CVE-2023-31139

DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.37 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, Personal Access Tokens PATs generate unrestricted session cookies. This may lead to a bypass of other access...

CVE-2022-31139

UnsafeAccessor UA is a bridge to access jdk.internal.misc.Unsafe & sun.misc.Unsafe. Normally, if UA is loaded as a named module, the internal data of UA is protected by JVM and others can only access UA via UA's standard API. The main application can set up SecurityCheck.AccessLimiter for UA to...

CVE-2025-31139

In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log...

CVE-2025-31139

creationtimestamp| type| source ---|---|--- 2025-03-27 12:26:17+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9063 2025-03-27 14:58:29+00:00| seen| https://t.me/cvedetector/21280...

CVE-2025-31139

In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log...

CVE-2025-31139

In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log...

CVE-2025-31139

JetBrains TeamCity prior to 2025.03 exposes base64 encoded passwords in build logs (CVE-2025-31139). Affects JetBrains TeamCity (CI/CD server); vulnerability arises from passwords being logged in base64 form. Impact: potential credential exposure. Mitigation: upgrade to version 2025.03 or later o...

CVE-2024-31139

In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector...

CVE-2023-31139

creationtimestamp| type| source ---|---|--- 2023-05-09 18:43:40+00:00| seen| https://t.me/cibsecurity/63621...

CVE-2023-31139 DHIS2 Core unrestricted session cookies with Personal Access Tokens

DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.37 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, Personal Access Tokens PATs generate unrestricted session cookies. This may lead to a bypass of other access...

CVE-2023-31139

DHIS2 Core contains the service layer and Web API. The issue arises in versions prior to 2.37.9.1, 2.38.3.1, and 2.39.1.2, where Personal Access Tokens (PATs) generate unrestricted session cookies, potentially bypassing other access controls (e.g., IP restrictions or HTTP methods). Impact is a by...

CVE-2023-31139 DHIS2 Core unrestricted session cookies with Personal Access Tokens

DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.37 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, Personal Access Tokens PATs generate unrestricted session cookies. This may lead to a bypass of other access...

io.github.karlatemp.jvm-hook-framework:api (=1.2.0), io.github.karlatemp.mxlib:mxlib-command (>=3.0-dev-16 <=3.0-dev-20) +15 more potentially affected by CVE-2022-31139 via io.github.karlatemp:unsafe-accessor (>=1.5.0 <=1.6.0)

io.github.karlatemp:unsafe-accessor MAVEN version =1.5.0, =3.0-dev-16, =3.0-dev-16, =3.0-dev-16, =3.0-dev-16, =3.0-dev-16, =3.0-dev-16, =3.0-dev-16, =3.0-dev-16, =3.0-dev-16, =3.0-dev-16, =3.0-dev-16, =1.1, =2.1.0 and more Source cves: CVE-2022-31139 Source advisory: OSV:GHSA-CR6P-23CF-W9G9...

CVE-2022-31139

The CVE-2022-31139 entry concerns UnsafeAccessor (UA), a bridge to access jdk.internal.misc.Unsafe and sun.misc.Unsafe. According to the connected sources, when SecurityCheck.AccessLimiter is configured, untrusted code can access UA without limitation even if UA is loaded as a named module; this ...

CVE-2022-31139 No security checking for UnsafeAccess.getInstance() in UnsafeAccessor

UnsafeAccessor UA is a bridge to access jdk.internal.misc.Unsafe & sun.misc.Unsafe. Normally, if UA is loaded as a named module, the internal data of UA is protected by JVM and others can only access UA via UA's standard API. The main application can set up SecurityCheck.AccessLimiter for UA to...

CVE-2022-31139 No security checking for UnsafeAccess.getInstance() in UnsafeAccessor

UnsafeAccessor UA is a bridge to access jdk.internal.misc.Unsafe & sun.misc.Unsafe. Normally, if UA is loaded as a named module, the internal data of UA is protected by JVM and others can only access UA via UA's standard API. The main application can set up SecurityCheck.AccessLimiter for UA to...

CVE-2021-31139

This CVE ID is rejected/not used and does not represent an active vulnerability entry.

CVE-2021-31139

...

Trend Micro OfficeScan cgiRecvFile.exe ComputerName buffer overflow

Added: 09/23/2008 CVE: CVE-2008-2437 BID: 31139 OSVDB: 48024 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem A buffer overflow vulnerability in cgiRecvFile.exe allows remote attackers to execute arbitrary commands by sending an HTTP request...