CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

345 matches found

RedHat Linux•added 2019/12/18 3:32 p.m.•5 views

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

7.5CVSS6.8AI score0.01215EPSS

Exploits1References5

IBM Security Bulletins•added 2019/11/01 9:53 p.m.•47 views

Security Bulletin: A vulnerability in Apache Commons BeanUtils affects IBM InfoSphere Information Server

Summary A vulnerability in Apache Commons BeanUtils was addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Cla...

7.5CVSS1.1AI score0.92332EPSS

Exploits4Affected Software1

RedHat Linux•added 2019/10/10 7:20 a.m.•1 views

1: Class Loader manipulation via request parameters

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...

7.5CVSS7.7AI score0.92332EPSS

Exploits4References4

NVD•added 2019/10/03 2:15 p.m.•22 views

CVE-2019-3834

It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 JON. This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3...

7.3CVSS6.7AI score0.0033EPSS

Exploits0References1

OSV•added 2019/10/03 2:15 p.m.•2 views

CVE-2019-3834

7.3CVSS6.7AI score0.0033EPSS

Exploits0References1

Cvelist•added 2019/10/03 1:31 p.m.•24 views

CVE-2019-3834

5.6CVSS8.2AI score0.0033EPSS

Exploits0References1

CVE•added 2019/10/03 1:31 p.m.•72 views

CVE-2019-3834

Technical details for CVE-2019-3834 are not publicly provided in the supplied documents. No affected products, impact, or fixes are explicitly detailed here. Monitor for updates in connected sources.

7.3CVSS7.9AI score0.0033EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2019/10/02 8:20 p.m.•56 views

CVE-2019-3834

7.5CVSS8.5AI score0.92332EPSS

Exploits4References3

Atlassian•added 2019/10/01 12:46 a.m.•24 views

commons-beanutils - Authorization Bypass in confserver/confluence-frontend-plugins (master)

h1. Authorization Bypass in confserver/confluence-frontend-plugins master| h4. Issue Details Vulnerability: Authorization Bypass Severity: color:f9423aHighcolor Project: confserver/confluence-frontend-plugins Branch: master Scan Date: Unknown h4. Issue Description commons-beanutils2 is vulnerable...

1.4AI score

Exploits0Affected Software1

OSV•added 2019/09/02 6:18 p.m.•3 views

OPENSUSE-SU-2019:2058-1 Security update for apache-commons-beanutils

This update for apache-commons-beanutils fixes the following issues: Security issue fixed: - CVE-2019-10086: Added special BeanIntrospector class which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects bsc1146657. This...

7.5CVSS7.4AI score0.01215EPSS

Exploits1References3

OPENSUSE Linux•added 2019/09/02 12:0 a.m.•205 views

Security update for apache-commons-beanutils (important)

openSUSE Security Update: Security update for apache-commons-beanutils Announcement ID: openSUSE-SU-2019:2058-1 Rating: important References: 1146657 Cross-References: CVE-2019-10086 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 An update that fixes one vulnerability is now available...

7.5CVSS6.9AI score0.01215EPSS

Exploits1References1

OSV•added 2019/08/28 3:49 p.m.•5 views

SUSE-SU-2019:2245-1 Security update for apache-commons-beanutils

7.5CVSS7.3AI score0.01215EPSS

Exploits1References3

OSV•added 2019/08/28 3:48 p.m.•5 views

SUSE-SU-2019:2244-1 Security update for apache-commons-beanutils

7.5CVSS7.3AI score0.01215EPSS

Exploits1References3

OpenVAS•added 2019/08/28 12:0 a.m.•58 views

Apache Struts ClassLoader Manipulation Vulnerabilities (S2-021) - Linux

ClassLoader Manipulation in Apache Struts allows remote attackers to execute arbitrary Java code. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

7.5CVSS8.3AI score0.91467EPSS

Exploits7References3

NVD•added 2019/08/20 9:15 p.m.•25 views

CVE-2019-10086

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean...

7.5CVSS7.6AI score0.01215EPSS

Exploits1References55

OSV•added 2019/08/20 9:15 p.m.•2 views

DEBIAN-CVE-2019-10086

7.3CVSS6.8AI score0.01215EPSS

Exploits1References1

OSV•added 2019/08/20 9:15 p.m.•6 views

CVE-2019-10086

7.3CVSS7.2AI score

Exploits0References55

OSV•added 2019/08/20 9:15 p.m.•0 views

UBUNTU-CVE-2019-10086