CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

96 matches found

CVE•added 2016/10/03 9:0 p.m.•154 views

CVE-2015-1832

CVE-2015-1832 is an XXE vulnerability in the XmlVTI/XML datatype handling of Derby’s SqlXmlUtil, present in Apache Derby before 10.12.1.1 and exploitable when a Java Security Manager is not in place. Context-dependent attackers could read arbitrary files or cause resource exhaustion (DOS) via Xml...

9.1CVSS8.8AI score0.00818EPSS

Exploits0References13Affected Software1

Debian CVE•added 2016/10/03 9:0 p.m.•27 views

CVE-2015-1832

XML external entity XXE vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service resource consumption via vectors involving XmlVTI and the XML dataty...

9.1CVSS9.1AI score0.00818EPSS

Exploits0

RedHat Linux•added 2015/05/14 3:14 p.m.•2 views

6: JSM policy not respected by deployed applications

It was found that Java Security Manager permissions configured via a policy file were not properly applied, causing all deployed applications to be granted the java.security.AllPermission permission. In certain cases, an attacker could use this flaw to circumvent expected security measures to...

5.8CVSS5.7AI score0.0028EPSS

Exploits0References4

RedHat Linux•added 2015/03/24 9:5 p.m.•1 views

Validator: JSM bypass via ReflectionHelper

It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions wi...

5CVSS6.3AI score0.00532EPSS

Exploits0References4

RedHat Linux•added 2015/02/17 10:27 p.m.•0 views

Validator: JSM bypass via ReflectionHelper

5CVSS6.3AI score0.00532EPSS

Exploits0References4

RedHat Linux•added 2015/02/04 5:41 p.m.•4 views

Validator: JSM bypass via ReflectionHelper

5CVSS6.3AI score0.00532EPSS

Exploits0References4

RedHat Linux•added 2014/12/15 8:35 p.m.•54 views

Important: Red Hat Security Advisory: Red Hat JBoss Fuse Service Works 6.0.0 security update

Red Hat JBoss Fuse Service Works 6.0.0 roll up patch 3, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base score...

7.5CVSS7.3AI score0.05863EPSS

Exploits4References8

RedHat Linux•added 2014/12/15 8:35 p.m.•3 views

jboss-as-server: Unchecked access to MSC Service Registry under JSM

In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container MSC service registry without any permission checks. This could allow malicious deployments to modify the internal state of the...

1.9CVSS5.9AI score0.00062EPSS

Exploits0References4

RedHat Linux•added 2014/12/15 8:35 p.m.•4 views

6: JSM policy not respected by deployed applications

5.8CVSS5.7AI score0.0028EPSS

Exploits0References4

Tenable Nessus•added 2014/11/08 12:0 a.m.•25 views

RHEL 7 : Red Hat JBoss Enterprise Application Platform 6.3.1 update (Low) (RHSA-2014:1287)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1287 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the...

5CVSS6.5AI score0.00532EPSS

Exploits0References20

OSV•added 2014/09/30 2:55 p.m.•3 views

DEBIAN-CVE-2014-3558

ReflectionHelper org.hibernate.validator.util.ReflectionHelper in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager JSM restrictions and execute restricted reflection calls via a crafted application...

5CVSS7AI score0.00532EPSS

Exploits0References1

OSV•added 2014/09/30 2:55 p.m.•5 views

CVE-2014-3558

6.3AI score

Exploits0References8

NVD•added 2014/09/30 2:55 p.m.•6 views

CVE-2014-3558

5CVSS6.4AI score0.00532EPSS

Exploits0References8

OSV•added 2014/09/30 2:55 p.m.•1 views

UBUNTU-CVE-2014-3558

5CVSS5.8AI score0.00532EPSS

Exploits0References3

Prion•added 2014/09/30 2:55 p.m.•9 views

Design/Logic Flaw

5CVSS7AI score0.00532EPSS

Exploits0References8Affected Software1

UbuntuCve•added 2014/09/30 2:55 p.m.•17 views

CVE-2014-3558

5CVSS5.9AI score0.00532EPSS

Exploits0References2

CVE•added 2014/09/30 2:0 p.m.•93 views

CVE-2014-3558

CVE-2014-3558 affects Hibernate Validator: ReflectionHelper in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2. Root cause is the ReflectionHelper usage that can bypass the Java Security Manager restrictions, allowing a crafted application to execute restricted re...

5CVSS6.4AI score0.00532EPSS

Exploits0References8Affected Software1

Debian CVE•added 2014/09/30 2:0 p.m.•14 views

CVE-2014-3558

5CVSS6.3AI score0.00532EPSS

Exploits0

Tenable Nessus•added 2014/09/25 12:0 a.m.•17 views

RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.3.1 update (Low) (RHSA-2014:1286)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1286 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the...

5CVSS6.5AI score0.00532EPSS

Exploits0References20

RedHat Linux•added 2014/09/23 8:19 p.m.•4 views

6: JSM policy not respected by deployed applications

5.8CVSS5.7AI score0.0028EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by