56 matches found
RSA Archer 跨站脚本漏洞
RSA Archer is an enterprise IT governance and compliance governance product from RSA UK, including policy, risk and compliance definition and management. It is able to aggregate all of our enterprise assets, as well as some of the monitored information, and organize it into a unified platform,...
SUSE SLES11 Security Update : openldap2 (SUSE-SU-2020:14419-1)
The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2020:14419-1 advisory. - A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux...
CVE-2020-26886
Softaculous before 5.5.7 is affected by a code execution vulnerability because of External Initialization of Trusted Variables or Data Stores. This leads to privilege escalation on the local host...
Softaculous Ltd. Softaculous 安全漏洞
Softaculous is a commercial scripting library that automates the installation of commercial and open source web applications onto websites. A code execution vulnerability exists in Softaculous versions prior to 5.5.7. The vulnerability stems from external initialization of trusted variables or da...
CVE-2020-4682
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509...
IBM MQ 代码问题漏洞
IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. A remote code execution vulnerability exists in IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD, which is caused ...
Deserialization of untrusted data
jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...
CVE-2020-22083
jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...
CVE-2020-22083
jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...
Description of the security update for SharePoint Server 2019: July 14, 2020
Description of the security update for SharePoint Server 2019: July 14, 2020 Note: After you install this update, the default setting for a trusted data source and trusted content locations in PerformancePoint Services will change from trust all to trust none. For more information, see KB 4571413...
Description of the security update for SharePoint Server 2010: July 14, 2020
Description of the security update for SharePoint Server 2010: July 14, 2020 Note: After you install this update, the default setting for a trusted data source and trusted content locations in PerformancePoint Services will change from trust all to trust none. For more information, see KB 4571413...
CVE-2016-1000027
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...
CVE-2018-1131
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possibl...
Infinispan Code Execution Vulnerability
Infinispan is Infinispan team of a set of Java-based open source distributed data storage and data grid platform . A security vulnerability exists in Infinispan that stems from the program's failure to properly deserialize trusted data via XML and JSON encoders. An attacker could exploit the...
Deserialization of untrusted data
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possibl...
The vulnerability of the tdx.sys component, which is used to check the length of the operating system’s buffer, allows a hacker to exploit their privileges.
The vulnerability of the tdx.sys component, which is used to check the length of operating system Windows buffers, is related to deficiencies in access control. Exploiting this vulnerability could allow an intruder, operating locally, to increase their privileges...