Design/Logic Flaw

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...

Vmware Spring Framework has an unspecified vulnerability

Vmware Spring Framework is an open source Java, JavaEE application framework from Vmware, Inc. The framework helps developers build high-quality applications.Vmware Spring Framework has a security vulnerability that can be exploited by attackers to bypass Spring Framework access restrictions...

CVE-2021-22060

CVE-2021-22060 affects Spring Framework (versions 5.3.0–5.3.13 and 5.2.0–5.2.18, plus older unsupported) where crafted input can cause insertion of extra log entries. It is a follow-up to CVE-2021-22096; the root cause is input handling in the framework that permits log entry insertion. Connected...

CVE-2021-22060

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...

CVE-2021-22060

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...

ai.superstream:kafka-clients (>=3.0.1 <=3.6.1-alpha1), ai.superstream:spring-kafka (>=2.8.4-alpha1 <=3.0.1-alpha1) +1387 more potentially affected by CVE-2021-22569 via com.google.protobuf:protobuf-java (>=3.19.0 <=3.19.1)

com.google.protobuf:protobuf-java MAVEN version =3.19.0, =3.0.1, =2.8.4-alpha1, =0.0.1-alpha1, =21.9.4, =21.9.4, =21.9.4, =21.9.4, =0.6.9-rc.2, =0.10.3, =0.10.3, =0.10.3, =0.10.3, =0.10.3, =0.10.3, =0.10.3, =0.10.4 and more Source cves: CVE-2021-22569 Source advisory: OSV:GHSA-WRVW-HG22-4M67...

Vmware Spring Framework 安全漏洞

Vmware Spring Framework is an open source Java, JavaEE application framework from Vmware, Inc. The framework helps developers build high-quality applications.Vmware Spring Framework has a security vulnerability that can be exploited by attackers to bypass Spring Framework access restrictions...

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.1 <=4.6.0.0), ai.apiverse:apipulse (>='1.0.3' <=1.0.20) +6029 more potentially affected by CVE-2021-44832 via org.apache.logging.log4j:log4j-core (>=2.13.0 <=2.17.0)

org.apache.logging.log4j:log4j-core MAVEN version =2.13.0, =4.4.0.1, ='1.0.3', =0.0.2, =0.0.14, =2.1.0, =3.32.1.7, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.5.2 and more Source cves: CVE-2021-44832 Source advisory: OSV:GHSA-8489-44MV-GGJ8...

VMware Spring Cloud Netflix Remote Code Execution (CVE-2021-22053)

A remote code execution vulnerability exists in VMware Spring Cloud Netflix. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j Spring vulnerable POC This is a POC for a simple spring...

CVE-2021-22096

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4shell-rmi-poc A Proof of Concept of the Log4j vulnerabilit...

Metasploit Wrap-Up

Log4Shell - Log4j HTTP Scanner Versions of Apache Log4j impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will scan an HTTP endpoint for the...

IBM Spectrum Copy Data Management Unauthorized Access Vulnerability

IBM Spectrum Copy Data Management, an IBM company that modernizes, streamlines, and automates data center copy management processes, has a security vulnerability that could be exploited by an attacker to gain unauthorized access to the Spring Boot console...

spring-web: (re)creating the temporary storage directory could result in a privilege escalation within WebFlux application

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...

Critical: Red Hat Security Advisory: Red Hat Fuse 7.10.0 release and security update

A minor version update from 7.9 to 7.10 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Simple Spring Boot application vulnerable to CVE-2021-44228 L...

CVE-2021-39052

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. IBM X-Force ID: 214523...

CVE-2021-39052

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. IBM X-Force ID: 214523...

Authorization

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. IBM X-Force ID: 214523...