CVE-2022-35912

In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 at least when certain Java 8 configurations are used, data binding allows a remote attacker to execute code by gaining access to the class loader...

CVE-2019-18956

Divisa Proxia Suite 9 9.12.16, 9.11.19, 9.10.26, 9.9.8, 9.8.43 and 9.7.10, 10.0 10.0.32, and 10.1 10.1.5, SparkSpace 1.0 1.0.30, 1.1 1.1.2, and 1.2 1.2.4, and Proxia PHR 1.0 1.0.30 and 1.1 1.1.2 allows remote code execution via untrusted Java deserialization. The proxia-error cookie is insecurely...

CVE-2019-18364

In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution...

CVE-2019-2699

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Windows DLL. The supported version that is affected is Java SE: 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. While the vulnerabilit...

CVE-2019-2749

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multipl...

CVE-2019-2518

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multipl...

CVE-2019-11696

Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability...

CVE-2019-11642

A log poisoning vulnerability has been discovered in the OneShield Policy Dragon Core framework before 5.1.10. Authenticated remote adversaries can poison log files by entering malicious payloads in either headers or form elements. These payloads are then executed via a client side debugging...

CVE-2019-11938

Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebo...

CVE-2019-20635

codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields...

CVE-2011-0849

Unspecified vulnerability in Oracle Java Dynamic Management Kit 5.1 allows remote attackers to affect integrity, related to HTML Adaptor...

CVE-2011-0846

Unspecified vulnerability in the Oracle Sun Java System Access Manager Policy Agent 2.2 allows remote attackers to affect availability via unknown vectors related to Web Proxy Agent...

CVE-2020-12133

The Apros Evolution, ConsciusMap, and Furukawa provisioning systems through 2.8.1 allow remote code execution because of javax.faces.ViewState Java deserialization...

CVE-2020-23620

The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object...

CVE-2020-24164

A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface...

CVE-2020-24639

There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system...

CVE-2020-17532

When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5...

CVE-2024-41948

biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

CVE-2023-25561

DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service JAAS authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any...

CVE-2021-2438

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM...