Lucene search
+L

98 matches found

Veracode
Veracode
added 2021/04/20 8:8 a.m.32 views

Information Disclosure

vaadin-bom is vulnerable to information disclosure. The OSGi integration allows an attacker to access application classes and resources on the server via a malicious HTTP request...

8.6CVSS2.1AI score0.02382EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/04/19 2:50 p.m.2 views

GHSA-25XC-JWFQ-39JW OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure

Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 Vaadin 12.0.0 through 14.4.9, and 6.0.0 through 6.0.1 Vaadin 19.0.0 allows attacker to access application classes and resources on the server via crafted HTTP request. -...

8.6CVSS7.1AI score0.02382EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2021/04/19 2:50 p.m.58 views

OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure

Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 Vaadin 12.0.0 through 14.4.9, and 6.0.0 through 6.0.1 Vaadin 19.0.0 allows attacker to access application classes and resources on the server via crafted HTTP request. -...

8.6CVSS4.1AI score0.02382EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2021/04/19 2:46 p.m.22 views

GHSA-J9WR-49VQ-RM5G Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19

Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 Vaadin 12.0.0 through 14.4.9, and 6.0.0 through 6.0.1 Vaadin 19.0.0 allows attacker to access application classes and resources on the server via crafted HTTP request. -...

8.6CVSS7.8AI score0.02382EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/04/19 2:46 p.m.48 views

Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19

Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 Vaadin 12.0.0 through 14.4.9, and 6.0.0 through 6.0.1 Vaadin 19.0.0 allows attacker to access application classes and resources on the server via crafted HTTP request. -...

8.6CVSS4.2AI score0.02382EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2021/04/19 12:0 a.m.6 views

PT-2021-19288 · Vaadin · Com.Vaadin:Flow-Server

Name of the Vulnerable Software and Affected Versions: com.vaadin:flow-server versions 1.2.0 through 2.4.7 com.vaadin:flow-server versions 6.0.0 through 6.0.1 Description: The issue allows an attacker to access application classes and resources on the server via a crafted HTTP request. This is du...

8.6CVSS7.4AI score0.02382EPSS
Exploits0References13
Vaadin
Vaadin
added 2021/03/29 12:0 a.m.44 views

Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19

Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 Vaadin 12.0.0 through 14.4.9, and 6.0.0 through 6.0.1 Vaadin 19.0.0 allows attacker to access application classes and resources on the server via crafted HTTP request. See CWE-402: Transmission of Private...

8.6CVSS0.9AI score0.02382EPSS
Exploits0References3Affected Software2
CNVD
CNVD
added 2020/11/23 12:0 a.m.7 views

Apache Unomi Remote Code Execution Vulnerability

Apache Unomi is a java open source client data platform that can be used on multiple systems to manage user profiles and the data associated with that profile, Unomi was announced as a top Apache project in 2019. Since Apache Unomi is built as an OSGi application running in Apache Karaf, it is...

9.8CVSS8.2AI score0.68398EPSS
Exploits9References1
Fedora
Fedora
added 2020/08/31 3:50 p.m.28 views

[SECURITY] Fedora 32 Update: eclipse-ecf-3.14.8-4.fc32

ECF is a set of frameworks for building communications into applications and services. It provides a lightweight, modular, transport-independent, fully compliant implementation of the OSGi Remote Services standard...

9.4CVSS2.8AI score0.11138EPSS
Exploits0
OSV
OSV
added 2019/12/19 1:44 p.m.19 views

MGASA-2019-0399 Updated apache-commons-beanutils packages fix security vulnerability

Updated apache-commons-beanutils packages fix security vulnerability: In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were...

7.5CVSS7.3AI score0.28839EPSS
Exploits1References3
Mageia
Mageia
added 2019/12/19 1:44 p.m.206 views

Updated apache-commons-beanutils packages fix security vulnerability

Updated apache-commons-beanutils packages fix security vulnerability: In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were...

7.5CVSS3.3AI score0.28839EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2018/10/09 12:0 a.m.56 views

openSUSE Security Update : tomcat (openSUSE-2018-1129)

This update for tomcat to version 9.0.10 fixes the following issues : Security issues fixed : - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service bsc1102400. -...

9.8CVSS7.8AI score0.21979EPSS
Exploits0References10
Prion
Prion
added 2018/07/18 11:29 p.m.20 views

Design/Logic Flaw

A vulnerability in the Open Systems Gateway initiative OSGi interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability b...

7.5CVSS9.3AI score0.02725EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2018/07/18 11:29 p.m.19 views

CVE-2018-0377

A vulnerability in the Open Systems Gateway initiative OSGi interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability b...

9.8CVSS9.4AI score0.02725EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2018/07/18 11:0 p.m.12 views

CVE-2018-0377

A vulnerability in the Open Systems Gateway initiative OSGi interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability b...

6.9AI score0.02725EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/07/18 11:0 p.m.20 views

CVE-2018-0377

A vulnerability in the Open Systems Gateway initiative OSGi interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability b...

9.4AI score0.02725EPSS
Exploits0References2
CVE
CVE
added 2018/07/18 11:0 p.m.61 views

CVE-2018-0377

Cisco Policy Suite CVE-2018-0377 concerns an unauthenticated access vulnerability in the OSGi interface prior to release 18.1.0. Root cause: lack of authentication on the OSGi interface, enabling remote connections that could read or modify files accessible to the OSGi process. Impact per sources...

9.8CVSS9.2AI score0.02725EPSS
Exploits0References2Affected Software2
Cisco
Cisco
added 2018/07/18 4:0 p.m.112 views

Cisco Policy Suite OSGi Interface Unauthenticated Access Vulnerability

A vulnerability in the Open Systems Gateway initiative OSGi interface of Cisco Policy Suite could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly...

9.8CVSS1.9AI score0.02725EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2018/04/24 12:0 a.m.67 views

WSO2 Carbon / WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Stored XSS Vulnerabilities product: WSO2 Carbon, WSO2 Dashboard Server vulnerable version: WSO2 Identity Server 5.3.0 fixed version: WSO2 Identity Server 5.5.0 C...

5.4CVSS5.5AI score0.39332EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/03/12 12:0 a.m.34 views

Eclipse Equinoxe OSGi Console - Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' class MetasploitModule 'Eclipse Equinoxe OSGi Console Command Execution', 'Description' = %q Exploit Eclipse Equinoxe OSGi Open Service Gateway initiati...

7.4AI score
Exploits0
Rows per page
Query Builder