Total
29 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2331 | 1 Macromedia | 1 Coldfusion | 2024-11-20 | 2.1 LOW | 5.5 MEDIUM |
| ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag. | |||||
| CVE-2024-7059 | 2024-11-09 | N/A | 8.0 HIGH | ||
| A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line. | |||||
| CVE-2023-6943 | 1 Mitsubishielectric | 10 Ezsocket, Fr Configurator2, Got1000 and 7 more | 2024-11-01 | N/A | 9.8 CRITICAL |
| Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products. | |||||
| CVE-2023-35680 | 1 Google | 1 Android | 2024-10-29 | N/A | 5.5 MEDIUM |
| In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-8048 | 1 Progress | 1 Telerik Reporting | 2024-10-15 | N/A | 7.8 HIGH |
| In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation. | |||||
| CVE-2024-8015 | 1 Progress | 1 Telerik Report Server | 2024-10-15 | N/A | 7.2 HIGH |
| In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. | |||||
| CVE-2024-8014 | 1 Progress | 1 Telerik Reporting | 2024-10-15 | N/A | 8.8 HIGH |
| In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability. | |||||
| CVE-2024-6096 | 1 Progress | 1 Telerik Reporting | 2024-07-26 | N/A | 9.8 CRITICAL |
| In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability. | |||||
| CVE-2024-1574 | 2024-07-05 | N/A | 6.7 MEDIUM | ||
| Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system. | |||||
| CVE-2024-28121 | 2024-03-13 | N/A | 8.8 HIGH | ||
| stimulus_reflex is a system to extend the capabilities of both Rails and Stimulus by intercepting user interactions and passing them to Rails over real-time websockets. In affected versions more methods than expected can be called on reflex instances. Being able to call some of them has security implications. To invoke a reflex a websocket message of the following shape is sent: `\"target\":\"[class_name]#[method_name]\",\"args\":[]`. The server will proceed to instantiate `reflex` using the provided `class_name` as long as it extends `StimulusReflex::Reflex`. It then attempts to call `method_name` on the instance with the provided arguments. This is problematic as `reflex.method method_name` can be more methods that those explicitly specified by the developer in their reflex class. A good example is the instance_variable_set method. This vulnerability has been patched in versions 3.4.2 and 3.5.0.rc4. Users unable to upgrade should: see the backing GHSA advisory for mitigation advice. | |||||
| CVE-2024-0200 | 1 Github | 1 Enterprise Server | 2024-02-28 | N/A | 9.8 CRITICAL |
| An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2023-34102 | 1 Avohq | 1 Avo | 2024-02-28 | N/A | 8.8 HIGH |
| Avo is an open source ruby on rails admin panel creation framework. The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected behavior, remote code execution, or application crashes when viewing a manipulated record. This issue has been addressed in commit `ec117882d` which is expected to be included in subsequent releases. Users are advised to limit access to untrusted users until a new release is made. | |||||
| CVE-2023-33652 | 1 Sitecore | 1 Experience Platform | 2024-02-28 | N/A | 8.8 HIGH |
| Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx. | |||||
| CVE-2023-32217 | 1 Sailpoint | 1 Identityiq | 2024-02-28 | N/A | 8.8 HIGH |
| IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath. | |||||
| CVE-2023-37207 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-02-28 | N/A | 6.5 MEDIUM |
| A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. | |||||
| CVE-2023-0460 | 1 Google | 1 Youtube Android Player Api | 2024-02-28 | N/A | 7.3 HIGH |
| The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY. This allows the client app to remotely load code from YouTube Main App by retrieving the Main App’s ClassLoader. A potential vulnerability in the binding logic used by the client SDK where the SDK ends up calling bindService() on a malicious app rather than YT Main App. This creates a vulnerability where the SDK can load the malicious app’s ClassLoader instead, allowing the malicious app to load arbitrary code into the calling app whenever the embedded SDK is invoked. In order to trigger this vulnerability, an attacker must masquerade the Youtube app and install it on a device, have a second app that uses the Embedded player and typically distribute both to the victim outside of the Play Store. | |||||
| CVE-2022-26469 | 2 Google, Mediatek | 43 Android, Mt6580, Mt6735 and 40 more | 2024-02-28 | N/A | 7.8 HIGH |
| In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07216598; Issue ID: ALPS07216598. | |||||
| CVE-2022-30287 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-02-28 | N/A | 8.0 HIGH |
| Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects. | |||||
| CVE-2021-31522 | 1 Apache | 1 Kylin | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Kylin can receive user input and load any class through Class.forName(...). This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions. | |||||
| CVE-2021-32647 | 1 Nsa | 1 Emissary | 2024-02-28 | 6.5 MEDIUM | 9.1 CRITICAL |
| Emissary is a P2P based data-driven workflow engine. Affected versions of Emissary are vulnerable to post-authentication Remote Code Execution (RCE). The [`CreatePlace`](https://github.com/NationalSecurityAgency/emissary/blob/30c54ef16c6eb6ed09604a929939fb9f66868382/src/main/java/emissary/server/mvc/internal/CreatePlaceAction.java#L36) REST endpoint accepts an `sppClassName` parameter which is used to load an arbitrary class. This class is later instantiated using a constructor with the following signature: `<constructor>(String, String, String)`. An attacker may find a gadget (class) in the application classpath that could be used to achieve Remote Code Execution (RCE) or disrupt the application. Even though the chances to find a gadget (class) that allow arbitrary code execution are low, an attacker can still find gadgets that could potentially crash the application or leak sensitive data. As a work around disable network access to Emissary from untrusted sources. | |||||