Eclipse Mojarra - Local File Read

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. id: CVE-2020-6950 info: name: Eclipse Mojarra - Local File Read author: iamnoooob,pdresearch severity: medium description: | Directory traversal in Eclipse Mojarra...

Unity Linux 20.1070e Security Update: mojarra (UTSA-2026-016756)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016756 advisory. Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. Tenable has extracted the...

EUVD-2010-3983

Malware in sbrugna...

EUVD-2010-2104

Malware in sbrugna...

EUVD-2012-2654

Malware in sbrugna...

EUVD-2022-2283

Malicious code in bioql PyPI...

EUVD-2022-2207

Malicious code in bioql PyPI...

EUVD-2022-5190

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2010-2087

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Oracle Mojarra 1.214 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view...

Linux Distros Unpatched Vulnerability : CVE-2018-14371

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker...

CVE-2019-17091

faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled...

CVE-2010-4007

Oracle Mojarra uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057...

Ivanti Avalanche Faces ResourceManager Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Faces Mojarra component. The issue results from the use of a vulnerable...

The vulnerability of the Faces Mojarra component in the Ivanti Avalanche mobile device management system allows a hacker to disclose protected information.

The vulnerability of the Faces Mojarra component in the Ivanti Avalanche mobile device management system is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

Ivanti Avalanche Faces ResourceManager Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Faces Mojarra component. The issue results from the use of a vulnerable...

PT-2024-6875

Name of the Vulnerable Software and Affected Versions Ivanti Avalanche versions prior to 6.4.5 Description The issue is a path traversal affecting the Faces Mojarra component within Ivanti Avalanche. This allows a remote, unauthenticated attacker to potentially reveal sensitive information. The...

The vulnerability of the getLocalePrefix function in ResourceManager.java of the Eclipse Mojarra library, as a implementation of EE4J Eclipse for the Jakarta Faces specification, allows an attacker to gain unauthorized access to protected information.

The vulnerability of the getLocalePrefix function in the ResourceManager.java file of the Eclipse Mojarra library, as a implementation of EE4J Eclipse for the Jakarta Faces specification, is related to an incorrect restriction on the path name to the restricted directory. Exploiting this...

K000134517: Eclipse vulnerability CVE-2020-6950

Security Advisory Description Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. CVE-2020-6950 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

GHSA-RJHX-C9QH-QH8F Cross-site Scripting in Eclipse Mojarra

faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces, allows Reflected XSS because a client window field is mishandled...

Cross-site Scripting in Eclipse Mojarra

faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces, allows Reflected XSS because a client window field is mishandled...