950 matches found
GHSA-6M68-3W55-6MX4 Apache Geode OQL method invocation vulnerability
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote cod...
Apache Struts RCE Vulnerability
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions...
GHSA-MMJ6-CJJ4-HPR5 Apache Struts vulnerable to arbitrary remote code execution due to improper input validation
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! exclamation mark operator to the REST Plugin...
Apache Struts vulnerable to arbitrary remote code execution due to improper input validation
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! exclamation mark operator to the REST Plugin...
GHSA-H7RX-R733-7X7R Sandbox bypass in Jenkins Script Security Plugin sandbox bypass
Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection...
OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...
OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...
OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...
OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...
CVE-2021-41041
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles...
CVE-2021-41041
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles...
CVE-2021-41041
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles...
CVE-2021-41041
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles...
Security fix for the ALT Linux 10 package java-1.8.0-openjdk version 0:1.8.0.332.b09-alt0_0.1.eajpp8
0:1.8.0.332.b09-alt00.1.eajpp8 built April 27, 2022 Andrey Cherepanov in task 298975 --- April 25, 2022 Andrey Cherepanov - New version. - Seciruty fixes: + JDK-8270504, CVE-2022-21426: Better XPath expression handling + JDK-8275151, CVE-2022-21443: Improved Object Identification + JDK-8277672,...
PT-2022-11360 · Eclipse +4 · Eclipse Openj9 +4
Name of the Vulnerable Software and Affected Versions: Eclipse Openj9 versions prior to 0.32.0 Description: The issue arises when Java 8 and 11 fail to throw an exception captured during bytecode verification triggered by a MethodHandle invocation. This allows unverified methods to be invoked usi...
OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...
OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...
OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...
OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...
OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...