4273 matches found
CVE-2024-48987
Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...
CVE-2024-48987
CVE-2024-48987 affects Snipe-IT prior to 7.0.10. The vulnerability enables remote code execution through cookie handling when an attacker knows the APP_KEY, with risk amplified by default APP_KEY values in .env files in the repository. Affected component is the cookie deserialization path; root c...
PT-2024-33316 · Snipe-It · Snipe-It
Name of the Vulnerable Software and Affected Versions: Snipe-IT versions prior to 7.0.10 Description: The issue allows remote code execution when an attacker knows the APP KEY, which is associated with cookie serialization. This is worsened by the availability of .env files from the product's...
CentOS 6 : java-1.8.0-ibm (RHSA-2020:2239)
The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2239 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Kerberos. Supported versions that are affected are Java SE: 7u231...
CentOS 6 : java-1.8.0-ibm (RHSA-2020:0469)
The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0469 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE:...
CentOS 7 : java-1.7.1-ibm (RHSA-2020:0468)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0468 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE:...
CentOS 7 : java-1.8.0-ibm (RHSA-2020:0470)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0470 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE:...
CentOS 6 : java-1.7.1-ibm (RHSA-2020:0467)
The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0467 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE:...
CentOS 7 : java-1.8.0-openjdk (RHSA-2022:0306)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0306 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that ar...
Exploit for Deserialization of Untrusted Data in Flask-Caching_Project Flask-Caching
It is an offensive tool for web exploitation. This PoC exploit t...
Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications
A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit SDK that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-47561 CVSS score: 9.3, impacts all versions of the software prior t...
K000141355: Multiple PHP vulnerabilities
Security Advisory Description CVE-2016-4342 ext/phar/pharobject.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact v...
ROS-20241003-01
Vulnerability of dmaentryalloccheckleak function of dma-debug component of Linux operating system kernel is related to incorrect locking. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service Vulnerability in the vaddr-test component of the Linux operati...
K000141317: PHP vulnerabilities CVE-2017-9225, CVE-2017-8923, CVE-2016-7413, CVE-2016-9935, and CVE-2016-7417
Security Advisory Description CVE-2017-9225 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigencunicodegetcasefoldcodesbystr occurs during regular expression compilation. Code point...
GHSA-G643-XQ6W-R67C Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.
This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The...
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.
This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The...
CVE-2024-45772
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users ar...
CVE-2024-45772 Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users ar...
CVE-2024-45772 Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users ar...
CVE-2024-45772
CVE-2024-45772 (Apache Lucene Replicator) : A deserialization of untrusted data vulnerability affects Lucene Replicator in versions 4.4.0 through before 9.12.0; the deprecated org.apache.lucene.replicator.http package is affected, while org.apache.lucene.replicator.nrt is not. The issue can be tr...