57 matches found
Code injection
delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions is set to false, the loadWithNewGlobal function can be used to invoke the exit and quit methods to exit the Java process...
Delight Nashorn Sandbox 注入漏洞
Delight Nashorn Sandbox is a Java Delight open source sandbox for executing JavaScript in Java using Nashorn. A security vulnerability exists in Delight Nashorn Sandbox version 0.2.4, 0.2.5. An attacker exploiting this vulnerability can exit a Java process by calling the exit and quit methods usi...
CVE-2023-26919
delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions is set to false, the loadWithNewGlobal function can be used to invoke the exit and quit methods to exit the Java process...
UFLO 代码注入漏洞
UFLO is a pure Java process engine based on Spring that supports various flow methods such as parallel, dynamic parallel, serial, and countersign. A code injection vulnerability exists in UFLO uflo-core, which stems from incorrect user authentication...
Apache Apereo CAS Log4Shell Direct Check (CVE-2021-44228)
Binary data apacheapereocaslog4shell.nbin...
Amazon AWS 竞争条件问题漏洞
Amazon AWS is a cloud computing platform from the U.S.-based Amazon.com that provides a range of services including information technology infrastructure and applications, such as storage, databases, computing, machine learning, and more, to individuals, businesses, and governments. A security...
CVE-2022-0070
Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to...
CVE-2022-0070
Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to...
Design/Logic Flaw
Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to...
CVE-2022-0070 Log4j hot patch package privilege escalation
Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to...
Privilege Escalation
org.keycloak:keycloak-services is vulnerable to privilege escalation. A local attacker is able to create directories prior to the Java process creating them in the temporary directory with wider user permissions resulting in attackers having access to the contents that keycloak stores in this...
GHSA-6XP6-FMC8-PMMR Temporary Directory Hijacking Vulnerability in Keycloak
A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is ...
Apache Druid Log4Shell Direct Check (CVE-2021-44228)
Binary data apachedruidlog4shell.nbin...
Apache OFBiz Log4Shell Direct Check (CVE-2021-44228)
Binary data apacheofbizlog4shell.nbin...
Apache Solr Log4Shell Direct Check (CVE-2021-44228)
Binary data apachesolrlog4shell.nbin...
Apache Log4Shell CVE-2021-45046 Bypass Remote Code Execution
Binary data apachelog4shellCVE-2021-45056directcheck.nbin...
Apache Log4j Message Lookup Substitution RCE (Log4Shell) (Direct Check)
Binary data apachelog4jjdnildapgeneric.nbin...
Design/Logic Flaw
A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is ...
CVE-2020-11975
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process...
CVE-2020-11975
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process...