Rundeck Community Edition/Enterprise Edition up to 3.4.2/3.3.13 Project deserialization

A vulnerability, which was classified as critical, has been found in Rundeck Community Edition and Enterprise Edition up to 3.4.2/3.3.13. This issue affects an unknown code of the component Project Handler. Upgrading to version 3.4.3 or 3.3.14 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-37452 : EXIM UP TO 4.94 ALIAS LIST HOST.C HOST_NAME_LOOKUP SENDER_HOST_NAME HEAP-BASED OVERFLOW

CVE-2022-37452 : EXIM UP TO 4.94 ALIAS LIST HOST.C HOST_NAME_LOOKUP SENDER_HOST_NAME HEAP-BASED OVERFLOW

Description Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is

CVE-2022-27535 : KASPERSKY VPN SECURE CONNECTION UP TO 21.5 ON WINDOWS DENIAL OF SERVICE

CVE-2022-27535 : KASPERSKY VPN SECURE CONNECTION UP TO 21.5 ON WINDOWS DENIAL OF SERVICE

Description Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of

CVE-2022-32965 : OMICARD EDM HARD-CODED CREDENTIALS

CVE-2022-32965 : OMICARD EDM HARD-CODED CREDENTIALS

Description OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized