332 matches found
wildfly: unsafe deserialization in Wildfly Enterprise Java Beans
A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...
wildfly: unsafe deserialization in Wildfly Enterprise Java Beans
A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...
Sql injection
A vulnerability was found in Wildfly's Enterprise Java Beans EJB versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft...
CVE-2020-14307
A vulnerability was found in Wildfly's Enterprise Java Beans EJB versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft...
PT-2020-13968 · Red Hat · Red Hat Jboss Eap
Name of the Vulnerable Software and Affected Versions: Red Hat JBoss EAP 7 Description: A flaw was found in Wildfly's Enterprise Java Beans EJB where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received. This allows an attacker to craft a denial ...
wildfly: unsafe deserialization in Wildfly Enterprise Java Beans
A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...
wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service
A vulnerability was found in Wildfly's Enterprise Java Beans EJB, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the...
wildfly: Some EJB transaction objects may get accumulated causing Denial of Service
A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system...
wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service
A vulnerability was found in Wildfly's Enterprise Java Beans EJB, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the...
wildfly: unsafe deserialization in Wildfly Enterprise Java Beans
A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...
wildfly: unsafe deserialization in Wildfly Enterprise Java Beans
A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...
ysoserial
This is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, called ysoserial, is a collection of utilities and property-oriented programming "gadget chains" discovered in common Java libraries that can, under the right conditions, exploit Jav...
PT-2020-12305 · Red Hat · Wildfly
Name of the Vulnerable Software and Affected Versions: Wildfly versions prior to 20.0.0.Final Description: A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in Wildfly. This issue allows for a potential attack...
CVE-2020-10740
A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application BeansEJB due to lack of validation/filtering capabilities in wildfly. Recent assessments: space-r7 at July 17, 2020 2:11pm UTC reported: Versions o...
ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0), ai.platon.pulsar:pulsar-agentic (>=4.5.0 <=4.6.0) +5848 more potentially affected by CVE-2012-0881 via xerces:xercesImpl (>=2.10.0 <=2.11.0)
xerces:xercesImpl MAVEN version =2.10.0, =1.0.0, =4.5.0, =4.7.11, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =0.2, =5.0.9, =5.1.3 and more Source cves: CVE-2012-0881 Source advisory: OSV:GHSA-VMQM-G3VH-847M...
Command Execution Vulnerability in Fastjson
Fastjson is an open source JSON parsing library , it can parse JSON format strings , support for Java Bean serialized to JSON strings , you can also deserialize from JSON strings to JavaBean. Fastjson has a command execution vulnerability that can be exploited by an attacker to gain server...
PrimeKey Solutions EJBCA Cross-Site Scripting Vulnerability
PrimeKey Solutions EJBCA is a software public key infrastructure certificate authority package from PrimeKey Solutions, Sweden. A cross-site scripting vulnerability exists in PrimeKey Solutions EJBCA, which can be exploited by an attacker to compromise integrity...
ysoserial
This is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, ysoserial, is a collection of utilities and property-oriented programming "gadget chains" discovered in common Java libraries that can, under the right conditions, exploit Java...
Sandbox Protection Bypass
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause t...
XML External Entity (XXE)
java is vulnerable to XML External Entity XXE. The vulnerability exists through Beans...