[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253928

 
 

909

 
 

198006

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 43969 Download | Alert*

An input validation vulnerability was found in Ansible"s handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible-server privileges. Fixed in Ansible 2.2.1, and 2.1.4

An input validation vulnerability was found in Ansible"s handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible-server privileges. Fixed In: Ansible 2.2.1, and 2.1.4

mongodb: Document-oriented database MongoDB could provide unintended access.

Guillaume Teissier reported that the XMLRPC client in libxmlrpc3-java, an XML-RPC implementation in Java, does perform deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious XMLRPC server can take advantage of this flaw to execute arbitrary code with the privileges of an application using the Apache XMLRPC client library. ...

libxmlrpc3-java: XML-RPC implementation in Java Apache XML-RPC could be made to execute arbitrary code if it received specially crafted data by a malicious XML-RPC server.

Guillaume Teissier reported that the XMLRPC client in libxmlrpc3-java, an XML-RPC implementation in Java, does perform deserialization of the server-side exception serialized in the faultCause attribute of XMLRPC error response messages. A malicious XMLRPC server can take advantage of this flaw to execute arbitrary code with the privileges of an application using the Apache XMLRPC client library. ...

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed

Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Security Fix: * xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in th ...

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby25-ruby . Security Fix: * ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? * ruby: Regular expression denial of service vulnerability of WEBrick"s Dig ...

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby27-ruby . Security Fix: * ruby: Potential HTTP request smuggling in WEBrick * ruby: XML round-trip vulnerability in REXML For more details about the security issue, inc ...


Pages:      Start    1656    1657    1658    1659    1660    1661    1662    1663    1664    1665    1666    1667    1668    1669    ..   4396

© SecPod Technologies