Lucene search
K

215 matches found

VulnCheck KEV
VulnCheck KEV
added 2022/05/11 12:0 a.m.5 views

VulnCheck KEV: CVE-2014-0094

The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method...

5CVSS7.3AI score0.99614EPSS
Exploits7References1
OSV
OSV
added 2022/02/09 12:33 a.m.3 views

GHSA-2HJR-FG6C-V2H6 Unauthorized access to Class instance in Jinjava

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...

6.5CVSS6AI score0.01814EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2022/02/09 12:33 a.m.43 views

Unauthorized access to Class instance in Jinjava

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...

6.8CVSS3.1AI score0.01814EPSS
Exploits1References7Affected Software1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.22 views

Mageia: Security Advisory (MGASA-2013-0322)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.9AI score0.24738EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2021/12/24 4:23 a.m.702 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j-CVE-2021-44228-workaround A. Solution Description =====...

10CVSS9.2AI score0.99999EPSS
Exploits352
Veracode
Veracode
added 2021/02/22 4:41 a.m.26 views

Arbitrary Code Execution

jinjava is vulnerable to arbitrary code execution. An attacker is able to gain access to arbitrary classes via objects that are passed to the Jinjava context through the application class loader...

6.5CVSS5.3AI score0.01814EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2021/02/19 11:15 p.m.44 views

CVE-2020-12668

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...

6.8CVSS0.01814EPSS
Exploits1References5
OSV
OSV
added 2021/02/19 11:15 p.m.18 views

CVE-2020-12668

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...

6.5CVSS7AI score0.01814EPSS
Exploits1References5
Prion
Prion
added 2021/02/19 11:15 p.m.25 views

Arbitrary file deletion

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...

6.8CVSS6.5AI score0.01814EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2021/02/19 10:33 p.m.119 views

CVE-2020-12668

This entry concerns Jinjava prior to version 2.5.4 where callers can trigger access to arbitrary Java classes by invoking methods on objects supplied in the Jinjava context. The underlying issue is misuse of the application class loader, enabling scenarios like Arbitrary File Disclosure. Public r...

6.8CVSS6.5AI score0.01814EPSS
Exploits1References5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/10 5:3 p.m.41 views

Security Bulletin:Security Vulnerability in IBM Java SDK for Quarterly CPU - April 2017 affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software (CVE-2017-3511)

Summary Security vulnerability in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM Rational Software Architect and Rational Software Architect for WebSphere Software..The CVE CVE-2017-3511 were disclosed as part of the IBM Java SDK updates in April 2017. Vulnerability...

7.7CVSS0.9AI score0.03937EPSS
Exploits2Affected Software3
RedHat Linux
RedHat Linux
added 2020/06/11 9:11 a.m.2 views

SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader

A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...

4.4CVSS5.8AI score0.00269EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/05/18 10:24 a.m.6 views

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

7.5CVSS6.8AI score0.28839EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/05/11 8:17 p.m.5 views

SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader

A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...

4.4CVSS5.8AI score0.00269EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/05/11 8:15 p.m.3 views

SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader

A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...

4.4CVSS5.8AI score0.00269EPSS
Exploits0References4
Snyk
Snyk
added 2020/05/11 11:42 a.m.6 views

Directory Traversal

Overview org.jooby:jooby is a modern, performant and easy to use web framework for Java and Kotlin built on top of your favorite web server. Affected versions of this package are vulnerable to Directory Traversal. There are two ways this vulnerability can be leveraged: When sharing a File System...

5.3CVSS7.5AI score0.01554EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/04/14 1:24 p.m.4 views

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

7.5CVSS6.8AI score0.28839EPSS
Exploits1References5
Snyk
Snyk
added 2020/04/09 11:33 a.m.4 views

Server-side Template Injection (SSTI)

Overview freemarker:freemarker is a FreeMarker is a "template engine"; a generic tool to generate text output based on templates. Affected versions of this package are vulnerable to Server-side Template Injection SSTI. By allowing user input into java.security.ProtectionDomain.getClassLoader,...

7.5CVSS7.6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2020/04/04 11:14 a.m.31 views

CVE-2019-12400

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

5.9CVSS1.4AI score0.00776EPSS
Exploits0References3
CNVD
CNVD
added 2020/04/03 12:0 a.m.3 views

Unspecified Vulnerability in codeBeamer

Intland Software codeBeamer ALM is an application lifecycle management platform from Intland Software, Germany. The platform supports application lifecycle management, requirements management, risk management and software development. A security vulnerability exists in codeBeamer versions prior t...

6.1CVSS7.3AI score0.00853EPSS
Exploits0References1
Rows per page
Query Builder