Lucene search
K

215 matches found

CNNVD
CNNVD
added 2023/03/01 12:0 a.m.6 views

Alphabet YouTube Embedded 安全漏洞

Alphabet YouTube Embedded is a video sharing application from Alphabet USA. A security vulnerability exists in the Alphabet YouTube Embedded version 1.2 SDK, which stems from a ClassLoader that the SDK can load for malicious applications...

7.3CVSS7.3AI score0.00111EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.7 views

SUSE CVE-2007-3922

Unspecified vulnerability in the Java Runtime Environment JRE Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.214 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to...

6.8CVSS6.9AI score0.02873EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:55 a.m.3 views

SUSE CVE-2010-4351

The JNLP SecurityManager in IcedTea IcedTea.so 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security...

6.8CVSS6.9AI score0.02533EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:54 a.m.4 views

SUSE CVE-2011-0706

The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."...

7.5CVSS7.9AI score0.03086EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:52 a.m.5 views

SUSE CVE-2011-2513

The Java Network Launching Protocol JNLP implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader...

5CVSS7AI score0.02497EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:39 a.m.4 views

SUSE CVE-2013-1926

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet...

5.8CVSS6.9AI score0.01865EPSS
Exploits0References7
Fedora
Fedora
added 2022/12/11 1:47 a.m.40 views

[SECURITY] Fedora 35 Update: bcel-6.4.1-10.fc35

The Byte Code Engineering Library formerly known as JavaClass is intended to give users a convenient possibility to analyze, create, and manipulate binary Java class files those ending with .class. Classes are represented by objects which contain all the symbolic information of the given class:...

9.8CVSS1AI score0.02836EPSS
Exploits0
Fedora
Fedora
added 2022/12/11 1:40 a.m.52 views

[SECURITY] Fedora 36 Update: bcel-6.4.1-10.fc36

The Byte Code Engineering Library formerly known as JavaClass is intended to give users a convenient possibility to analyze, create, and manipulate binary Java class files those ending with .class. Classes are represented by objects which contain all the symbolic information of the given class:...

9.8CVSS1AI score0.02836EPSS
Exploits0
OSV
OSV
added 2022/12/05 4:15 a.m.6 views

CVE-2022-43484

TERASOLUNA Global Framework 1.0.0 Public review version and TERASOLUNA Server Framework for Java Rich 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an...

7.8CVSS5.9AI score0.00407EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/08/26 12:0 a.m.5 views

PT-2022-10737 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns ClassLoaderTheme and ClasspathThemeResourceProviderFactory, which allow reading any file available as a resource to the classloader. ...

4.3CVSS5.5AI score0.00897EPSS
Exploits0References11
CNNVD
CNNVD
added 2022/07/27 12:0 a.m.4 views

Veritas NetBackup 安全漏洞

Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports ransomware detection and backup protection of environmental data such as metadata and virtual environments. A security vulnerabilit...

9.8CVSS8.6AI score0.01484EPSS
Exploits0References2
Veracode
Veracode
added 2022/07/20 4:31 a.m.53 views

Remote Code Execution (RCE)

org.grails, grails-databinding is vulnerable to remote code execution. The vulnerability exists in the isOkToBind function of SimpleDataBinder.groovy, allowing an attacker to execute code by gaining access to the class loader...

9.8CVSS9.5AI score0.01746EPSS
Exploits0References11Affected Software1
NVD
NVD
added 2022/07/19 4:15 p.m.24 views

CVE-2022-35912

In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 at least when certain Java 8 configurations are used, data binding allows a remote attacker to execute code by gaining access to the class loader...

9.8CVSS0.01746EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/07/19 4:15 p.m.2 views

CVE-2022-35912

In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 at least when certain Java 8 configurations are used, data binding allows a remote attacker to execute code by gaining access to the class loader...

9.8CVSS7.5AI score0.01746EPSS
Exploits0References5
Prion
Prion
added 2022/07/19 4:15 p.m.15 views

Code injection

In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 at least when certain Java 8 configurations are used, data binding allows a remote attacker to execute code by gaining access to the class loader...

7.5CVSS9.5AI score0.01746EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/07/19 3:56 p.m.16 views

CVE-2022-35912

In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 at least when certain Java 8 configurations are used, data binding allows a remote attacker to execute code by gaining access to the class loader...

9.8CVSS9.6AI score0.01746EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/07/19 12:0 a.m.6 views

Grails 代码注入漏洞

Grails is the Grails project is based on the Groovy programming language and a set of rapid development of Web applications for the open source framework . A security vulnerability in Grails-databinding versions prior to 3.3.15, 4.x versions prior to 4.1.1, 5.x versions prior to 5.1.9, and 5.2.x...

9.8CVSS8.6AI score0.01746EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/05/25 12:0 a.m.7 views

XWiki Platform 路径遍历漏洞

Xwiki Platform is a suite of Wiki platforms for creating web collaboration applications from the French company Xwiki. A security vulnerability exists in versions of XWiki Platform prior to 12.10.3 that stems from the ability to request any file located in the class loader using the template API...

4CVSS5AI score0.00998EPSS
Exploits0References5
OSV
OSV
added 2022/05/17 3:28 a.m.3 views

GHSA-VPR3-F594-MG5G Improper Control of Generation of Code ('Code Injection') in Spring Framework

SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs0=jar: followed by a URL of a crafted .jar file...

6CVSS7.6AI score0.52003EPSS
Exploits11References17
VulnCheck KEV
VulnCheck KEV
added 2022/05/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2014-0114

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute...

7.5CVSS6.9AI score0.96121EPSS
Exploits4References1
Rows per page
Query Builder