Topic

Java

A collection of 62 issues

CVE-2020-15338 The Zyxel CloudCNM SecuManager has a "Use of GET Request Method With Sensitive Query Strings" issue. This issue may be exploited by attackers to access sensitive information.

In these cases, the server may return a different response code than expected. This issue occurs when the GET request method is used with a query string that contains a "specially-crafted word." For example: GET /cnr?s=password In these cases, the server may return a different response code than

CVE-2022-40083 The Echo CMS v4.8.0 had an open redirect vulnerability in the Static Handler component.

SSRF is a type of attack where the attacker tricks the victim’s web application into executing a command on the server. The command can be as simple as clicking a malicious link, or can be as complex as accessing a file on the server. To exploit this issue, an

CVE-2022-33681 Vulnerable to a man in the middle attack due to delayed hostname verification in the Pulsar Java Client and the Pulsar Proxy.

via man-in-the-middle attacks. We encourage clients to manually validate TLS certificates against the expected hostname before accepting connections. Additionally, we recommend clients limit access to the network to only trusted hosts. If an attacker can directly access the network between the client and the server, then the attacker can take

CVE-2022-37021 Apache Geode versions 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization flaw when using JMX over RMI on Java 8.

The serial filter is enabled by default on all new installations of Apache Geode. Users who wish to avoid any possible data attack on existing applications may turn off the serial filter by specifying "--J=-Dgeode.enableGlobalSerialFilter=false" when starting Apache Geode. Apache Geode 1.15 and above now supports

CVE-2022-37023 Apache Geode is vulnerable to a deserialization flaw when using REST API on Java 8 or 11.

Apache Geode 1.15.0 and later releases no longer support the deprecated "spring-data-jpa" dependency. Apache Geode 1.15 and later releases no longer support the deprecated "spring-data-jpa" dependency. Apache Geode 1.15.0 and later releases are vulnerable to a denial of service flaw when using REST APIs on

CVE-2022-37022 Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization flaw when using JMX over RMI on Java 11.

Apache Geode 1.15 was released on May 23, 2019. Apache Geode 1.15 is not yet available on any release channels. You can install 1.15 by downloading the latest release from the Geode Downloads page on our website and following the instructions in the installation guide. Apache Geode

CVE-2022-1869 Confusion in V8 allowed a remote attacker to exploit heap corruption.

This issue did not affect most users, as the browser tried to prevent this by performing strict type enforcement. However, since the type system was not complete, there was a small window where a user could execute arbitrary code. In the released versions of Google Chrome, updated address sanitization rules

CVE-2022-24405 The Oracle JDK 7.10.6 through 7.10.8 has a flaw that can be used to make OS Command Injection attacks on the Documentconverter API.

CVE-2018-7704 A remote code execution vulnerability exists in the way the OS X App Suite Java SDK honors XML input. An attacker can send specially crafted XML data to the affected system, which can result in remote code execution. This update addresses the CVE to ensure that the OS X

CVE-2022-1310 An after free bug in Google Chrome prior to version 100 allowed a remote attacker to exploit heap corruption.

CVE-2015-5237 was discovered in Google Chrome prior to version 40.0.2214.111. This vulnerability is known as "stale pointer vulnerability" because it allows an attacker to bypass the same-origin policy and perform actions that weren't allowed. This issue was addressed by improving the error message displayed when invalid data

CVE-2022-26138 The Atlassian Questions app creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password.

Upgrading to a newer version of the app with a different bugfix or feature might also create this user account, and it is recommended to create a new Confluence user account when upgrading. However, the app is not installed on all servers, and the server configurations might vary slightly. In