65 matches found
UBUNTU-CVE-2020-14781
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
The vulnerability of the oadd.org.apache.xalan.lib.sql.JNDIConnectionPool component in the Jackson-databind library of the FasterXML project allows a hacker to execute arbitrary code.
The vulnerability of the oadd.org.apache.xalan.lib.sql.JNDIConnectionPool component in the Jackson-databind library of the FasterXML project is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
jackson-databind: Lacks certain xbean-reflect/JNDI blocking
A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A "gadget" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabili...
Spring Boot Actuator Module Command Execution Vulnerability
Spring Boot Acuatorr can help you monitor and manage your Spring Boot applications, such as health checks, auditing, statistics and HTTP tracing. A command execution vulnerability exists in the Spring Boot Actuator module. The vulnerability is realized by using JNDI through Spring Boot Actuator's...
OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...
OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...
OpenJDK: unbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker wit...
OpenJDK: unbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker wit...
OpenJDK: unbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker wit...
OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606)
It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data...
OpenJDK: unbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker wit...
The vulnerability of the JNDI component of the Oracle WebLogic Server application server allows a hacker to gain control over the application server.
The vulnerability of the JNDI component of the Oracle WebLogic Server application server is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain control over the Oracle WebLogic Server application server through HTTP requests...
tomcat: unrestricted access to global resources
It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not...
OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)
It was discovered that the JNDI component in OpenJDK did not handle DNS resolution errors correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution...
OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)
It was discovered that the JNDI component in OpenJDK did not handle DNS resolution errors correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution...
OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)
It was discovered that the JNDI component in OpenJDK did not handle DNS resolution errors correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution...
OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731)
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI...
OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731)
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI...
UBUNTU-CVE-2014-0460
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI...
OpenJDK: VersionHelper12 does not honor modifyThreadGroup restriction (JNDI, 8013739)
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI...