139 matches found
CVE-2019-7233
In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer dereference...
CVE-2017-2594
hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root...
CVE-2017-2594
hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root...
CVE-2017-2594
CVE-2017-2594 is a path-traversal vulnerability in hawtio prior to versions 2.0-beta-1, 2.0-beta-2, 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 that can lead to a NullPointerException with a full stacktrace. The flaw allows an attacker to access sensitive information from hawtio’s root by exploiting improper...
CVE-2017-2594
hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root...
CVE-2017-1000360
StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0...
CVE-2017-1000360
StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0...
CVE-2017-1000360
StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0...
CVE-2017-2594
It was found that a path traversal vulnerability in hawtio leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root...
java-1_6_0-openjdk: icedtea-web update to 1.11.4 (bnc#) (critical)
The icedtea-web Java plugin was updated to 1.11.4 to fix critical security issues: Security fixes - S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder - S7163201, CVE-2012-0547: Simplify toolkit internals references OpenJDK - S7182135: Impossible to use some editors directly -...
IBM WebSphere Application Server 6.1 < 6.1.0.33 Multiple Vulnerabilities
IBM WebSphere Application Server 6.1 before Fix Pack 33 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - An unspecified cross-site scripting vulnerability exists in the Administration Console. PM09250, PM11778 - An unspecified error exis...
NullPointerException when there are no cookies and AccessLogRequestInfo is enabled
When using the filter-list and project-list plugins I ran into an issue where NullPointerExceptions were being thrown. I turned out the issue is in AccessLogRequestInfo when the Cookie header doesn't exists. The line that causes the exception is a log.debug line. I am including a patch that check...
NullPointerException when there are no cookies and AccessLogRequestInfo is enabled
When using the filter-list and project-list plugins I ran into an issue where NullPointerExceptions were being thrown. I turned out the issue is in AccessLogRequestInfo when the Cookie header doesn't exists. The line that causes the exception is a log.debug line. I am including a patch that check...
NullPointerException when there are no cookies and AccessLogRequestInfo is enabled
When using the filter-list and project-list plugins I ran into an issue where NullPointerExceptions were being thrown. I turned out the issue is in AccessLogRequestInfo when the Cookie header doesn't exists. The line that causes the exception is a log.debug line. I am including a patch that check...
NullPointerException when Switching between Projects or Boards
In my case, the WEB-INF/classes/log4j.properties included has these loggers turned off, but they still seem to run. I am including a patch that ignores the NullPointerException following the pattern of ignoring the ClassNotFoundException. Details below taken from:...
CVE-2010-2328
The HTTP Channel in IBM WebSphere Application Server WAS 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service NullPointerException via a large amount of chunked data that uses gzip compression...
Design/Logic Flaw
Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service NullPointerException in the Jemmy library via unknown vectors...
CVE-2009-2720
Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service NullPointerException in the Jemmy library via unknown vectors...
CVE-2009-2719
The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service NullPointerException via a crafted .jnlp file, as demonstrated by the jnlpfile/appletDesc/index.htmlmisc test in the Technology Compatibility Kit TCK for the Java...
CVE-2009-2720
Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service NullPointerException in the Jemmy library via unknown vectors...