347 matches found
CVE-2023-35952
Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsibl...
CVE-2023-35949
Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsibl...
CVE-2023-35949
Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsibl...
CVE-2023-35952
Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsibl...
CVE-2023-35949
Removed by vendor...
CVE-2023-35952
Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsibl...
CVE-2023-35952
Removed by vendor...
PT-2024-6875
Name of the Vulnerable Software and Affected Versions Ivanti Avalanche versions prior to 6.4.5 Description The issue is a path traversal affecting the Faces Mojarra component within Ivanti Avalanche. This allows a remote, unauthenticated attacker to potentially reveal sensitive information. The...
CVE-2024-2227
This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces JSF 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the...
CVE-2024-2227 IdentityIQ JavaServer Faces File Path Traversal Vulnerability
This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces JSF 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the...
CVE-2024-2227 IdentityIQ JavaServer Faces File Path Traversal Vulnerability
This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces JSF 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the...
PT-2024-19297
Name of the Vulnerable Software and Affected Versions SailPoint IdentityIQ affected versions not specified Description The issue is a path traversal vulnerability in JavaServer Faces JSF that allows access to arbitrary files in the application server file system. This can be exploited by an...
Oracle JavaServer Faces 路径遍历漏洞
Oracle JavaServer Faces is a user interface framework on Oracle's Java platform for building Web-based user interface components and applications. A path traversal vulnerability exists in Oracle JavaServer Faces JSF version 2.2.20 that originates from allowing access to arbitrary files in the...
The vulnerability of the javax.faces component in the Avalanche mobile device management system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the javax.faces.resource component in the Avalanche mobile device management system is related to an incorrect limitation on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access t...
CVE-2023-41474
Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component...
Oracle JDeveloper Multiple Vulnerabilities (January 2024 CPU)
The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory. - Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware component: Oracle JDevelop...
VulnCheck KEV: CVE-2022-21445
Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution...
Oracle JDeveloper Information Disclosure (July 2023 CPU)
The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by an information disclosure vulnerability as referenced in the July 2023 CPU advisory. The vulnerability is in the Oracle JDeveloper product of Oracle Fusion Middleware component...
Badsecrets - A Library For Detecting Known Secrets Across Many Web Frameworks
A pure python library for identifying the use of known or very weak cryptographic secrets across a variety of platforms. The project is designed to be both a repository of various "known secrets" for example, ASP.NET machine keys found in examples in tutorials, and to provide a language-agnostic...
The vulnerability of the getLocalePrefix function in ResourceManager.java of the Eclipse Mojarra library, as a implementation of EE4J Eclipse for the Jakarta Faces specification, allows an attacker to gain unauthorized access to protected information.
The vulnerability of the getLocalePrefix function in the ResourceManager.java file of the Eclipse Mojarra library, as a implementation of EE4J Eclipse for the Jakarta Faces specification, is related to an incorrect restriction on the path name to the restricted directory. Exploiting this...