Lucene search
K

10 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 6:8 a.m.6 views

SUSE CVE-2008-2086

Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the 1 java.home, 2 java.ext.dirs, or 3 user.home System...

9.3CVSS7.9AI score0.07319EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2021/09/14 8:25 p.m.49 views

Any storage file can be downloaded from p.sh if full server path is known

The default configuration for platform.sh .platform.app.yaml allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows...

3.5AI score
Exploits0References3Affected Software1
OSV
OSV
added 2021/09/14 8:24 p.m.10 views

GHSA-GQCF-83RQ-GPFR Any storage file can be downloaded from p.sh if full server path is known

The default configuration for platform.sh .platform.app.yaml allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows...

7AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/05/24 12:0 a.m.40 views

SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2017:1386-1)

This update for java-180-ibm fixes the following issues: Version update bsc1038505 : - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number -...

9.8CVSS6.9AI score0.07489EPSS
Exploits2References22
Tenable Nessus
Tenable Nessus
added 2017/05/24 12:0 a.m.44 views

SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2017:1384-1)

This update for java-170-ibm fixes the following issues: Version update to 7.0-10.5 bsc1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number ...

9.8CVSS6.9AI score0.07489EPSS
Exploits2References22
RedHat Linux
RedHat Linux
added 2017/05/10 12:44 p.m.5 views

OpenJDK: untrusted extension directories search path in Launcher (JCE, 8163528)

An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges...

7.7CVSS7.3AI score0.00759EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2017/05/09 10:46 a.m.5 views

OpenJDK: untrusted extension directories search path in Launcher (JCE, 8163528)

An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges...

7.7CVSS7.3AI score0.00759EPSS
Exploits2References5
Amazon
Amazon
added 2017/05/09 12:0 a.m.50 views

Medium: java-1.8.0-openjdk

Issue Overview: Improper re-use of NTLM authenticated connections Networking, 8163520: It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could...

7.7CVSS7.8AI score0.03311EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2009/12/11 1:42 p.m.4 views

Java Web Start File Inclusion via System Properties Override

Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the 1 java.home, 2 java.ext.dirs, or 3 user.home System...

9.3CVSS7.6AI score0.07319EPSS
Exploits1References4
Prion
Prion
added 2006/06/02 10:18 a.m.8 views

Remote file inclusion

PHP remote file inclusion vulnerability in METAjour 2.1, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via the 1 systempath parameter in a large number of files in the a app/edocument/, b app/eproject/, c app/erek/, and d extension/ directories, and the 2...

5.1CVSS8.1AI score0.06745EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder