Lucene search
K

36 matches found

RedHat Linux
RedHat Linux
added 2026/05/18 12:24 p.m.19 views

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

9.8CVSS8AI score0.00812EPSS
Exploits1References8
OSV
OSV
added 2026/05/08 5:44 a.m.10 views

BIT-JRE-2022-21624

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

3.7CVSS6.7AI score0.01401EPSS
Exploits0References10
OSV
OSV
added 2026/02/26 1:16 a.m.5 views

UBUNTU-CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS7.5AI score0.00534EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2007-4347

Malware in sbrugna...

8.5CVSS6.4AI score0.02825EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2010-3544

Malware in sbrugna...

5CVSS8.5AI score0.02999EPSS
Exploits0References49
RedhatCVE
RedhatCVE
added 2025/05/23 4:55 a.m.11 views

CVE-2023-24527

SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will...

5.3CVSS7AI score0.00452EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/04/15 12:0 a.m.8 views

RHEL 6 : jbossas-web and jboss-naming (RHSA-2012:1027)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1027 advisory. JBoss Application Server is the base package for JBoss Enterprise Web Platform, providing the core server components. The Java Naming and...

7.5CVSS5.7AI score0.03521EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2023/05/11 12:0 a.m.36 views

SAP NetWeaver AS Java Improper Access Control (May 2023)

SAP NetWeaver Application Server for Java is affected by improper access control vulnerability. An unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization...

9.1CVSS8.2AI score0.00624EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/05/09 1:36 a.m.42 views

CVE-2023-30744 Improper access control during application start-up in SAP AS NetWeaver JAVA.

In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and...

8.2CVSS9.4AI score0.00624EPSS
Exploits0References2
CNVD
CNVD
added 2023/03/16 12:0 a.m.23 views

SAP NetWeaver AS Java Licensing Issue Vulnerability (CNVD-2023-28121)

SAP NetWeaver AS Java is a German SAP SAP company provides a Java runtime environment for the application server. The product is mainly used to develop and run Java EE applications. An authorization issue vulnerability exists in SAP NetWeaver AS Java version 7.50, which stems from a failure to...

5.9AI score0.00445EPSS
Exploits0Affected Software1
NVD
NVD
added 2023/03/14 5:15 a.m.34 views

CVE-2023-27268

SAP NetWeaver AS Java Object Analyzing Service - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify...

5.3CVSS5.5AI score0.00445EPSS
Exploits0References2
NVD
NVD
added 2023/03/14 5:15 a.m.74 views

CVE-2023-23857

Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services...

9.9CVSS9.5AI score0.00544EPSS
Exploits0References2
Prion
Prion
added 2023/03/14 5:15 a.m.29 views

Authorization

SAP NetWeaver AS Java Object Analyzing Service - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify...

5CVSS5.6AI score0.00445EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/02/14 1:15 p.m.3 views

CVE-2023-25141

Apache Sling JCR Base 3.1.12 has a critical injection vulnerability when running on old JDK versions JDK 1.8.191 or earlier through utility functions in RepositoryAccessor. The functions getRepository and getRepositoryFromURL allow an application to access data stored in a remote location via JDN...

7.5CVSS5.8AI score0.0116EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/10/20 10:18 a.m.5 views

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

3.7CVSS7.2AI score0.01401EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/10/19 10:24 p.m.4 views

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

3.7CVSS7.2AI score0.01401EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/04/25 2:0 p.m.3 views

OpenJDK: URI parsing inconsistencies (JNDI, 8278972)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

5.3CVSS7.4AI score0.02805EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/02/08 12:52 p.m.4 views

log4j-core: remote code execution via JDBC Appender

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a dat...

8.5CVSS7.5AI score0.97906EPSS
Exploits9References5
OSV
OSV
added 2020/10/21 3:15 p.m.2 views

DEBIAN-CVE-2020-14781

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

3.7CVSS5.7AI score0.02296EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2018/11/16 12:53 a.m.142 views

USN-3824-1: OpenJDK 7 vulnerabilities

It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...

8.3CVSS7AI score0.07215EPSS
Exploits2
Rows per page
Query Builder