215 matches found
VulnCheck KEV: CVE-2014-0094
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method...
GHSA-2HJR-FG6C-V2H6 Unauthorized access to Class instance in Jinjava
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...
Unauthorized access to Class instance in Jinjava
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...
Mageia: Security Advisory (MGASA-2013-0322)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
log4j-CVE-2021-44228-workaround A. Solution Description =====...
Arbitrary Code Execution
jinjava is vulnerable to arbitrary code execution. An attacker is able to gain access to arbitrary classes via objects that are passed to the Jinjava context through the application class loader...
CVE-2020-12668
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...
CVE-2020-12668
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...
Arbitrary file deletion
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...
CVE-2020-12668
This entry concerns Jinjava prior to version 2.5.4 where callers can trigger access to arbitrary Java classes by invoking methods on objects supplied in the Jinjava context. The underlying issue is misuse of the application class loader, enabling scenarios like Arbitrary File Disclosure. Public r...
Security Bulletin:Security Vulnerability in IBM Java SDK for Quarterly CPU - April 2017 affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software (CVE-2017-3511)
Summary Security vulnerability in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM Rational Software Architect and Rational Software Architect for WebSphere Software..The CVE CVE-2017-3511 were disclosed as part of the IBM Java SDK updates in April 2017. Vulnerability...
SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader
A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...
apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default
A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...
SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader
A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...
SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader
A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...
Directory Traversal
Overview org.jooby:jooby is a modern, performant and easy to use web framework for Java and Kotlin built on top of your favorite web server. Affected versions of this package are vulnerable to Directory Traversal. There are two ways this vulnerability can be leveraged: When sharing a File System...
apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default
A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...
Server-side Template Injection (SSTI)
Overview freemarker:freemarker is a FreeMarker is a "template engine"; a generic tool to generate text output based on templates. Affected versions of this package are vulnerable to Server-side Template Injection SSTI. By allowing user input into java.security.ProtectionDomain.getClassLoader,...
CVE-2019-12400
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...
Unspecified Vulnerability in codeBeamer
Intland Software codeBeamer ALM is an application lifecycle management platform from Intland Software, Germany. The platform supports application lifecycle management, requirements management, risk management and software development. A security vulnerability exists in codeBeamer versions prior t...