logback: Serialization vulnerability in SocketServer and ServerSocketReceiver

It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...

logback: Serialization vulnerability in SocketServer and ServerSocketReceiver

It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...

QOS.ch Logback SocketServer and ServerSocketReceiver Component Elevation of Privilege Vulnerability

QOS.ch Logback is a set of logging framework written in Java . SocketServer and ServerSocketReceiver are among the debugging modules. A security vulnerability exists in the SocketServer and ServerSocketReceiver components of QOS.ch Logback versions prior to 1.1.10. An attacker can exploit this...

UBUNTU-CVE-2017-5929

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

DEBIAN-CVE-2017-5929

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

SUSE-SU-2015:0478-1 Security update for postgresql93

postgresql93 was updated to version 9.3.6 to fix four security issues. These security issues were fixed: - CVE-2015-0241: Fix buffer overruns in tochar bnc916953. - CVE-2015-0243: Fix buffer overruns in contrib/pgcrypto bnc916953. - CVE-2015-0244: Fix possible loss of frontend/backend protocol...

Security update for clamav (important)

clamav was updated to version 0.98.5 to fix two security issues. These security issues were fixed: - Segmentation fault when processing certain files CVE-2013-6497. - Heap-based buffer overflow when scanning crypted PE files CVE-2014-9050. The following non-security issues were fixed: - Support f...

SuSE 11.3 Security Update : clamav (SAT Patch Number 10016)

clamav was updated to version 0.98.5 to fix three security issues and several non-security issues. These security issues have been fixed : - Crash when scanning maliciously crafted yoda's crypter files. CVE-2013-6497 - Heap-based buffer overflow when scanning crypted PE files. CVE-2014-9050 - Cra...

Security update for clamav (important)

clamav was updated to version 0.98.5 to fix two security issues. These security issues were fixed: - Segmentation fault when processing certain files CVE-2013-6497. - Heap-based buffer overflow when scanning crypted PE files CVE-2014-9050. The following non-security issues were fixed: - Support f...

kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2014:1167 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System...

kernel: sctp: sk_ack_backlog wrap-around problem

An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation processed certain COOKIEECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP...

kernel: sctp: sk_ack_backlog wrap-around problem

An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation processed certain COOKIEECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP...

OpenJDK corba reflection vulnerabilities (6891766,6925672)

Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle...

Hi

Application: KpyM telnet server v1.05 Url: http://kpym.sourceforge.net/ Versions: = 1.05 Platforms: Windows Bug: Socket flood bug Risk: High Exploitation: Remote Date: 3 Gen 2004 Author: NoRpiUs e-mail: [email protected] web: http://norpius.altervista.org 1 Introduction 2 Bug 3 The Code 4 Fi...

Microsoft Internet Explorer - Object Tag (MS03-020)

!/usr/bin/perl Proof of concept exploit on IE 5.x - 6.x by Alumni IE-Object longtype dynamic call oferflow url:// the flaw actually exists in URLMON.DLL when converting backslashes to wide char, this can be seen on stack dump near '&CLSID=AAA...2F2F...'. To exploit: i start server perl script; ii...