Security
Headlines
HeadlinesLatestCVEs

Tag

#java

CVE-2023-26121: Snyk Vulnerability Database | Snyk

All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content.

CVE
Open in Source
#vulnerability#dos#java#rce
CVE-2023-26458

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system.

CVE-2023-24721: CVE/CVE-2023-24721.md at main · marcovntr/CVE

A cross-site scripting (XSS) vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary web scripts or HTML.

CVE-2018-25084: Added html escaping to help with XSS. Added frame busting to help wit… · pingidentity/ssam@f64b10d

A vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service Account Manager 1.1.2. Affected by this issue is some unknown functionality of the file src/main/java/com/unboundid/webapp/ssam/SSAMController.java. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.1.3 is able to address this issue. The name of the patch is f64b10d63bb19ca2228b0c2d561a1a6e5a3bf251. It is recommended to upgrade the affected component. VDB-225362 is the identifier assigned to this vulnerability.

Red Hat Security Advisory 2023-1549-01

Red Hat Security Advisory 2023-1549-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Roxy Fileman 1.4.5 Shell Upload

Roxy Fileman versions 1.4.5 and below for .NET suffer from a remote shell upload vulnerability.

Goanywhere Encryption Helper 7.1.1 Remote Code Execution

Goanywhere Encryption Helper version 7.1.1 suffers from a remote code execution vulnerability.

Palo Alto Cortex XSOAR 6.5.0 Cross Site Scripting

Palo Alto Cortex XSOAR version 6.5.0 suffers from a persistent cross site scripting vulnerability.

CVE-2023-26919: When allowExitFunctions is set to false, we can use the loadWithNewGlobal function to invoke the exit and quit methods to exit the Java process. · Issue #135 · javadelight/delight-nashorn-sandbox

delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions is set to false, the loadWithNewGlobal function can be used to invoke the exit and quit methods to exit the Java process.

CVE-2022-41976: Scada-LTS

An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 build 2948559113 allows remote attackers, authenticated in the application as a low-privileged user to change role (e.g., to administrator) by updating their user profile.