215 matches found
Alphabet YouTube Embedded 安全漏洞
Alphabet YouTube Embedded is a video sharing application from Alphabet USA. A security vulnerability exists in the Alphabet YouTube Embedded version 1.2 SDK, which stems from a ClassLoader that the SDK can load for malicious applications...
SUSE CVE-2007-3922
Unspecified vulnerability in the Java Runtime Environment JRE Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.214 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to...
SUSE CVE-2010-4351
The JNLP SecurityManager in IcedTea IcedTea.so 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security...
SUSE CVE-2011-0706
The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."...
SUSE CVE-2011-2513
The Java Network Launching Protocol JNLP implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader...
SUSE CVE-2013-1926
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet...
[SECURITY] Fedora 35 Update: bcel-6.4.1-10.fc35
The Byte Code Engineering Library formerly known as JavaClass is intended to give users a convenient possibility to analyze, create, and manipulate binary Java class files those ending with .class. Classes are represented by objects which contain all the symbolic information of the given class:...
[SECURITY] Fedora 36 Update: bcel-6.4.1-10.fc36
The Byte Code Engineering Library formerly known as JavaClass is intended to give users a convenient possibility to analyze, create, and manipulate binary Java class files those ending with .class. Classes are represented by objects which contain all the symbolic information of the given class:...
CVE-2022-43484
TERASOLUNA Global Framework 1.0.0 Public review version and TERASOLUNA Server Framework for Java Rich 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an...
PT-2022-10737 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns ClassLoaderTheme and ClasspathThemeResourceProviderFactory, which allow reading any file available as a resource to the classloader. ...
Veritas NetBackup 安全漏洞
Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports ransomware detection and backup protection of environmental data such as metadata and virtual environments. A security vulnerabilit...
Remote Code Execution (RCE)
org.grails, grails-databinding is vulnerable to remote code execution. The vulnerability exists in the isOkToBind function of SimpleDataBinder.groovy, allowing an attacker to execute code by gaining access to the class loader...
CVE-2022-35912
In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 at least when certain Java 8 configurations are used, data binding allows a remote attacker to execute code by gaining access to the class loader...
CVE-2022-35912
In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 at least when certain Java 8 configurations are used, data binding allows a remote attacker to execute code by gaining access to the class loader...
Code injection
In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 at least when certain Java 8 configurations are used, data binding allows a remote attacker to execute code by gaining access to the class loader...
CVE-2022-35912
In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 at least when certain Java 8 configurations are used, data binding allows a remote attacker to execute code by gaining access to the class loader...
Grails 代码注入漏洞
Grails is the Grails project is based on the Groovy programming language and a set of rapid development of Web applications for the open source framework . A security vulnerability in Grails-databinding versions prior to 3.3.15, 4.x versions prior to 4.1.1, 5.x versions prior to 5.1.9, and 5.2.x...
XWiki Platform 路径遍历漏洞
Xwiki Platform is a suite of Wiki platforms for creating web collaboration applications from the French company Xwiki. A security vulnerability exists in versions of XWiki Platform prior to 12.10.3 that stems from the ability to request any file located in the class loader using the template API...
GHSA-VPR3-F594-MG5G Improper Control of Generation of Code ('Code Injection') in Spring Framework
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs0=jar: followed by a URL of a crafted .jar file...
VulnCheck KEV: CVE-2014-0114
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute...