2992 matches found
OPENSUSE-SU-2025:15175-1 apache-commons-beanutils-1.11.0-1.1 on GA media
These are all security issues fixed in the apache-commons-beanutils-1.11.0-1.1 package on the GA media of openSUSE Tumbleweed...
Apache Commons BeanUtils 1.x < 1.11.0, 2.0.0-M1 < 2.0.0-M2 Improper Access Control Vulnerability
The Apache Commons BeanUtils library is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...
Security Bulletin: IBM QRadar SIEM protocols are vulnerable to information exposure due to Apache Commons Net FTP client behavior (CVE-2021-37533)
Summary Apache Commons Net could allow an attacker to cause information exposure due to improper input validation in the FTP client component. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default....
GHSA-WXR5-93PH-8WR9 Apache Commons Improper Access Control vulnerability
Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...
Apache Commons Improper Access Control vulnerability
Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...
Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerability in Apache Commons BCEL
Summary SPSS Collaboration and Deployment Services is affected by vulnerability in Apache Commons BCEL. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2022-42920 DESCRIPTION: Apache Commons BCEL could allow a remote attacker to bypass security restrictions,...
DEBIAN-CVE-2025-48734
Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...
CVE-2025-48734
Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...
CVE-2025-48734
Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...
CVE-2025-48734 Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...
CVE-2025-48734
The CVE-2025-48734 entry describes an Improper Access Control in Apache Commons BeanUtils. A BeanIntrospector was added (default-off in older behavior) to suppress the enum-declaredClass property access that could reveal a ClassLoader when external property paths are passed to PropertyUtilsBean.g...
CVE-2025-48734 Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...
CVE-2025-48734
Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...
Apache Commons 访问控制错误漏洞
Apache Commons is an Apache project of the Apache USA Foundation that focuses on various aspects of reusable Java components. An Access Control Error vulnerability exists in Apache Commons that stems from improper access control and could allow an attacker to access the class loader via the...
PT-2025-23085
Name of the Vulnerable Software and Affected Versions Apache Commons BeanUtils versions 1.x before 1.11.0 Apache Commons BeanUtils versions 2.x before 2.0.0-M2 Description The issue is related to improper access control in Apache Commons BeanUtils, where an attacker can access the enum's class...
Apache Commons Configuration 1.x DoS Vulnerability
The Apache Commons Configuration library is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...
CVE-2019-13116
The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections...
CVE-2018-17201
Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan incubating was renamed to Apache Commons Imaging...
CVE-2016-1487
Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization...
CVE-2015-8765
Intel McAfee ePolicy Orchestrator ePO 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a crafted serialized Java object, related to the Apache Commons Collections ACC library...