345 matches found
GHSA-54FX-GM74-Q676 Permissions bypass in SmallRye
A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...
Permissions bypass in SmallRye
A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...
Mageia: Security Advisory (MGASA-2014-0219)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader
A flaw was found in xstream. A remote attacker may be able to execute arbitrary code only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
ManageEngine ADSelfService Plus Authentication Bypass / Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADSelfService Plus CVE-2021-40539', 'Description' = %q This module exploits CVE-2021-40539, a REST API authentication bypass...
XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader
A flaw was found in xstream. A remote attacker may be able to execute arbitrary code only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader
A flaw was found in xstream. A remote attacker may be able to execute arbitrary code only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader
A flaw was found in xstream. A remote attacker may be able to execute arbitrary code only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
CVE-2020-1729
A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...
CVE-2020-1729
A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...
CVE-2020-1729
A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...
XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader
A flaw was found in xstream. A remote attacker may be able to execute arbitrary code only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
OSV-2021-560 Uncaught exception in java.base/java.lang.ClassLoader.defineClass0
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32439 Crash type: Uncaught exception Crash state: java.base/java.lang.ClassLoader.defineClass0 java.base/java.lang.System$2.defineClass java.base/java.lang.invoke.MethodHandles$Lookup$ClassDefiner.defineClass...
OSV-2021-552 Uncaught exception in java.base/java.lang.ClassLoader.defineClass0
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32407 Crash type: Uncaught exception Crash state: java.base/java.lang.ClassLoader.defineClass0 java.base/java.lang.System$2.defineClass java.base/java.lang.invoke.MethodHandles$Lookup$ClassDefiner.defineClass...
CVE-2020-10718
A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader TCCL. This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality...
NewStart CGSL CORE 5.05 / MAIN 5.05 : apache-commons-beanutils Vulnerability (NS-SA-2020-0100)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has apache-commons-beanutils packages installed that are affected by a vulnerability: - In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to acces...
Exploit for Improper Input Validation in Apache Unomi
CVE-2020-13942 CVE-2020-13942 POC by Eugene Rojavski Origi...
Security Bulletin: IBM Security Guardium is affected by an Apache commons beanutils 1.9.2 library vulnerability
Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2019-10086 DESCRIPTION: Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2014-0114, CVE-2019-10086)
Summary WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager SKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in t...
CVE-2020-10718
A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader TCCL. This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is ...