CVE-2018-1000224

Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in DeSerialization functions core/io/marshalls.cpp that can result in DoS packet of...

Integer overflow

Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in DeSerialization functions core/io/marshalls.cpp that can result in DoS packet of...

CVE-2018-1000224

Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in DeSerialization functions core/io/marshalls.cpp that can result in DoS packet of...

CVE-2018-1000224

Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in DeSerialization functions core/io/marshalls.cpp that can result in DoS packet of...

CVE-2018-1000224

The CVE-2018-1000224 issue affects Godot Engine: vulnerable in (De)Serialization paths in core/io/marshalls.cpp across all versions earlier than 2.1.5 and 3.0 before 3.0.6. It exposes a Signed/unsigned comparison, wrong buffer size checks, integer overflow, and missing padding initialization, ena...

php new exploit techniques—phar://-bug warning-the black bar safety net

Last week, in the United States the BlackHat conference to announce a for the PHP application to the new exploit. You can be in this article to understand it. Summary From Secarma security researcher Sam Thomas discovered a new exploit way, you can not use the php function unserializeis the...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale (CVE-2015-4843, CVE-2015-4805, CVE-2015-4810, CVE-2015-4806, CVE-2015-4871, CVE-2015-4902)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that is used by the IBM Spectrum Scale GUI. These issues were disclosed as part of the IBM Java SDK updates for October 2015. Vulnerability Details CVEID: CVE-2015-4843 DESCRIPTION: An unspecified...

Apache Ignite Arbitrary Code Execution Vulnerability (CNVD-2018-15540)

Apache Ignite is the United States Apache Apache Software Foundation's set of high-performance, integrated and distributed for large-scale data set processing in-memory computing and transaction management platform. An arbitrary code execution vulnerability exists in Apache Ignite 2.5 and earlier...

CVE-2018-8018

In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be...

CVE-2018-8018

In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be...

CVE-2018-8018

Impacted component: Apache Ignite. Affected versions include before 2.4.8 and 2.5.x before 2.5.3, where the serialization mechanism does not maintain a whitelist of allowed classes. Root cause: grids deserializing untrusted data via GridClientJdkMarshaller without a restricted class list, enablin...

Code Execution through IIFE in node-serialize

Affected versions of node-serialize can be abused to execute arbitrary code via an immediately invoked function expression IIFE if untrusted user input is passed into unserialize. Recommendation There is no direct patch for this issue. The package author has reviewed this advisory, and provided t...

GHSA-MM62-WXC8-CF7M Code Execution Through IIFE in serialize-to-js

Affected versions of serialize-to-js may be vulnerable to arbitrary code execution through an Immediately Invoked Function Expression IIFE. Proof of Concept js var payload = "e: function eval'console.logexploited' " var serialize = require'serialize-to-js'; serialize.deserializepayload;...

CVE-2016-9498

ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application...

Important: Red Hat Security Advisory: Red Hat Decision Manager 7.0.1 bug fix and security update

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links i...

RHEL 6 : Red Hat JBoss Enterprise Application Platform (RHSA-2018:2090)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2090 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...

RHEL 7 : Red Hat JBoss Enterprise Application Platform (RHSA-2018:2089)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2089 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.6 and 1.7 that is used by FSM. These issues were disclosed as part of the IBM Java SDK updates in October 2017. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2017-10345...

Security Bulletin: A vulnerability in ganglia affects PowerKVM (CVE-2015-6816)

Summary PowerKVM is affected by a vulnerability in ganglia. This vulnerability is now fixed. Vulnerability Details CVEID: CVE-2015-6816 DESCRIPTION: Ganglia Web could allow a remote attacker to bypass security restrictions, caused by an error in the GangliaAuth.php script. An attacker could explo...

Security Bulletin: A vulnerability in Open Source BeanShell has been addressed by IBM Kenexa LMS (CVE-2016-2510)

Summary A vulnerability in Open Source BeanShell has been addressed by LMS Vulnerability Details CVEID: CVE-2016-2510 DESCRIPTION: BeanShell could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data using Java serialization or XStream. ...