Lucene search
K

89 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.5 views

SUSE CVE-2021-28834

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated...

9.8CVSS9.3AI score0.02805EPSS
Exploits1References4
OSV
OSV
added 2023/01/03 6:15 p.m.35 views

CVE-2021-32824

Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic methods t...

9.8CVSS9.8AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/10/06 12:26 p.m.2 views

jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based o...

9.8CVSS7.7AI score0.0301EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/07/28 12:0 a.m.9 views

Apache Calcite 安全漏洞

Apache Calcite is an open source framework from the US Apache Apache Foundation for building databases and data management systems. A code injection vulnerability exists in the Apache Calcite Avatica JDBC driver, which stems from the fact that classes are not verified to implement the expected...

8.8CVSS6.9AI score0.02276EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/07/21 12:0 a.m.5 views

PT-2022-4408 · Apache · Apache Calcite Avatica Jdbc Driver

Name of the Vulnerable Software and Affected Versions: Apache Calcite Avatica JDBC driver versions prior to 1.22.0 Description: The issue is related to the creation of HTTP client instances based on class names provided via the httpclient impl connection property. The driver does not verify if th...

10CVSS8.3AI score0.02276EPSS
Exploits0References14
OSV
OSV
added 2022/06/27 9:15 p.m.2 views

DEBIAN-CVE-2022-31084

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. This can lead to cod...

8.1CVSS8.9AI score0.02346EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/06/27 12:0 a.m.3 views

PT-2022-3277 · Unknown · Ldap Account Manager

Name of the Vulnerable Software and Affected Versions: LDAP Account Manager versions prior to 8.0 Description: The issue is related to the instantiation of objects from arbitrary classes in LDAP Account Manager, allowing an attacker to inject the first constructor argument. This can lead to code...

9.3CVSS6.7AI score0.02346EPSS
Exploits2References31
OSV
OSV
added 2022/02/26 11:3 a.m.3 views

OESA-2022-1535 postgresql-jdbc security update

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. Is an open source JDBC driver written in Pure Java Type 4, and communicates in the PostgreSQL native network protocol. Security Fixes: pgjdbc is the...

9.8CVSS7.6AI score0.0301EPSS
Exploits1References2
OSV
OSV
added 2022/02/18 6:15 p.m.6 views

CVE-2022-0138

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created...

7.5CVSS5.9AI score0.00986EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/05/28 11:5 p.m.34 views

CVE-2021-32647 Post-authentication Remote Code Execution (RCE) in emissary:emissary

Emissary is a P2P based data-driven workflow engine. Affected versions of Emissary are vulnerable to post-authentication Remote Code Execution RCE. The CreatePlace REST endpoint accepts an sppClassName parameter which is used to load an arbitrary class. This class is later instantiated using a...

8CVSS9.7AI score0.0285EPSS
Exploits1References2
Prion
Prion
added 2021/03/19 7:15 a.m.15 views

Design/Logic Flaw

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated...

6.8CVSS9.3AI score0.02805EPSS
Exploits1References7Affected Software3
OSV
OSV
added 2021/03/19 7:15 a.m.9 views

UBUNTU-CVE-2021-28834

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated...

9.8CVSS5.9AI score0.02805EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2021/03/14 12:0 a.m.4 views

PT-2021-5816

Name of the Vulnerable Software and Affected Versions Kramdown versions prior to 2.3.1 Description The issue is related to the lack of restriction of Rouge formatters to the Rouge::Formatters namespace, allowing arbitrary classes to be instantiated. This could potentially enable a remote attacker...

9.8CVSS7.4AI score0.0456EPSS
Exploits1References43
Cvelist
Cvelist
added 2021/02/19 10:33 p.m.34 views

CVE-2020-12668

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...

6.5AI score0.01814EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2018/10/19 4:51 p.m.29 views

High severity vulnerability that affects org.scala-lang:scala-compiler

The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/$USER:shared/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges...

7.8CVSS4.4AI score0.00375EPSS
Exploits1References21Affected Software1
NVD
NVD
added 2018/06/11 5:29 p.m.20 views

CVE-2017-3202

The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability...

9.8CVSS9.5AI score0.0821EPSS
Exploits2References4
OSV
OSV
added 2018/06/11 5:29 p.m.6 views

CVE-2017-3202

The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability...

9.8CVSS6.3AI score0.0821EPSS
Exploits2References4
NVD
NVD
added 2018/06/11 5:29 p.m.42 views

CVE-2017-3200

The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.G, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availabili...

8.1CVSS8.2AI score0.06148EPSS
Exploits2References4
CVE
CVE
added 2018/06/11 5:0 p.m.67 views

CVE-2017-3200

CVE-2017-3200 concerns GraniteDS’s AMF3 deserializers. The Java AMF3 implementation in GraniteDS 3.1.1.GA can instantiate arbitrary classes via public no-arg constructors and invoke JavaBeans setters during deserialization, enabling remote attackers to execute arbitrary code if affected classes a...

8.1CVSS8.2AI score0.06148EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2018/06/11 5:0 p.m.33 views

CVE-2017-3202 The implementation of Action Message Format (AMF3) deserializers in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes due to improper code control

The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability...

9.6AI score0.0821EPSS
Exploits2References4
Rows per page
Query Builder