Sonatype Nexus Repository Manager Java Code Execution Vulnerability

Sonatype Nexus Repository Manager aka NXRM is a maven repository manager. A security vulnerability exists in Sonatype NXRM versions prior to 3.14. An attacker can exploit the vulnerability to execute code on the server...

GHSA-J8G6-2WH7-6439 Apache Tika allows Java code execution for serialized objects embedded in MATLAB files

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization...

Apache Tika allows Java code execution for serialized objects embedded in MATLAB files

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization...

IBM WebSphere Application Server Code Execution Vulnerability

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. A code execution vulnerability exists in IBM WebSphere...

CVE-2018-1567

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024...

Code injection

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024...

Remote Code Execution (RCE)

HSQLDB is vulnerable to remote code execution. The static methods of all available Java classes can be accessed as functions using crafted database documents when the system property hsqldb.methodclassnames is not set. A remote attacker is able to exploit the vulnerability to execute arbitrary Ja...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6, 7 and 8 used by IBM ILOG CPLEX Optimization Studio. These issues were disclosed as part of the IBM Java SDK updates in July 2018. Vulnerability Details If you run your own Java code using the IBM Java Runtime...

spring-boot: Malicious PATCH requests submitted to servers can use specially crafted JSON data to run arbitrary Java code

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...

Apache Cassandra 3.8.x - 3.11.1 RCE Vulnerability

Apache Cassandra is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2018-8016

The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in...

Remote Code Execution (RCE)

apache-cassandra is vulnerable to remote code execution RCE attacks. The library binds unauthenticated Remote Method Invocation RMI Interfaces to all network interfaces, allowing a malicious user to invoke an RMI request to inject and execute arbitrary Java code. This is a regression of...

Arbitrary Code Execution

datomic-free is vulnerable to Arbitrary Code Execution. It allows an authorized user to inject arbitrary java code using the H2 SQL ALIAS command CREATE ALIAS...

CVE-2018-12533

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language EL expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310...

CVE-2018-12532

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language EL variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309...

Apache Tika 1.9 - 1.13 Java Code Execution Vulnerability

Apache Tika is prone to an arbitrary Java code execution vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

JBoss RichFaces Arbitrary Java Code Execution Vulnerability (CNVD-2018-11847)

Red Hat JBoss RichFaces is the United States Red Hat Red Hat, Inc. of an open source JSF JavaServer Faces component library . The library provides built-in JavaScript and Ajax functionality . A security vulnerability exists in Red Hat JBoss RichFaces versions 4.5.3 through 4.5.17. A remote attack...

Design/Logic Flaw

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language EL expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310...

CVE-2018-12532

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language EL variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309...

CVE-2018-12532

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language EL variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309...