18 matches found
Oracle WebLogic Server (April 2025 CPU)
The 12.2.1.4.0 and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by a vulnerability as referenced in the April 2025 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Centralized Thirdparty Jars Apache...
Security Bulletin: IBM Match 360 is affected due to a denial of service due to vulnerability in Apache Velocity Engine [CVE-2020-13936]
Summary An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : Velocity Engine vulnerability (USN-6281-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6281-1 advisory. Alvaro Munoz discovered that Velocity Engine incorrectly handled certain inputs. If a user or an automated system were tricked into openin...
Oracle Primavera Unifier (Oct 2022 CPU)
The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Document Management Apache Solr. Supported...
Sandbox Bypass in Apache Velocity Engine
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache...
GHSA-59J4-WJWP-MW9M Sandbox Bypass in Apache Velocity Engine
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache...
Huawei EulerOS: Security Advisory for velocity (EulerOS-SA-2021-2437)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for velocity (EulerOS-SA-2021-2233)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2 : velocity (ALAS-2021-1690)
The version of velocity installed on the remote host is prior to 1.7-10.2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1690 advisory. A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary...
EulerOS 2.0 SP8 : velocity (EulerOS-SA-2021-1990)
According to the version of the velocity package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as...
EulerOS 2.0 SP3 : velocity (EulerOS-SA-2021-1858)
According to the version of the velocity package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as...
MGASA-2021-0183 Updated velocity packages fix security vulnerability
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache...
CVE-2020-13936
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache...
CVE-2020-13936
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache...
Default credentials
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache...
CVE-2020-13936
CVE-2020-13936 affects Apache Velocity, where modifying Velocity templates can bypass the sandbox and allow remote code execution with the container’s privileges. Engine versions affected include up to 2.2; IBM and related advisories flag this as a Velocity sandbox bypass leading to arbitrary cod...
CVE-2020-13936
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache...
CVE-2020-13936 Velocity Sandbox Bypass
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache...