Asset Pipeline Grails Plugin vulnerable to Path Traversal

Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable via Specially...

IBM Java 8.0 < 8.0.5.30

The version of IBM Java installed on the remote host is prior to 8.0 8.0.5.30. It is, therefore, affected by a vulnerability as referenced in the IBM Security Update March 2019 advisory. - IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate cod...

CVE-2021-41041

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles...

CVE-2021-41041

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles...

CVE-2021-41041

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles...

CVE-2021-41041

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles...

Spring Framework RCE, Mitigation Alternative

Yesterday we announced a Spring Framework RCE vulnerability CVE-2022-22965, listing Apache Tomcat as one of several preconditions. The Apache Tomcat team has since released versions 10.0.20, 9.0.62, and 8.5.78 all of which close the attack vector on Tomcats side. While the vulnerability is not in...

Amazon Corretto Java 8.x < 8.222.10.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 8 8.222.10.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-8-2019-Jul-16 advisory. - Security CVE-2019-2745, CVE-2019-2786 - Utilities CVE-2019-2762, CVE-2019-2769 - Networking...

Amazon Corretto Java 8.x < 8.272.10.3 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 8 8.272.10.3. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-8-2020-Oct-21 advisory. - core-libs/java.io:serialization CVE-2020-14779 - core-libs/javax.naming CVE-2020-14781 -...

Amazon Corretto Java 8.x < 8.312.07.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 8 8.312.07.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-8-2021-Oct-19 advisory. - security-libs/javax.net.ssl CVE-2021-35550, CVE-2021-35578, CVE-2021-35603 - client-libs/javax.swing...

Amazon Corretto Java 8.x < 8.302.08.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 8 8.302.08.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-8-2021-Jul-20 advisory. - core-libs/java.net CVE-2021-2341 - security-libs/java.security CVE-2021-2369 - hotspot/compiler...

Amazon Corretto Java 8.x < 8.262.10.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 8 8.262.10.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-8-2020-Jul-14 advisory. - core-libs/java.util.concurrent CVE-2020-14556 - security-libs/javax.net.ssl CVE-2020-14577 -...

Amazon Corretto Java 8.x < 8.252.09.2 Vulnerability

The version of Amazon Corretto installed on the remote host is prior to 8 8.252.09.2. It is, therefore, affected by a vulnerability as referenced in the corretto-8-2020-Apr-17 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

Amazon Corretto Java 8.x < 8.252.09.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 8 8.252.09.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-8-2020-Apr-14 advisory. - core-libs/javax.script CVE-2020-2754, CVE-2020-2755 - core-libs/java.io:serialization CVE-2020-2756,...

FreeBSD : OpenSearch -- Log4Shell (b0f49cb9-6736-11ec-9eea-589cfc007716)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b0f49cb9-6736-11ec-9eea-589cfc007716 advisory. - It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain...

Atomix has unspecified vulnerabilities

Atomix is a fault-tolerant distributed orchestration framework for JAVA 8. An unspecified vulnerability exists in Atomix version 3.1.5. The vulnerability allows malicious Atomix nodes to remove state from ONOS storage by abusing raw operations. No details of the vulnerability are currently...

Atomix Information Disclosure Vulnerability

Atomix is a fault-tolerant distributed coordination framework for JAVA 8. Atomix version 3.1.5 is vulnerable to an information disclosure vulnerability. An attacker could exploit this vulnerability to access sensitive information when a malicious Atomix node queries the distributed variable...

Atomix Denial of Service Vulnerability

Atomix is a fault-tolerant distributed orchestration framework for JAVA 8. A denial-of-service vulnerability exists in Atomix version 3.1.5. An attacker could exploit this vulnerability to cause a denial of service via a false link event message sent to the primary ONOS node...

Atomix has an unspecified vulnerability (CNVD-2021-101702)

Atomix is a fault-tolerant distributed orchestration framework for JAVA 8. An unspecified vulnerability exists in Atomix version 3.1.5. The vulnerability allows an unauthorized Atomix node to join the target cluster by providing configuration information. No detailed vulnerability details are...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228 Log4Shell Proof of Concept CVE-2021-44228 Ma...