Lucene search
K

5 matches found

Snyk
Snyk
added 2026/06/05 6:19 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the readExternal methods in the AE, SS, and ServerConfigurationPayload classes, all of which call builderWithExpectedSize without checking the size of the input. A cluster user wit...

7.5CVSS5.5AI score0.00278EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2018/12/04 4:0 p.m.8 views

ignite: Improper deserialization allows for code execution via GridClientJdkMarshaller endpoint

In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be...

9.8CVSS6AI score0.0679EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/08/14 7:51 p.m.3 views

ignite: Possible Execution of Arbitrary Code Within Deserialization Endpoints

In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one...

9.8CVSS6.1AI score0.06705EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/02/21 2:26 p.m.5 views

qpid-proton: reactor sends messages in clear if ssl is requested but not available

The 1 proton.reactor.Connector, 2 proton.reactor.Container, and 3 proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain...

6.5CVSS6.6AI score0.04267EPSS
Exploits0References4
Prion
Prion
added 2017/02/15 7:59 p.m.12 views

Code injection

IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference : 1983457...

7.5CVSS7.5AI score0.02812EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder