CVE-2021-3859

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...

CVE-2021-3859

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...

Design/Logic Flaw

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...

CVE-2021-3859

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...

CVE-2021-3859

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...

Xiaomi Mi Sound Information Disclosure Vulnerability

Xiaomi Mi Sound is a smart audio app by Chinese company Xiaomi Xiaomi. Xiaomi Mi Sound suffers from an information disclosure vulnerability, which stems from the fact that part of the interface can be remotely invoked, which can be exploited by an attacker to obtain sensitive information...

OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

Shescape 安全漏洞

Shescape is open source a simple shell escaping program package for JavaScript . Use it to escape user-controlled input to shell commands to prevent shell injection. A security vulnerability exists in versions of Shescape prior to 1.5.8, which stems from insufficient space-specific escaping on...

openSUSE: Security Advisory for java-1_8_0-openjdk (SUSE-SU-2022:2530-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Xiaomi Mi Sound APP 信息泄露漏洞

Xiaomi Mi Sound is a smart audio app by Chinese company Xiaomi Xiaomi. Xiaomi Mi Sound suffers from an information disclosure vulnerability, which stems from the fact that part of the interface can be remotely invoked, which can be exploited by an attacker to obtain sensitive information...

Security fix for the ALT Linux 10 package java-11-openjdk version 0:11.0.15.0.10-alt1_1jpp11

0:11.0.15.0.10-alt11jpp11 built July 14, 2022 Andrey Cherepanov in task 303498 June 29, 2022 Andrey Cherepanov - New version. - Security fixes + JDK-8270504, CVE-2022-21426: Better XPath expression handling + JDK-8275082, JDK-8278008, CVE-2022-21476: Update XML Security for Java to 2.3.0 +...

CVE-2022-30034

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes...

NetScout nGeniusONE 代码注入漏洞

NetScout nGeniusONE is a centralized application management and network performance solution from NetScout, Inc. A code injection vulnerability exists in NetScout nGeniusONE version 6.3.2, which can be exploited by an attacker to execute Java RMI code...

OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

Cross-site Scripting in Apache Struts

Multiple Cross-Site Scripting XSS in XWork generated error pages in Apache Struts. By default, XWork doesn't escape action's names in automatically generated error page, allowing for a successful XSS attack. When Dynamic Method Invocation DMI is enabled, the action name is generated dynamically...

GHSA-56F8-G68R-J699 Cross-site Scripting in Apache Struts

Multiple Cross-Site Scripting XSS in XWork generated error pages in Apache Struts. By default, XWork doesn't escape action's names in automatically generated error page, allowing for a successful XSS attack. When Dynamic Method Invocation DMI is enabled, the action name is generated dynamically...

Code injection in Apache Struts

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors...

GHSA-J7H6-XR7G-M2C5 Code injection in Apache Struts

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors...