CVE-2022-26119

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

EUVD-2020-2990

Malware in sbrugna...

EUVD-2022-30686

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2012-3155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System...

Linux Distros Unpatched Vulnerability : CVE-2017-3626

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Java Server Faces. The supported version that is affected is...

Remote Code Execution (RCE)

org.glassfish.main.orb: orb-connector is vulnerable to Remote Code Execution RCE. An attacker could exploit this vulnerability by sending a specially crafted RMI request to a vulnerable Glassfish server via access to insecure ORB listeners. The server would then execute the code contained in the...

SUSE CVE-2012-0551

Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and...

SUSE CVE-2012-3155

Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remote attackers to affect availability, related to CORBA ORB...

CVE-2022-26119

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

Authentication flaw

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

CVE-2022-26119

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

CVE-2022-26119

Affected software : Fortinet FortiSIEM versions prior to 6.5.0. Vulnerability : Improper authentication allowing a local attacker with CLI access to perform operations on the Glassfish server via a hardcoded password. The root cause is hardcoded/default credentials used when connecting to Glassfi...

CVE-2021-3314

Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for...

CVE-2021-3314

Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for...

CVE-2021-3314

CVE-2021-3314 affects Oracle GlassFish Server 3.1.2.18 and earlier. The vulnerability is a reflected XSS in the /common/logViewer/logViewer.jsf page, where an attacker can craft a URL that causes an administrator’s input to be reflected and executed by the browser. Root cause is improper handling...

CVE-2018-3152

CVE-2018-3152 affects Oracle GlassFish Server 3.1.2 in the Administration component. The vulnerability allows an unauthenticated attacker with network access via HTTP to cause a hang or complete denial-of-service of the GlassFish server. Documented impact is an availability loss (CVSSv3 base 7.5)...

CVE-2017-10385

Removed by vendor...

CVE-2017-10385

CVE-2017-10385 affects Oracle GlassFish Server’s Web Container in Oracle Fusion Middleware 3.0.1 and 3.1.2. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the server, with successful attacks requiring user interaction. This can lead to unauthorized...

CVE-2017-10393

CVE-2017-10393 affects Oracle GlassFish Server Web Container in Oracle Fusion Middleware (versions 3.0.1 and 3.1.2). The vulnerability permits unauthenticated, network-accessible exploitation via HTTP, with human interaction required, leading to possible unauthorized updates/deletes and reads, pl...

CVE-2017-1000030

Oracle, GlassFish Server Open Source Edition 3.0.1 build 22 is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface...