148 matches found
CVE-2020-25259
CVE-2020-25259 affects Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below, and 20.3.10.1000 and below. The root cause is the unsafe use of XML deserialization libraries. The CVSS data indicates a network-exposed vector with high criticality (C/H/I...
CVE-2020-25259
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses XML deserialization libraries in an unsafe manner...
Hyland OnBase XML Deserialization Library Insecure Use Vulnerability
Hyland OnBase is an enterprise information platform for managing your content, processes and cases. Hyland OnBase is vulnerable to an unsafe use of the XML deserialization library. No detailed vulnerability details are provided at this time...
Microsoft .NET Framework Remote Code Execution Vulnerability (KB4566516)
This host is missing a critical security update according to Microsoft KB4566516 Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progra...
xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)
It was found that xstream API version 1.4.10 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. This a regression of...
CVE-2014-2228
The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages...
CVE-2014-2228
The CVE-2014-2228 issue affects the XStream extension in HP Fortify SCA prior to version 2.2 RC3, where unsafe deserialization of XML messages allows remote attackers to execute arbitrary code. The affected component is the XStream extension, with the root cause described as unsafe XML deserializ...
CVE-2014-2228
The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages...
Huawei EulerOS: Security Advisory for slf4j (EulerOS-SA-2018-1093)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for slf4j (EulerOS-SA-2018-1159)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for slf4j (EulerOS-SA-2018-1092)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)
It was found that xstream API version 1.4.10 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. This a regression of...
Security Bulletin: Multiple vulnerabilities in Xstream affect IBM InfoSphere Information Server
Summary Multiple vulnerabilities in XStream was addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2013-7285 DESCRIPTION: XStream could allow a remote attacker to execute arbitrary code on the system, caused by an error in the XMLGenerator API. An attacker could...
slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...
NewStart CGSL MAIN 5.04 : slf4j Vulnerability (NS-SA-2019-0015)
The remote NewStart CGSL host, running version MAIN 5.04, has slf4j packages installed that are affected by a vulnerability: - An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution. CVE-2018-8088...
xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)
It was found that xstream API version 1.4.10 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. This a regression of...
Important: Red Hat Security Advisory: Red Hat Decision Manager 7.4.0 Security Update
An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links i...
Oracle WebLogic Server Remote Code Execution (CVE-2019-2725)
A remote code execution vulnerability exists within Oracle WebLogic. The vulnerability is due to improper XML deserialization. Successful exploitation could lead to arbitrary code execution...
CVE-2019-2725
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services. Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...