Lucene search
K

291 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 5:3 p.m.4 views

Security Bulletin: Vulnerabilities in Spring Security, Handlebars, Apache MINA and Apache Tomcat might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Security, Handlebars, Apache MINA and Apache Tomcat. Vulnerabilities include an authorization bypass, providing the power necessary to let users build semantic templates, allowing arbitrary code to be...

9.8CVSS6.5AI score0.0178EPSS
Exploits5Affected Software1
Ubuntu
Ubuntu
added 2026/06/23 3:35 p.m.10 views

USN-8465-1: Apache MINA vulnerabilities

It was discovered that Apache MINA lacked an acceptMatchers allowlist mechanism to restrict which classes could be deserialized. An attacker could use this to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2024-52046 It was discovered that Apache MINA'...

10CVSS7.4AI score0.23932EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/06/08 5:34 p.m.11 views

CVE-2026-48827

A flaw was found in Apache MINA SSHD bundle sshd-git. This path traversal vulnerability allows authenticated users to access Git repositories located outside the intended server root directory. The lack of proper path validation during Git operations, such as git-upload-pack and git-receive-pack,...

7.1CVSS5.5AI score0.00527EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-42779

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass...

9.8CVSS6.8AI score0.00902EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-42778

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: The fix for CVE-2024-52046 in Apache MINA...

10CVSS7AI score0.23932EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/06/03 12:25 p.m.9 views

au.com.versent.jenkins.plugins:ignore-committer-strategy (>=37.v0d3157c4a_ef8 <=57.v0756db_b_f6926), be.mogo.iam:mogo-provisioning (>=1.0.1.RELEASE <=1.1.7.RELEASE) +1174 more potentially affected by CVE-2026-47065 via org.apache.mina:mina-core (>=2.0.0-M1 <=2.0.28)

org.apache.mina:mina-core MAVEN version =2.0.0-M1, =37.v0d3157c4aef8, =1.0.1.RELEASE, =1.1.8.RELEASE, =1.1.5.RELEASE, =2.7.4.0, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.0.2.RELEASE, =1.0.3.RELEASE - cn.javaboot:nacos-address =1.4.1 - cn.javaboot:nacos-console =1.4.1 -...

9.8CVSS5.4AI score0.00468EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/03 9:39 a.m.11 views

CVE-2026-47065 Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS5.8AI score0.00468EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 9:39 a.m.149 views

CVE-2026-47065

CVE-2026-47065 (Apache MINA context) describes two deserialization bypass issues: first, resolveProxyClass bypasses the accept/allow-list when JDK resolves proxy interfaces from a serialized proxy via ObjectInputStream.readProxyDesc(), and second, readClassDescriptor triggers static initializers ...

9.8CVSS5.8AI score0.00468EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/03 9:39 a.m.2 views

CVE-2026-47065 Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS5.9AI score0.00468EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/03 9:39 a.m.42 views

CVE-2026-47065 Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS0.00468EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.9 views

Apache MINA 代码问题漏洞

Apache MINA is a web application framework developed by the Apache Foundation in the United States. This product is primarily used for developing high-performance and highly scalable web applications. Apache MINA has code vulnerabilities that arise from issues with the resolveProxyClass method no...

9.8CVSS5.6AI score0.00468EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/02 1:37 a.m.13 views

SUSE CVE-2026-48827

Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applications are affected if th...

6.5CVSS5.8AI score0.00527EPSS
Exploits0References4
NVD
NVD
added 2026/06/01 9:16 a.m.17 views

CVE-2026-48827

Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applications are affected if th...

7.1CVSS0.00527EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/01 8:37 a.m.12 views

CVE-2026-48827 Apache MINA SSHD: Path traversal in org.apache.sshd:sshd-git

Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applications are affected if th...

7.1CVSS5.8AI score0.00527EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 8:37 a.m.8 views

CVE-2026-48827

Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applications are affected if th...

7.1CVSS5.8AI score0.00527EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/01 8:37 a.m.48 views

CVE-2026-48827

This CVE (CVE-2026-48827) affects Apache MINA SSHD when used as the sshd-git bundle. The vulnerability is a path traversal caused by missing path validation in git-upload-pack, git-receive-pack, and other git operations, allowing SSH-authenticated users to access repositories outside the configur...

7.1CVSS5.8AI score0.00527EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/01 8:37 a.m.4 views

CVE-2026-48827 Apache MINA SSHD: Path traversal in org.apache.sshd:sshd-git

Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applications are affected if th...

7.1CVSS6AI score0.00527EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/01 8:37 a.m.36 views

CVE-2026-48827 Apache MINA SSHD: Path traversal in org.apache.sshd:sshd-git

Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applications are affected if th...

7.1CVSS0.00527EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 8:37 a.m.15 views

EUVD-2026-33606

Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applications are affected if th...

7.1CVSS5.8AI score0.00527EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

Apache MINA SSHD 安全漏洞

Apache MINA SSHD is a pure Java library from the Apache Foundation that supports the SSH protocol on both the client and server sides. Apache MINA SSHD has a security vulnerability caused by path traversal, which may allow authenticated users to access git repositories outside of the configured g...

7.1CVSS5.4AI score0.00527EPSS
Exploits0References2
Rows per page
Query Builder