena-sdb is vulnerable to deserialization of untrusted data. The vulnerability exists when the attacker is able to control the JDBC url or cause the underlying database server to return malicious data, leading to remote code execution when connected to a malicious database...
Apache Jena vulnerable to Deserialization of Untrusted Data
Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a resu...
fr.inria.wimmics:kgimport (=3.3.3), net.sansa-stack:sansa-ml-spark_2.11 (=0.7.1) +61 more potentially affected by CVE-2022-45136 via org.apache.jena:jena-sdb (>=1.4.0 <=3.17.0)
org.apache.jena:jena-sdb MAVEN version =1.4.0, =0.6.0, =0.6.0, =3.1.3, =3.11.0-1, =2.13.0-2, =2.13.0-2, =2.13.0-2, =3.12.0-1, =2.13.0-2, =2.13.0-2, =3.13.1-1 and more Source cves: CVE-2022-45136 Source advisory: OSV:GHSA-G2QW-6VRR-V6PQ...
DEBIAN-CVE-2022-45136
Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a resu...
CVE-2022-45136
Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a resu...
CVE-2022-45136
Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a resu...
CVE-2022-45136
Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a resu...
UBUNTU-CVE-2022-45136
Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a resu...
CVE-2022-45136
Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a resu...
Design/Logic Flaw
UNSUPPORTED WHEN ASSIGNED Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this...
CVE-2022-45136 Apache Jena SDB allows arbitrary deserialisation via JDBC
Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a resu...
CVE-2022-45136 Apache Jena SDB allows arbitrary deserialisation via JDBC
Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a resu...
PT-2022-27413 · Apache +1 · Apache Jena Tdb 2 +2
Name of the Vulnerable Software and Affected Versions: Apache Jena SDB versions 3.17.0 and earlier Description: The issue allows for a JDBC Deserialisation attack if the attacker can control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver ...
CVE-2022-45136
Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a resu...
CVE-2022-45136
CVE-2022-45136 affects Apache Jena SDB 3.17.0 and earlier. The vulnerability is a JDBC Deserialisation flaw that can lead to remote code execution when an attacker controls the JDBC URL or causes the database to return malicious data; the MySQL JDBC driver is specifically implicated. Jena SDB has...
CVE-2022-40299
In Singular before 4.3.1, a predictable /tmp pathname is used e.g., by sdb.cc, which allows local users to gain the privileges of other users via a procedure in a file under /tmp. NOTE: this CVE Record is about sdb.cc and similar files in the Singular interface that have predictable /tmp pathname...
bind security update
32:9.8.2-0.68.rc1.0.3.8 - Backport fix for CVE-2018-5741 Orabug: 33496185 32:9.8.2-0.68.rc1.0.2.8 - Backport possible assertion failure on DNAME processing CVE-2021-25215 32:9.8.2-0.68.rc1.0.1.8 - Backport the fix for buffer overflow CVE-2020-8625 Orabug: 32588749 32:9.8.2-0.68.rc1.8 - Fix...
CVE-2020-7532
A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator V1.2.0 and prior which could allow arbitrary code execution when an attacker builds a custom .SDB file containing a malicious serialized buffer...