Lucene search
K

215 matches found

OSV
OSV
added 2020/04/02 4:15 p.m.5 views

CVE-2019-20635

codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields...

6.1CVSS6.5AI score0.00853EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/04/02 3:4 p.m.25 views

CVE-2019-20635

codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields...

6.5AI score0.00853EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/03/12 5:5 p.m.6 views

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

7.5CVSS6.8AI score0.28839EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/02/13 3:0 p.m.6 views

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

7.5CVSS6.8AI score0.28839EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/05 12:53 a.m.32 views

Security Bulletin: Vulnerability in Apache Commons BeanUtils Affects IBM Sterling B2B Integrator (CVE-2014-0114)

Summary Apache Commons BeanUtils with Struts 1 does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter. Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts could allow a remote attacke...

7.5CVSS2.7AI score0.96121EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/05 12:9 a.m.36 views

Security Bulletin: ClassLoader manipulation with Apache Struts affecting Rational Application Developer (CVE-2014-0114)

Summary There is a ClassLoader manipulation vulnerability in Apache Struts that is bundled by IBM Rational Application Developer for WebSphere Software. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more...

7.5CVSS0.1AI score0.96121EPSS
Exploits4Affected Software2
OSV
OSV
added 2019/10/24 3:15 p.m.4 views

CVE-2019-12017

A remote code execution vulnerability exists in MapR CLDB code, specifically in the JSON framework that is used in the CLDB code that handles login and ticket issuance. An attacker can use the 'class' property of the JSON request sent to the CLDB to influence the JSON library's decision on which...

9.8CVSS6.5AI score0.02942EPSS
Exploits0References1
Prion
Prion
added 2019/08/23 9:15 p.m.26 views

Code injection

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

1.9CVSS7.2AI score0.00776EPSS
Exploits0References14Affected Software3
Debian CVE
Debian CVE
added 2019/08/23 8:30 p.m.25 views

CVE-2019-12400

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

5.5CVSS6.6AI score0.00776EPSS
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2019/02/12 12:0 a.m.181 views

Security update for java-11-openjdk (important)

openSUSE Security Update: Security update for java-11-openjdk Announcement ID: openSUSE-SU-2019:0161-1 Rating: important References: 1120431 1122293 1122299 Cross-References: CVE-2018-11212 CVE-2019-2422 CVE-2019-2426 Affected Products: openSUSE Leap 15.0 An update that fixes three vulnerabilitie...

6.5CVSS8.3AI score0.05074EPSS
Exploits1References3
Veracode
Veracode
added 2019/01/15 8:52 a.m.27 views

Information Disclosure

IcedTea-Web plug-in is vulnerable to information disclosure. The application incorrectly uses the same class loader instance for applets with the same value of the codebase attribute even if they originated from different domains. An attacker is able to create a malicious applet to exploit the...

5.8CVSS5.4AI score0.01865EPSS
Exploits0References24Affected Software1
RedHat Linux
RedHat Linux
added 2018/09/11 7:53 a.m.6 views

1: Class Loader manipulation via request parameters

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...

7.5CVSS7.1AI score0.96121EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2018/09/10 12:0 a.m.66 views

Apache Struts 2.x < 2.3.16.2 Multiple Vulnerabilities (S2-020)

The version of Apache Struts running on the remote host is 2.x prior to 2.3.16.2. It, therefore, is affected by multiple vulnerabilities: - A denial of service vulnerability exists in MultipartStrea.java in Apache Commons FileUpload due to failure to handle exceptional conditions. A remote,...

7.5CVSS7.2AI score0.99614EPSS
Exploits15References4
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 4:54 a.m.32 views

Security Bulletin: Rational Insight - Apache Struts used by WebSphere Application Server 6.1 and 7 (CVE-2014-0114)

Summary There is a classloader manipulation vulnerability in the Apache Struts that is used by the IBM WebSphere Application Server 6.1 and 7.0. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more informatio...

7.5CVSS0.8AI score0.96121EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:0 a.m.53 views

Security Bulletin: Class loader manipulation vulnerability in IBM WebSphere Application Server that shipped with WebSphere Enterprise Service Bus Registry Edition (CVE-2014-0114)

Summary A class loader manipulation vulnerability exists in the Apache Struts 1, which is used by IBM WebSphere Application Server and is provided with WebSphere Enterprise Service Bus Registry Edition Vulnerability Details This security vulnerability is fixed with available interim fixes and are...

7.5CVSS2.3AI score0.96121EPSS
Exploits4Affected Software1
Veracode
Veracode
added 2017/08/23 8:54 a.m.11 views

Hijacking Autoloader

symfony/class-loader is susceptible to the hijacking of the autoloader. The vulnerability exists because it does not prevent the ability to access the loader instance, resulting in the auto-outputting or revealing unwanted information...

6.6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2016/11/07 1:27 p.m.6 views

OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)

A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...

4.3CVSS7.3AI score0.03097EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2016/05/02 12:0 a.m.136 views

Oracle Java SE Hotspot JSR 292 Method Handles RCE

The version of Oracle Java SE or Java for Business installed on the remote host is affected by an arbitrary code execution vulnerability in the Hotspot subcomponent due to an unsafe implementation of the Reflection API, which improperly processes JSR 292 method handles due to a lack of enforcemen...

9.3CVSS8.5AI score0.05765EPSS
Exploits0References3
ArchLinux
ArchLinux
added 2016/04/01 12:0 a.m.54 views

jre7-openjdk-headless: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

9.3CVSS2.8AI score0.05765EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2016/04/01 12:0 a.m.61 views

jdk7-openjdk: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

9.3CVSS2.8AI score0.05765EPSS
Exploits0References2
Rows per page
Query Builder