98 matches found
Information Disclosure
vaadin-bom is vulnerable to information disclosure. The OSGi integration allows an attacker to access application classes and resources on the server via a malicious HTTP request...
GHSA-25XC-JWFQ-39JW OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure
Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 Vaadin 12.0.0 through 14.4.9, and 6.0.0 through 6.0.1 Vaadin 19.0.0 allows attacker to access application classes and resources on the server via crafted HTTP request. -...
OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure
Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 Vaadin 12.0.0 through 14.4.9, and 6.0.0 through 6.0.1 Vaadin 19.0.0 allows attacker to access application classes and resources on the server via crafted HTTP request. -...
GHSA-J9WR-49VQ-RM5G Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19
Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 Vaadin 12.0.0 through 14.4.9, and 6.0.0 through 6.0.1 Vaadin 19.0.0 allows attacker to access application classes and resources on the server via crafted HTTP request. -...
Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19
Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 Vaadin 12.0.0 through 14.4.9, and 6.0.0 through 6.0.1 Vaadin 19.0.0 allows attacker to access application classes and resources on the server via crafted HTTP request. -...
PT-2021-19288 · Vaadin · Com.Vaadin:Flow-Server
Name of the Vulnerable Software and Affected Versions: com.vaadin:flow-server versions 1.2.0 through 2.4.7 com.vaadin:flow-server versions 6.0.0 through 6.0.1 Description: The issue allows an attacker to access application classes and resources on the server via a crafted HTTP request. This is du...
Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19
Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 Vaadin 12.0.0 through 14.4.9, and 6.0.0 through 6.0.1 Vaadin 19.0.0 allows attacker to access application classes and resources on the server via crafted HTTP request. See CWE-402: Transmission of Private...
Apache Unomi Remote Code Execution Vulnerability
Apache Unomi is a java open source client data platform that can be used on multiple systems to manage user profiles and the data associated with that profile, Unomi was announced as a top Apache project in 2019. Since Apache Unomi is built as an OSGi application running in Apache Karaf, it is...
[SECURITY] Fedora 32 Update: eclipse-ecf-3.14.8-4.fc32
ECF is a set of frameworks for building communications into applications and services. It provides a lightweight, modular, transport-independent, fully compliant implementation of the OSGi Remote Services standard...
MGASA-2019-0399 Updated apache-commons-beanutils packages fix security vulnerability
Updated apache-commons-beanutils packages fix security vulnerability: In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were...
Updated apache-commons-beanutils packages fix security vulnerability
Updated apache-commons-beanutils packages fix security vulnerability: In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were...
openSUSE Security Update : tomcat (openSUSE-2018-1129)
This update for tomcat to version 9.0.10 fixes the following issues : Security issues fixed : - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service bsc1102400. -...
Design/Logic Flaw
A vulnerability in the Open Systems Gateway initiative OSGi interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability b...
CVE-2018-0377
A vulnerability in the Open Systems Gateway initiative OSGi interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability b...
CVE-2018-0377
A vulnerability in the Open Systems Gateway initiative OSGi interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability b...
CVE-2018-0377
A vulnerability in the Open Systems Gateway initiative OSGi interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability b...
CVE-2018-0377
Cisco Policy Suite CVE-2018-0377 concerns an unauthenticated access vulnerability in the OSGi interface prior to release 18.1.0. Root cause: lack of authentication on the OSGi interface, enabling remote connections that could read or modify files accessible to the OSGi process. Impact per sources...
Cisco Policy Suite OSGi Interface Unauthenticated Access Vulnerability
A vulnerability in the Open Systems Gateway initiative OSGi interface of Cisco Policy Suite could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly...
WSO2 Carbon / WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Stored XSS Vulnerabilities product: WSO2 Carbon, WSO2 Dashboard Server vulnerable version: WSO2 Identity Server 5.3.0 fixed version: WSO2 Identity Server 5.5.0 C...
Eclipse Equinoxe OSGi Console - Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' class MetasploitModule 'Eclipse Equinoxe OSGi Console Command Execution', 'Description' = %q Exploit Eclipse Equinoxe OSGi Open Service Gateway initiati...