Lucene search
K

92 matches found

Vulnrichment
Vulnrichment
added 2025/08/12 11:16 a.m.4 views

CVE-2024-41980

A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application do not encrypt the communication in LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive...

3.1CVSS6.9AI score0.00114EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.8 views

PT-2025-32639 · Smartclient · Smartclient Opcenter Ql Home +2

Name of the Vulnerable Software and Affected Versions: SmartClient Opcenter QL Home SC versions 13.2 through 2505 SmartClient SOA Audit versions 13.2 through 2505 SmartClient SOA Cockpit versions 13.2 through 2505 Description: The affected application does not encrypt communication in the LDAP...

3.1CVSS6.3AI score0.00114EPSS
Exploits0References3
Amazon
Amazon
added 2025/04/29 12:0 a.m.6 views

Medium: java-11-openjdk

Issue Overview: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with networ...

5.8CVSS5.6AI score0.03713EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/04/15 12:0 a.m.8 views

RHEL 6 : jbossas-web and jboss-naming (RHSA-2012:1027)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1027 advisory. JBoss Application Server is the base package for JBoss Enterprise Web Platform, providing the core server components. The Java Naming and...

7.5CVSS5.7AI score0.03521EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2024/11/25 12:12 a.m.4 views

h2: Loading of custom classes from remote servers through JNDI

A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script...

10CVSS8AI score0.64766EPSS
Exploits4References5
OSV
OSV
added 2023/04/11 3:15 a.m.4 views

CVE-2023-24527

SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will...

5.3CVSS6.1AI score0.00452EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.9 views

SUSE CVE-2020-8840

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter...

9.8CVSS8.3AI score0.26587EPSS
Exploits5References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:49 a.m.5 views

SUSE CVE-2021-2432

Vulnerability in the Java SE product of Oracle Java SE component: JNDI. The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

3.7CVSS6AI score0.03701EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.10 views

SUSE CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message...

9.8CVSS9.1AI score0.99999EPSS
Exploits351References23
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.14 views

SUSE CVE-2021-45046

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

8.1CVSS7.3AI score0.99977EPSS
Exploits40References5
OSV
OSV
added 2023/02/14 1:15 p.m.3 views

CVE-2023-25141

Apache Sling JCR Base 3.1.12 has a critical injection vulnerability when running on old JDK versions JDK 1.8.191 or earlier through utility functions in RepositoryAccessor. The functions getRepository and getRepositoryFromURL allow an application to access data stored in a remote location via JDN...

7.5CVSS5.8AI score0.0116EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.4 views

SAP NetWeaver Process Integration 安全漏洞

SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is primarily used for the exchange of information between internal systems and external ones. A security vulnerability...

9.4CVSS7.1AI score0.00566EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/10/20 10:18 a.m.5 views

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

3.7CVSS7.2AI score0.01401EPSS
Exploits0References4
OSV
OSV
added 2022/08/21 9:15 a.m.5 views

CVE-2022-34916

Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...

9.8CVSS6.3AI score0.0231EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/08/02 7:58 a.m.5 views

OpenJDK: URI parsing inconsistencies (JNDI, 8278972)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

5.3CVSS7.4AI score0.02805EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/04/25 3:1 p.m.2 views

OpenJDK: URI parsing inconsistencies (JNDI, 8278972)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

5.3CVSS7.4AI score0.02805EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/04/11 1:0 p.m.5 views

log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...

10CVSS7.9AI score0.99999EPSS
Exploits353References8
RedHat Linux
RedHat Linux
added 2022/02/15 6:54 p.m.6 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

8.8CVSS7.4AI score0.61785EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/02/03 7:9 p.m.4 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

8.8CVSS7.4AI score0.61785EPSS
Exploits0References5
Information Security Automation
Information Security Automation
added 2021/12/26 10:7 p.m.255 views

Log4j “Log4Shell” RCE explained (CVE-2021-44228)

Hello everyone! I decided to make a separate episode about Log4Shell. Of course, there have already been many reviews of this vulnerability. But I do it primarily for myself. It seems to me that serious problems with Log4j and similar libraries will be with us for a long time. Therefore, it would...

9.3CVSS0.1AI score0.99999EPSS
Exploits355
Rows per page
Query Builder