513 matches found
SUSE CVE-2015-4733
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI...
SUSE CVE-2015-4860
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883...
SUSE CVE-2015-4883
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860...
SUSE CVE-2016-3087
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! exclamation mark operator to the REST Plugin...
SUSE CVE-2019-16942
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the commons-dbcp 1.4 jar in the classpath, and an attacker can find a...
CVE-2023-25141
Apache Sling JCR Base 3.1.12 has a critical injection vulnerability when running on old JDK versions JDK 1.8.191 or earlier through utility functions in RepositoryAccessor. The functions getRepository and getRepositoryFromURL allow an application to access data stored in a remote location via JDN...
Security Bulletin: RMI vulnerability in Java, as used with WebSphere eXtreme Scale
Abstract A security vulnerability in the Remote Method Invocation component of the Java Runtime Environment allows unauthenticated network attacks which can result in unauthorized operating system takeover including arbitrary code execution. Content VULNERABILITY DETAILS: CVE-2013-1537 A...
Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Control Center
Abstract A number of security vulnerabilities have been discovered in the Java Runtime Environment and the Cognos Business Intelligence components included in IBM SCC. Content CVE ID: CVE-2013-1557 DESCRIPTION: Unspecified vulnerability in the Java Runtime Environment JRE related to RMI Remote...
Apache OFBiz 代码问题漏洞
Apache OFBiz is an enterprise resource planning ERP system from the Apache Foundation. A code issue vulnerability exists in Apache OFBiz Solr plugin 18.12.05 and earlier, which stems from the default configuration of automatically issuing RMI requests on port 1099 on localhost, which can be...
Apache Geode 代码问题漏洞
A remote code execution vulnerability exists in Apache Geode, the Apache Foundation's management platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures, which stems from a vulnerability to untrusted data deserialization wh...
Cross-site Scripting in Apache Struts
Multiple Cross-Site Scripting XSS in XWork generated error pages in Apache Struts. By default, XWork doesn't escape action's names in automatically generated error page, allowing for a successful XSS attack. When Dynamic Method Invocation DMI is enabled, the action name is generated dynamically...
GHSA-56F8-G68R-J699 Cross-site Scripting in Apache Struts
Multiple Cross-Site Scripting XSS in XWork generated error pages in Apache Struts. By default, XWork doesn't escape action's names in automatically generated error page, allowing for a successful XSS attack. When Dynamic Method Invocation DMI is enabled, the action name is generated dynamically...
Code injection in Apache Struts
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors...
GHSA-J7H6-XR7G-M2C5 Code injection in Apache Struts
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors...
GHSA-6M68-3W55-6MX4 Apache Geode OQL method invocation vulnerability
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote cod...
Apache Struts RCE Vulnerability
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions...
Apache Struts vulnerable to arbitrary remote code execution due to improper input validation
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! exclamation mark operator to the REST Plugin...
GHSA-MMJ6-CJJ4-HPR5 Apache Struts vulnerable to arbitrary remote code execution due to improper input validation
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! exclamation mark operator to the REST Plugin...
GHSA-H7RX-R733-7X7R Sandbox bypass in Jenkins Script Security Plugin sandbox bypass
Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection...
DEBIAN-CVE-2021-42392
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various atta...