Lucene search
K

11 matches found

OSV
OSV
added 2026/05/01 12:30 p.m.5 views

GHSA-995C-6RP3-4M4X Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41409 Incomplete Fix)

The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a stat...

9.8CVSS5.8AI score0.00657EPSS
Exploits0References5
OSV
OSV
added 2026/05/01 12:30 p.m.6 views

GHSA-VF5J-865M-MQ7C Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41635 Incomplete Fix)

The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname...

9.8CVSS6AI score0.00902EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:27 a.m.5 views

SUSE CVE-2018-11760

When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1...

5.5CVSS6.6AI score0.00605EPSS
Exploits0References3
CNVD
CNVD
added 2020/09/03 12:0 a.m.10 views

Unspecified Vulnerability in VMware Spring Cloud Netflix

Spring Cloud Netflix is various Netflix OSS component integrations. A security vulnerability exists in VMware Spring Cloud Netflix versions 2.2.x prior to 2.2.4, 2.1.x prior to 2.1.6, and unsupported older versions, which can be exploited by an attacker to send requests to other servers...

6.5CVSS6.7AI score0.10214EPSS
Exploits0References1
Metasploit
Metasploit
added 2020/07/01 11:15 a.m.58 views

Directory Traversal in Spring Cloud Config Server

This module exploits an unauthenticated directory traversal vulnerability which exists in Spring Cloud Config versions 2.2.x prior to 2.2.3 and 2.1.x prior to 2.1.9, and older unsupported versions. Spring Cloud Config listens by default on port 8888. This module requires Metasploit:...

7.5CVSS7.8AI score0.95586EPSS
Exploits3
OSV
OSV
added 2020/06/05 4:11 p.m.24 views

GHSA-G86W-V5VG-9GXF Directory traversal attack in Spring Cloud Config

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...

6.5CVSS6.6AI score0.6876EPSS
Exploits0References3
Prion
Prion
added 2020/06/02 5:15 p.m.25 views

Directory traversal

Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...

5CVSS7.5AI score0.95586EPSS
Exploits3References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/10/23 12:0 a.m.5 views

PT-2019-7464 · Sandhills Development · Easy Digital Downloads

Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads EDD core component versions 1.8.x through 1.8.6 Easy Digital Downloads EDD core component versions 1.9.x through 1.9.9 Easy Digital Downloads EDD core component versions 2.0.x through 2.0.4 Easy Digital Downloads EDD co...

6.1CVSS6.1AI score0.00923EPSS
Exploits0References5
CNVD
CNVD
added 2019/07/12 12:0 a.m.3 views

Patchwork Cross-Site Scripting Vulnerability

Patchwork is a Web-based patch tracking management system. A cross-site scripting vulnerability exists in the template tag in Patchwork versions v1.1 through v2.1.x. The vulnerability stems from the lack of proper validation of client-side data in the WEB application, and can be exploited by an...

6.1CVSS6.4AI score0.01338EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.59 views

Spring Cloud Config 2.1.x - Path Traversal (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Config Server Directory Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability whi...

6.5CVSS6.7AI score0.85295EPSS
Exploits6
OSV
OSV
added 2019/02/07 6:2 p.m.3 views

GHSA-FVXV-9XXR-H7WJ Pyspark User Impersonation Vulnerability

When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1...

6.8CVSS6.4AI score0.00605EPSS
Exploits0References8
Rows per page
Query Builder