Lucene search
+L

47 matches found

UbuntuCve
UbuntuCve
added 2020/09/09 4:15 p.m.16 views

CVE-2020-11986

To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis o...

9.8CVSS7.2AI score0.09931EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2020/09/09 3:28 p.m.26 views

CVE-2020-11986

To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis o...

9.8CVSS9.5AI score0.09931EPSS
Exploits0
CVE
CVE
added 2020/09/09 3:28 p.m.51 views

CVE-2020-11986

The CVE-2020-11986 issue affects Apache NetBeans up to 12.0. Opening a Gradle project causes the build script to run at load time, potentially enabling remote attackers to execute code without user consent. The Arch Linux advisory confirms a remote arbitrary code execution vulnerability and direc...

9.8CVSS9.4AI score0.09931EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/09/09 3:28 p.m.19 views

CVE-2020-11986

To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis o...

9.5AI score0.09931EPSS
Exploits0References3
NVD
NVD
added 2020/03/30 7:15 p.m.19 views

CVE-2019-17561

The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability...

7.5CVSS7.5AI score0.01634EPSS
Exploits0References2
NVD
NVD
added 2020/03/30 7:15 p.m.32 views

CVE-2019-17560

The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are...

9.1CVSS9.2AI score0.02007EPSS
Exploits0References2
OSV
OSV
added 2020/03/30 7:15 p.m.18 views

CVE-2019-17561

The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability...

7.5CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2020/03/30 7:15 p.m.17 views

CVE-2019-17560

The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are...

9.1CVSS6.7AI score
Exploits0References2
Prion
Prion
added 2020/03/30 7:15 p.m.15 views

Design/Logic Flaw

The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are...

6.4CVSS9.1AI score0.02007EPSS
Exploits0References2Affected Software2
UbuntuCve
UbuntuCve
added 2020/03/30 7:15 p.m.30 views

CVE-2019-17561

The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability...

7.5CVSS7.1AI score0.01634EPSS
Exploits0References2
Prion
Prion
added 2020/03/30 7:15 p.m.20 views

Security feature bypass

The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability...

5CVSS7.6AI score0.01634EPSS
Exploits0References2Affected Software2
UbuntuCve
UbuntuCve
added 2020/03/30 7:15 p.m.24 views

CVE-2019-17560

The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are...

9.1CVSS7.2AI score0.02007EPSS
Exploits0References2
CVE
CVE
added 2020/03/30 6:44 p.m.106 views

CVE-2019-17561

Summary: CVE-2019-17561 affects Apache NetBeans, where the autoupdate system does not fully validate code signatures, allowing an attacker to modify downloaded nbm packages. This vulnerability impacts NetBeans releases up to and including 11.2. The available documents describe the root cause as i...

7.5CVSS7.5AI score0.01634EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/03/30 6:44 p.m.28 views

CVE-2019-17561

The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability...

7.6AI score0.01634EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2020/03/30 6:44 p.m.27 views

CVE-2019-17561

The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability...

7.5CVSS7.6AI score0.01634EPSS
Exploits0
Cvelist
Cvelist
added 2020/03/30 6:39 p.m.32 views

CVE-2019-17560

The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are...

9.2AI score0.02007EPSS
Exploits0References2
CVE
CVE
added 2020/03/30 6:39 p.m.110 views

CVE-2019-17560

CVE-2019-17560 describes an issue in the Apache NetBeans autoupdate system where HTTPS downloads are not validating SSL certificates or hostnames. This enables an attacker to intercept autoupdates and modify them, potentially injecting malicious code. The vulnerability affects NetBeans releases u...

9.1CVSS9.1AI score0.02007EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2020/03/30 6:39 p.m.56 views

CVE-2019-17560

The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are...

9.1CVSS9.2AI score0.02007EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/03/30 12:0 a.m.3 views

PT-2020-4106 · Apache · Apache Netbeans

Name of the Vulnerable Software and Affected Versions: Apache NetBeans versions up to and including 11.2 Description: The issue is related to the Apache NetBeans autoupdate system, which does not validate SSL certificates and hostnames for https-based downloads. This allows an attacker to interce...

9.4CVSS9.2AI score0.02007EPSS
Exploits0References14
BDU FSTEC
BDU FSTEC
added 2020/01/20 12:0 a.m.6 views

The vulnerability of the Proxy Auto-Configuration (PAC) configuration file in the Apache NetBeans application development environment allows a hacker to execute arbitrary code.

The vulnerability of the Proxy Auto-Configuration PAC configuration file of the Apache NetBeans application development environment is related to the lack of measures taken to neutralize the script in the web page’s attributes. Exploiting this vulnerability allows a malicious actor to execute...

10CVSS8.1AI score0.07755EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder