Lucene search
K

6 matches found

Snyk
Snyk
added 2025/03/20 12:32 p.m.2 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the DriverManager.getConnection method. An attacker can execute arbitrary code by passing malicious JDBC URLs that lead to deserialization of untrusted data. Details Serialization is a process of...

9.8CVSS7.9AI score0.01441EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/09/16 12:0 a.m.2 views

spider-flow code issue vulnerability

spider-flow is a crawler platform open source by sssssssss-team. Spider-flow 0.5.0 previous version of a code problem vulnerability , the vulnerability stems from the component API file src/main/java/org/spiderflow/controller/DataSourceController.java in the DriverManager. There is an unknown...

9.8CVSS7AI score0.00892EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2022/10/04 4:2 p.m.6 views

h2: Remote Code Execution in Console

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

10CVSS7.4AI score0.63211EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2022/06/06 4:0 p.m.5 views

h2: Remote Code Execution in Console

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

10CVSS7.4AI score0.63211EPSS
Exploits3References5
Microsoft CVE
Microsoft CVE
added 2021/08/25 7:0 a.m.10 views

A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add() hci_sock_blacklist_del() hci_get_conn_info() hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.

...

6.9CVSS6.9AI score0.0037EPSS
Exploits1
OSV
OSV
added 2021/06/06 1:0 p.m.1 views

UBUNTU-CVE-2021-3573

A use-after-free in function hcisockboundioctl of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hciunregisterdev together with one of the calls hcisockblacklistadd, hcisockblacklistdel, hcigetconninfo,...

6.4CVSS6.6AI score0.0037EPSS
Exploits1References9
Rows per page
Query Builder