Lucene search
K

15 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-5362

Malicious code in bioql PyPI...

8.1CVSS8.5AI score0.02547EPSS
Exploits1References13
OSV
OSV
added 2022/05/13 1:2 a.m.24 views

GHSA-VHRG-V3CV-P247 Deserialization of Untrusted Data in Spring Security

An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by...

8.1CVSS8.3AI score0.02547EPSS
Exploits1References9
CNVD
CNVD
added 2022/04/24 12:0 a.m.30 views

Pivotal Spring Security Oauth Resource Management Error Vulnerability

A resource management error vulnerability exists in Pivotal Spring Security OAuth, a login system from Pivotal, Inc. that provides support for adding OAuth1 and OAuth2 functionality to Spring Web applications. The vulnerability stems from improper handling of a large number of message requests. A...

4CVSS2.2AI score0.01234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/12 2:42 p.m.52 views

Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)

Summary There are multiple vulnerabilities identified in IBM Guardium Data Encryption GDE. These vulnerabilities have been fixed in GDE 4.0.0.4. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2017-7957 DESCRIPTION: XStream is vulnerable to a denial of service,...

10CVSS1.3AI score0.77245EPSS
Exploits18Affected Software1
CNVD
CNVD
added 2018/05/15 12:0 a.m.5 views

Pivotal Spring Security and Spring Framework Elevation of Privilege Vulnerability

Pivotal Spring Security and Spring Framework are both products of Pivotal Software, Inc.Pivotal Spring Security is a set of security frameworks that provide illustrative security protection for Spring-based applications.Spring Framework Spring Framework is a set of open source Java, Java EE...

8.8CVSS6.9AI score0.02427EPSS
Exploits0References1
Prion
Prion
added 2017/11/27 10:29 a.m.21 views

Deserialization of untrusted data

An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by...

6.8CVSS8.3AI score0.02547EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2017/11/27 10:29 a.m.23 views

CVE-2017-4995

An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by...

8.1CVSS8.4AI score0.02547EPSS
Exploits1References5
OSV
OSV
added 2017/11/27 10:29 a.m.19 views

CVE-2017-4995

An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by...

8.1CVSS7.7AI score0.02547EPSS
Exploits1References5
Cvelist
Cvelist
added 2017/11/27 10:0 a.m.20 views

CVE-2017-4995

An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by...

8.4AI score0.02547EPSS
Exploits1References5
CVE
CVE
added 2017/11/27 10:0 a.m.81 views

CVE-2017-4995

CVE-2017-4995 describes a deserialization vulnerability in Pivotal Spring Security 4.2.0.RELEASE–4.2.2.RELEASE and Spring Security 5.0.0.M1 when Jackson default typing is enabled. If Spring Security’s Jackson support is leveraged (SecurityJackson2Modules.getModules(ClassLoader) or enableDefaultTy...

8.1CVSS8.3AI score0.02547EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2017/01/06 10:59 p.m.20 views

Design/Logic Flaw

An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to...

5CVSS6.6AI score0.01416EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2017/01/06 10:59 p.m.32 views

CVE-2016-9879

An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to...

7.5CVSS7.4AI score0.01416EPSS
Exploits0References3
OSV
OSV
added 2017/01/06 10:59 p.m.25 views

CVE-2016-9879

An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to...

7.5CVSS6.4AI score0.01416EPSS
Exploits0References3
CVE
CVE
added 2017/01/06 10:0 p.m.113 views

CVE-2016-9879

CVE-2016-9879 affects Spring Security 3.2.x/4.1.x/4.2.x prior to fixed versions. The root cause is how path parameters are handled in the Servlet API: getPathInfo() may include encoded "/" characters, allowing an attacker to bypass security constraints when a request contains a path parameter wit...

7.5CVSS7.3AI score0.01416EPSS
Exploits0References3Affected Software1
Check Point Advisories
Check Point Advisories
added 2016/11/20 12:0 a.m.47 views

Pivotal Spring Security OAuth SpelView Code Execution (CVE-2016-4977)

A remote code execution vulnerability exists in Pivotal Spring Security OAuth. The vulnerability is caused when processing authorization requests using the whitelabel views and when the responsetype parameter value is executed as Spring SpEL. This enables a malicious user to trigger remote code...

6.5CVSS3.5AI score0.79176EPSS
Exploits1
Rows per page
Query Builder