Red Hat Security Advisory 2023-3892-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.4 serves as a replacement for Red Hat Single Sign-On 7.6.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, cross site scripting, and deserialization vulnerabilities.
c028114f9f831e46de9d7546cb402a0dea9be7bc7aa8cc74b62ab59d22957f30Red Hat Security Advisory 2023-1303-01 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 7.3.10 replaces Data Grid 7.3.9 and includes security fixes. Issues addressed include code execution and deserialization vulnerabilities.
c62443ed1f58111e5bcbad07381e2b4e325eed22780a41853e581f1fe837f762Ubuntu Security Notice 5946-1 - Lai Han discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
ab634e70322a3fa103bdf1f9fbef6f814dbfae127fcb8b168ad6c551929ecd91VMware Cloud Foundation (NSX-V) contains a remote code execution vulnerability via XStream open source library. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V), a malicious actor can get remote code execution in the context of root on the appliance. VMware Cloud Foundation 3.x and more specific NSX Manager Data Center for vSphere up to and including version 6.4.13 are vulnerable to remote command injection. This Metasploit module exploits the vulnerability to upload and execute payloads gaining root privileges.
e1f5fa59aee9a79145c46b8829a1543dbca23d36d00d330dacc1326a5f871b45Red Hat Security Advisory 2022-4623-01 - This release of Red Hat build of Quarkus 2.7.5 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include HTTP request smuggling, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.
10e69ee091e2e078b2a41e7bbc107daf8c4ce083633ded9691b8ec2b700362a5Red Hat Security Advisory 2022-0520-01 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.3.0 replaces Data Grid 8.2.3 and includes bug fixes and enhancements. Issues addressed include HTTP request smuggling, code execution, denial of service, and deserialization vulnerabilities.
851e7d90129974b5aef9a1685ad0e47b2b5241fbd8c1cb7d5f745cf0ca63a06bRed Hat Security Advisory 2022-0296-03 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.12.0 serves as an update to Red Hat Process Automation Manager 7.11.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, deserialization, and traversal vulnerabilities.
9fe5d56b67e4cb17b94b89a61187f0f0526832f9b202ea4e38ac4241e4d83532Red Hat Security Advisory 2022-0297-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.12.0 serves as an update to Red Hat Decision Manager 7.11.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, deserialization, and traversal vulnerabilities.
76891c2b8e01ccf2bb0eee2577145d5f3199b6012d511db9fdec8ab423514580Red Hat Security Advisory 2021-4918-03 - A minor version update is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, deserialization, information leakage, privilege escalation, and server-side request forgery vulnerabilities.
d5c90a3e7232924ae6e8b38f5e9ef8c694af77ff921bcdb7b07c49f3c69e7068Debian Linux Security Advisory 5004-1 - Multiple security vulnerabilities have been discovered in XStream, a Java library to serialize objects to XML and back again.
e3aca8ca24ba1bae991a19b9c891853d3fde83ade3db51bc3a65a899cca8f0acRed Hat Security Advisory 2021-3956-01 - XStream is a Java XML serialization library to serialize objects to and deserialize object from XML. Issues addressed include code execution, denial of service, and deserialization vulnerabilities.
6103d3fe2e92cf3b3ffb936ca863973bfc1fa8245666759a1ff144ba9cb97f2c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed