Apache Camel 代码问题漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects in accordance with the EIP pattern, and routing and mediation rules are configured...

c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects

A flaw was found in c3p0, a Java Database Connectivity JDBC Connection pooling library. This vulnerability allows an attacker to achieve arbitrary code execution by providing maliciously crafted Java-serialized objects or javax.naming.Reference instances. By manipulating the userOverridesAsString...

EUVD-2008-2799

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-12320

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a use after free in radare2 2.6.0 in ranalbbfree in libr/anal/bb.c via a crafted Java binary file. CVE-2018-12320 Note that Nessus relies on the presen...

CVE-2023-39219

PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests...

CVE-2023-28500

A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL. Adobe LiveCycle ES4 version 11.0.1 and later may...

GHSA-WFW7-6632-XCV2 Jenkins CLI Deserialization of Untrusted Data vulnerability

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-.jar file and the "Groovy variant in ysoserial"...

CVE-2022-24282

A vulnerability has been identified in SINEC NMS All versions = V1.0.3 V2.0, SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the...

CVE-2021-23894

Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...

CVE-2019-16112

TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI...

CVE-2018-12321

There is a heap out of bounds read in radare2 2.6.0 in javaswitchop in libr/anal/p/analjava.c via a crafted Java binary file...

CVE-2018-12321

There is a heap out of bounds read in radare2 2.6.0 in javaswitchop in libr/anal/p/analjava.c via a crafted Java binary file...

CVE-2018-12320

There is a use after free in radare2 2.6.0 in ranalbbfree in libr/anal/bb.c via a crafted Java binary file...

CVE-2018-12321

There is a heap out of bounds read in radare2 2.6.0 in javaswitchop in libr/anal/p/analjava.c via a crafted Java binary file...

Red Hat Jboss Remote Code Execution Vulnerability

Red Hat JBoss Enterprise Application Platform EAP is the United States Red Hat Red Hat company's set of open source, J2EE-based middleware platform. The platform is mainly used to build, deploy and host Java applications and services. A remote code execution vulnerability exists in the JMX servle...

HP Service Manager RCE Vulnerability (Jul 2016)

HP Service Manager is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2016-4368

HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections ACC library...

Design/Logic Flaw

HPE Network Node Manager i NNMi 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections ACC library...

Design/Logic Flaw

HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections ACC library...

UBUNTU-CVE-2015-5254

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service JMS ObjectMessage object...