Lucene search
K

332 matches found

RedHat Linux
RedHat Linux
added 2020/08/17 1:28 p.m.2 views

wildfly: unsafe deserialization in Wildfly Enterprise Java Beans

A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...

7.5CVSS5.8AI score0.0172EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/17 1:25 p.m.2 views

wildfly: unsafe deserialization in Wildfly Enterprise Java Beans

A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...

7.5CVSS5.8AI score0.0172EPSS
Exploits0References4
Prion
Prion
added 2020/07/24 4:15 p.m.31 views

Sql injection

A vulnerability was found in Wildfly's Enterprise Java Beans EJB versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft...

4CVSS7.4AI score0.01203EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2020/07/24 12:0 a.m.42 views

CVE-2020-14307

A vulnerability was found in Wildfly's Enterprise Java Beans EJB versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft...

6.5CVSS7.5AI score0.01203EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/07/24 12:0 a.m.4 views

PT-2020-13968 · Red Hat · Red Hat Jboss Eap

Name of the Vulnerable Software and Affected Versions: Red Hat JBoss EAP 7 Description: A flaw was found in Wildfly's Enterprise Java Beans EJB where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received. This allows an attacker to craft a denial ...

6.5CVSS6.4AI score0.01203EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/07/23 8:37 p.m.5 views

wildfly: unsafe deserialization in Wildfly Enterprise Java Beans

A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...

7.5CVSS5.8AI score0.0172EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/23 8:37 p.m.3 views

wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service

A vulnerability was found in Wildfly's Enterprise Java Beans EJB, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the...

6.5CVSS5.8AI score0.01203EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/23 8:37 p.m.4 views

wildfly: Some EJB transaction objects may get accumulated causing Denial of Service

A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system...

6.5CVSS5.7AI score0.01203EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/23 8:33 p.m.3 views

wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service

A vulnerability was found in Wildfly's Enterprise Java Beans EJB, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the...

6.5CVSS5.8AI score0.01203EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/23 8:20 p.m.2 views

wildfly: unsafe deserialization in Wildfly Enterprise Java Beans

A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...

7.5CVSS5.8AI score0.0172EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/23 8:20 p.m.3 views

wildfly: unsafe deserialization in Wildfly Enterprise Java Beans

A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...

7.5CVSS5.8AI score0.0172EPSS
Exploits0References4
Gitee
Gitee
added 2020/07/17 1:21 a.m.4 views

ysoserial

This is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, called ysoserial, is a collection of utilities and property-oriented programming "gadget chains" discovered in common Java libraries that can, under the right conditions, exploit Jav...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2020/06/22 12:0 a.m.3 views

PT-2020-12305 · Red Hat · Wildfly

Name of the Vulnerable Software and Affected Versions: Wildfly versions prior to 20.0.0.Final Description: A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in Wildfly. This issue allows for a potential attack...

7.5CVSS6.8AI score0.0172EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2020/06/22 12:0 a.m.32 views

CVE-2020-10740

A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application BeansEJB due to lack of validation/filtering capabilities in wildfly. Recent assessments: space-r7 at July 17, 2020 2:11pm UTC reported: Versions o...

7.5CVSS4.4AI score0.0172EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2020/06/15 6:51 p.m.7 views

ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0), ai.platon.pulsar:pulsar-agentic (>=4.5.0 <=4.6.0) +5848 more potentially affected by CVE-2012-0881 via xerces:xercesImpl (>=2.10.0 <=2.11.0)

xerces:xercesImpl MAVEN version =2.10.0, =1.0.0, =4.5.0, =4.7.11, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =0.2, =5.0.9, =5.1.3 and more Source cves: CVE-2012-0881 Source advisory: OSV:GHSA-VMQM-G3VH-847M...

7.8CVSS7.1AI score0.17461EPSS
Exploits0
CNVD
CNVD
added 2020/05/15 12:0 a.m.1 views

Command Execution Vulnerability in Fastjson

Fastjson is an open source JSON parsing library , it can parse JSON format strings , support for Java Bean serialized to JSON strings , you can also deserialize from JSON strings to JavaBean. Fastjson has a command execution vulnerability that can be exploited by an attacker to gain server...

7.5AI score
Exploits0
CNVD
CNVD
added 2020/04/08 12:0 a.m.2 views

PrimeKey Solutions EJBCA Cross-Site Scripting Vulnerability

PrimeKey Solutions EJBCA is a software public key infrastructure certificate authority package from PrimeKey Solutions, Sweden. A cross-site scripting vulnerability exists in PrimeKey Solutions EJBCA, which can be exploited by an attacker to compromise integrity...

6.1CVSS6.2AI score0.00393EPSS
Exploits0References1
Gitee
Gitee
added 2020/02/05 11:7 a.m.3 views

ysoserial

This is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, ysoserial, is a collection of utilities and property-oriented programming "gadget chains" discovered in common Java libraries that can, under the right conditions, exploit Java...

7.2AI score
Exploits0
Veracode
Veracode
added 2019/05/02 5:13 a.m.31 views

Sandbox Protection Bypass

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause t...

10CVSS5.5AI score0.07224EPSS
Exploits1References39Affected Software4
Veracode
Veracode
added 2019/05/02 4:56 a.m.27 views

XML External Entity (XXE)

java is vulnerable to XML External Entity XXE. The vulnerability exists through Beans...

5.5CVSS5.3AI score0.03616EPSS
Exploits0References38Affected Software3
Rows per page
Query Builder