439 matches found
CVE-2019-0189
The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the...
Fedora 29 : php (2019-8c4b25b5ec)
"PHP version 7.2.19 30 May 2019 EXIF: - Fixed bug php77988 heap-buffer-overflow on phpjpgget16. CVE-2019-11040 Stas FPM: - Fixed bug php77934 php-fpm kill -USR2 not working. Jakub Zelenka - Fixed bug php77921 static.php.net doesn't work anymore. Peter Kokot GD: - Fixed bug php77943...
Fedora 28 : php-symfony3 (2018-66547a8c14)
Version 3.4.20 2018-12-06 - security CVE-2018-19790 Security\Http detect bad redirect targets using backslashes @xabbuh - security CVE-2018-19789 Form Filter file uploads out of regular form types @nicolas-grekas - bug 29436 Cache Fixed Memcached adapter doClearto call flush raitocz - bug 29441...
Fedora 29 : php-symfony3 (2018-8d3a9bdff1)
Version 3.4.20 2018-12-06 - security CVE-2018-19790 Security\Http detect bad redirect targets using backslashes @xabbuh - security CVE-2018-19789 Form Filter file uploads out of regular form types @nicolas-grekas - bug 29436 Cache Fixed Memcached adapter doClearto call flush raitocz - bug 29441...
Fedora 29 : php-symfony4 (2018-84a1f77d89)
Version 4.1.9 2018-12-06 - security CVE-2018-19790 Security\Http detect bad redirect targets using backslashes @xabbuh - security CVE-2018-19789 Form Filter file uploads out of regular form types @nicolas-grekas - bug 29436 Cache Fixed Memcached adapter doClearto call flush raitocz - bug 29441...
[R2] SecurityCenter 5.8.0 Fixes Multiple Third-Party Vulnerabilities
SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components Apache Xalan and Serializer were found to contain vulnerabilities, and updated versions have been made available by the providers...
[R2] SecurityCenter 5.8.0 Fixes Multiple Third-Party Vulnerabilities
SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components Apache Xalan and Serializer were found to contain vulnerabilities, and updated versions have been made available by the providers...
CVE-2018-14037
Cross-site scripting XSS vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload...
CVE-2018-1000618
EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack overflow vulnerability in abiserializer that can result in attack eos network node. This attack appear to be exploitable via network request. This vulnerability appears to have been fixed in after commit...
Design/Logic Flaw
The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0 derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an...
CVE-2017-3201
The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0 derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an...
CVE-2017-3206
The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references XXEs from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, deni...
CVE-2017-3202
The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability...
Server side request forgery (ssrf)
The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references XXEs from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, deni...
CVE-2017-3202
The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability...
Deserialization of untrusted data
The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability...
CVE-2017-3201
The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0 derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an...
CVE-2017-3201
CVE-2017-3201 affects Flamingo amf-serializer by Exadel, version 2.2.0. The AMF3 deserializer derives class instances from java.io.Externalizable instead of flash.utils.IExternalizable, enabling a remote attacker who can spoof/control an RMI server to send serialized Java objects that execute arb...
CVE-2017-3202
The CVE-2017-3202 entry concerns Flamingo amf-serializer (Exadel) 2.2.0, whose AMF3 deserializers may instantiate arbitrary classes via a public no-argument constructor and then invoke Java Beans setters. Exploitation requires that attacker-controlled or spoofable data reach the serdes path and t...
CVE-2017-3201 Flamingo amf-serializer by Exadel, version 2.2.0, Action Message Format (AMF3) Java implementation is vulnerable to insecure deserialization
The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0 derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an...