OpenRefine Code Issues Vulnerabilities

OpenRefine is a Java-based open source tool. The product is mainly used for loading data, analyzing data and cleaning data. A security vulnerability exists in OpenRefine 3.5.2 and earlier versions, which stems from the presence of a Server Request Forgery SSRF vulnerability. An unauthorized...

Atlassian Bamboo 代码注入漏洞

Atlassian Bamboo is a Java-based server-side application for continuous integration builds from Atlassian Australia. A security vulnerability exists in Atlassian Bamboo Data Center version 8.0.0. An attacker can exploit the vulnerability to execute arbitrary code...

Command Execution Vulnerability in MCMS of Jiangxi Minsoft Technology Co.

MCMS is a java-based development of a lightweight open source content management system . Jiangxi Mingsoft Technology Co., Ltd MCMS command execution vulnerability, an attacker can exploit the vulnerability to execute commands...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : jetty-minimal (SUSE-SU-2023:2539-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2539-1 advisory. - Jetty is a java based web server and servlet engine. In affected versions servlets with...

Apache OFBiz Path Traversal Vulnerability

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. Apache OFBiz suffers from a path traversal vulnerability that stems from the application failing to properl...

Apache Dubbo code issue vulnerability (CNVD-2023-23551)

Apache Dubbo is a lightweight Java-based RPC remote procedure call framework from the Apache Foundation in the United States. The product provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery.A security vulnerability exists i...

Apache Dubbo 代码问题漏洞

Apache Dubbo is a lightweight Java-based RPC remote procedure call framework from the Apache Foundation in the United States. The product provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery.A security vulnerability exists i...

SAP NetWeaver AS 访问控制错误漏洞

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but also the basic platform for SAP software. An Access Control Error vulnerability exists in the Java-based SAP NetWeaver AS version 7.50, which stems from improper access control, and can be...

Apache Dubbo code issue vulnerability (CNVD-2023-25935)

Apache Dubbo is the United States Apache Apache Foundation of a lightweight Java-based RPC Remote Procedure Call framework. The product provides interface-based remote calling , fault tolerance and load balancing and automatic service registration and discovery. A code issue vulnerability exists ...

online-course-selection-system 跨站脚本漏洞

online-course-selection-system is a Java-based online course selection system by the individual developer of pallidlight. A security vulnerability exists in online-course-selection-system. An attacker can exploit this vulnerability to conduct cross-site scripting attacks...

SnakeYAML 代码问题漏洞

SnakeYAML is a Java-based YAML parser. SnakeYaml suffers from a code issue vulnerability that stems from not limiting the types that can be instantiated during deserialization. An attacker exploiting this vulnerability could remotely execute code...

Apache Commons JXPath Buffer Overflow Vulnerability (CNVD-2022-73688)

Apache Commons JXPath is a Java-based implementation of XPath 1.0 from the Apache Foundation, U.S.A. A buffer overflow vulnerability exists in Apache Commons JXPath, which is caused by a stack buffer overflow when parsing XPath. A remote attacker could exploit this vulnerability to cause a denial...

Jfinal SQL Injection Vulnerability (CNVD-2022-67142)

JFinal is a Java-based language WEB ORM open source framework. JFinal CMS version 5.1.0 SQL injection vulnerability , the vulnerability stems from its several interfaces do not use the same components , and did not apply filters , and each interface uses its own SQL connection method , an attacke...

ZFile arbitrary file upload vulnerability

ZFile is a Java-based online web development program open-sourced by zfile-dev. ZFile v4.1.1 contains an arbitrary file upload vulnerability that stems from a lack of validation of uploaded files in its component /file/upload/1. An attacker could exploit this vulnerability to upload malicious fil...

XXL-JOB 操作系统命令注入漏洞

XXL-JOB is a distributed task scheduling platform based on java language from XU Xueli XXL-JOB community. XXL-JOB version 2.2.0 suffers from an operating system command injection vulnerability, which stems from a command execution vulnerability in a background task...

Apache XML Graphics Batik Server-Side Request Forgery Vulnerability

Apache XML Graphics Batik is a Java-based application from the Apache Foundation that is primarily used to process images in SVG format.Apache XML Graphics Batik is vulnerable to server-side request forgery, which is caused by a flaw in the DefaultScriptSecurity function. An attacker could exploi...

Security Bulletin: Potential security vulnerabilities with JavaTM SDKs

Abstract Smarter Infrastructure Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. See Vulnerability Details for CVE IDs. Content VULNERABILITY DETAILS: Customers who have Java based applications, such as Maximo Asse...

CVE-2022-36025 Incorrect Conversion between Numeric Types in Besu Ethereum Client

Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations including DELEGATECALL results in...

Theonedev Onedev 安全漏洞

Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. Theonedev A security vulnerability...

Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations

Iranian state-sponsored actors are leaving no stone unturned to exploit unpatched systems running Log4j to target Israeli entities, indicating the vulnerability's long tail for remediation. Microsoft attributed the latest set of activities to the umbrella threat group tracked as MuddyWater aka...