Lucene search
K

4273 matches found

Vulnrichment
Vulnrichment
added 2024/10/11 12:0 a.m.17 views

CVE-2024-48987

Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...

7.8AI score0.00962EPSS
Exploits1References2
CVE
CVE
added 2024/10/11 12:0 a.m.76 views

CVE-2024-48987

CVE-2024-48987 affects Snipe-IT prior to 7.0.10. The vulnerability enables remote code execution through cookie handling when an attacker knows the APP_KEY, with risk amplified by default APP_KEY values in .env files in the repository. Affected component is the cookie deserialization path; root c...

6.6CVSS8.1AI score0.00962EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/10 12:0 a.m.4 views

PT-2024-33316 · Snipe-It · Snipe-It

Name of the Vulnerable Software and Affected Versions: Snipe-IT versions prior to 7.0.10 Description: The issue allows remote code execution when an attacker knows the APP KEY, which is associated with cookie serialization. This is worsened by the availability of .env files from the product's...

8.6CVSS8.2AI score0.00962EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.16 views

CentOS 6 : java-1.8.0-ibm (RHSA-2020:2239)

The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2239 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Kerberos. Supported versions that are affected are Java SE: 7u231...

8.3CVSS6.6AI score0.0623EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.25 views

CentOS 6 : java-1.8.0-ibm (RHSA-2020:0469)

The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0469 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE:...

8.1CVSS6.5AI score0.04903EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.23 views

CentOS 7 : java-1.7.1-ibm (RHSA-2020:0468)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0468 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE:...

8.1CVSS6.5AI score0.04903EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.23 views

CentOS 7 : java-1.8.0-ibm (RHSA-2020:0470)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0470 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE:...

8.1CVSS6.5AI score0.04903EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.22 views

CentOS 6 : java-1.7.1-ibm (RHSA-2020:0467)

The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0467 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE:...

8.1CVSS6.5AI score0.04903EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.20 views

CentOS 7 : java-1.8.0-openjdk (RHSA-2022:0306)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0306 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that ar...

5.3CVSS6.1AI score0.08346EPSS
Exploits0References13
GithubExploit
GithubExploit
added 2024/10/08 5:27 p.m.497 views

Exploit for Deserialization of Untrusted Data in Flask-Caching_Project Flask-Caching

It is an offensive tool for web exploitation. This PoC exploit t...

9.8CVSS9.2AI score0.07288EPSS
Exploits3
The Hacker News
The Hacker News
added 2024/10/07 9:30 a.m.25 views

Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications

A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit SDK that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-47561 CVSS score: 9.3, impacts all versions of the software prior t...

9.2CVSS7.4AI score0.03278EPSS
Exploits0
F5 Networks
F5 Networks
added 2024/10/07 3:15 a.m.31 views

K000141355: Multiple PHP vulnerabilities

Security Advisory Description CVE-2016-4342 ext/phar/pharobject.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact v...

8.8CVSS9.2AI score0.13314EPSS
Exploits5
Redos
Redos
added 2024/10/03 12:0 a.m.31 views

ROS-20241003-01

Vulnerability of dmaentryalloccheckleak function of dma-debug component of Linux operating system kernel is related to incorrect locking. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service Vulnerability in the vaddr-test component of the Linux operati...

7.8CVSS7.3AI score0.00811EPSS
Exploits1
F5 Networks
F5 Networks
added 2024/10/02 5:24 p.m.48 views

K000141317: PHP vulnerabilities CVE-2017-9225, CVE-2017-8923, CVE-2016-7413, CVE-2016-9935, and CVE-2016-7417

Security Advisory Description CVE-2017-9225 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigencunicodegetcasefoldcodesbystr occurs during regular expression compilation. Code point...

9.8CVSS8.6AI score0.07191EPSS
Exploits4
OSV
OSV
added 2024/09/30 9:30 a.m.19 views

GHSA-G643-XQ6W-R67C Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.

This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The...

5.1CVSS6.3AI score0.00586EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/09/30 9:30 a.m.26 views

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.

This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The...

8CVSS6.1AI score0.00586EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/09/30 9:15 a.m.57 views

CVE-2024-45772

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users ar...

8CVSS0.00586EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/30 8:51 a.m.19 views

CVE-2024-45772 Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users ar...

5.1CVSS6.4AI score0.00586EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/30 8:51 a.m.54 views

CVE-2024-45772 Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users ar...

5.1CVSS0.00586EPSS
Exploits0References1
CVE
CVE
added 2024/09/30 8:51 a.m.91 views

CVE-2024-45772

CVE-2024-45772 (Apache Lucene Replicator) : A deserialization of untrusted data vulnerability affects Lucene Replicator in versions 4.4.0 through before 9.12.0; the deprecated org.apache.lucene.replicator.http package is affected, while org.apache.lucene.replicator.nrt is not. The issue can be tr...

8CVSS5.6AI score0.00586EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder