Lucene search
K

24 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-29614

Malicious code in bioql PyPI...

8.2CVSS7.1AI score0.02257EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-27118

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.01286EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:54 p.m.10 views

CVE-2022-24818

GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case,...

8.2CVSS7.5AI score0.02257EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.15 views

Fedora 37 : java-1.8.0-openjdk (2022-dedbb92a08)

"The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-dedbb92a08 advisory. New in release OpenJDK 8u352 2022-10-18 Release announcement Full release notes Security Fixes JDK-8282252: Improve BigInteger/Decimal validation...

5.3CVSS6.2AI score0.02376EPSS
Exploits0References5
Amazon
Amazon
added 2022/10/21 12:0 a.m.37 views

Medium: java-17-amazon-corretto

Issue Overview: Title: Wider MultiByte conversions Buffer overflow is possible due to incorrect byte count should be character count. CVE-2022-21618 Title: Improve NTLM support writeSecurityBuffer writes a serialized security buffer to be used for NTLM auth. One of the fields that are serialized ...

5.3CVSS6.5AI score0.02376EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2022/04/14 9:20 p.m.8 views

CVE-2022-24846 Unchecked JNDI lookups in GeoWebCache

GeoWebCache is a tile caching server implemented in Java. The GeoWebCache disk quota mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. While in GeoWebCache the JNDI strings are provided via local...

9.1CVSS9.3AI score0.01218EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/14 12:0 a.m.7 views

GeoServer Input Validation Error Vulnerability

GeoServer is written in Java open source software server . GeoServer has an input validation error vulnerability that can be exploited by an attacker to perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and lead to arbitrary code execution...

7.2CVSS7.5AI score0.01465EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/04/14 12:0 a.m.5 views

GeoWebCache 代码问题漏洞

GeoWebCache is a Java Web application used to cache map slices from various sources, such as the OGC Web Map Service WMS. A code issue vulnerability exists in GeoWebCache that stems from a disk quota mechanism that can perform unchecked JNDI lookups, which in turn can be used to perform class...

9.1CVSS7.6AI score0.01218EPSS
Exploits0References2
Prion
Prion
added 2022/04/13 9:15 p.m.19 views

Deserialization of untrusted data

GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case,...

7.5CVSS7.2AI score0.02257EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/04/13 8:55 p.m.43 views

CVE-2022-24818 Unchecked JNDI lookups in GeoTools

GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case,...

8.2CVSS8.6AI score0.02257EPSS
Exploits0References2
CVE
CVE
added 2022/04/13 8:55 p.m.98 views

CVE-2022-24818

CVE-2022-24818 – GeoTools is an open‑source Java library for geospatial data. It is affected by unchecked JNDI lookups that can lead to class deserialization and arbitrary code execution when JNDI names are user‑provided. The vulnerability requires admin‑level login to trigger, and is mitigated b...

8.2CVSS7.5AI score0.02257EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/04/13 12:0 a.m.7 views

GeoTools 输入验证错误漏洞

GeoTools is an open source Java library. Provides tools for geospatial data. GeoTools suffers from an input validation error vulnerability that stems from the GeoTools library having a number of data sources that can perform JNDI lookups, which are used to perform class deserialization and lead t...

8.2CVSS7.6AI score0.02257EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/02/08 5:0 p.m.3 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

8.8CVSS7.4AI score0.61785EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/01/20 6:54 p.m.5 views

log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...

10CVSS7.9AI score0.99999EPSS
Exploits353References8
RedHat Linux
RedHat Linux
added 2022/01/20 9:26 a.m.4 views

log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...

10CVSS7.9AI score0.99999EPSS
Exploits353References8
The Hacker News
The Hacker News
added 2021/12/16 6:24 a.m.157 views

Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges

Web infrastructure company Cloudflare on Wednesday revealed that threat actors are actively attempting to exploit a second bug disclosed in the widely used Log4j logging utility, making it imperative that customers move quickly to install the latest version as a barrage of attacks continues to...

10CVSS1AI score0.99999EPSS
Exploits353
CERT
CERT
added 2021/12/15 12:0 a.m.1216 views

Apache Log4j allows insecure JNDI lookups

Overview Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j. CISA has published Apache Log4j Vulnerability Guidance and provides a Software List. Description Th...

10CVSS10AI score0.99999EPSS
Exploits354References22
Positive Technologies
Positive Technologies
added 2021/12/14 12:0 a.m.13 views

PT-2021-5369

Name of the Vulnerable Software and Affected Versions Apache Log4j2 versions 2.15.0 Apache Log4j2 versions prior to 2.16.0 Java 8 Apache Log4j2 versions prior to 2.12.2 Java 7 Description The issue is related to the deserialization of untrusted data in the Apache Log4j2 library, which can be...

9CVSS10AI score0.99977EPSS
Exploits40References171
Tenable Nessus
Tenable Nessus
added 2021/12/10 12:0 a.m.1239 views

Apache Log4j < 2.15.0 Remote Code Execution (Nix)

The version of Apache Log4j on the remote host is 2.x 2.3.1 / 2.4 2.12.2 / 2.13 2.15.0. It is, therefore, affected by a remote code execution vulnerability in the JDNI parser due to improper log validation. An unauthenticated, remote attacker can exploit this to bypass authentication and execute...

10CVSS8.8AI score0.99999EPSS
Exploits351References3
OSV
OSV
added 2019/03/23 10:45 a.m.7 views

OPENSUSE-SU-2019:0043-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk to version 8u191 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support bsc1112142 - CVE-2018-3139: Better HTTP Redirection bsc1112143 - CVE-2018-3149: Enhance JNDI lookups bsc1112144 - CVE-2018-3169: Improve field accesses...

9CVSS6.4AI score0.07215EPSS
Exploits3References18
Rows per page
Query Builder