Filtered by CWE-349
Filtered by vendor Subscriptions
Total 26 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-1131 2 Infinispan, Redhat 3 Infinispan, Jboss Data Grid, Jboss Fuse 2024-11-21 N/A
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected.
CVE-2013-2167 3 Debian, Openstack, Redhat 3 Debian Linux, Python-keystoneclient, Openstack 2024-11-21 9.8 Critical
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass
CVE-2013-2166 4 Debian, Fedoraproject, Openstack and 1 more 4 Debian Linux, Fedora, Python-keystoneclient and 1 more 2024-11-21 9.8 Critical
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
CVE-2024-52555 1 Jetbrains 1 Webstorm 2024-11-18 6.3 Medium
In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script
CVE-2024-42483 1 Espressif 1 Esp-now 2024-09-23 6.5 Medium
ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An replay attacks vulnerability was discovered in the implementation of the ESP-NOW because the caches is not differentiated by message types, it is a single, shared resource for all kinds of messages, whether they are broadcast or unicast, and regardless of whether they are ciphertext or plaintext. This can result an attacker to clear the cache of its legitimate entries, there by creating an opportunity to re-inject previously captured packets. This vulnerability is fixed in 2.5.2.
CVE-2024-27185 1 Joomial Project 1 Joomial Cms 2024-09-22 9.1 Critical
The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors.