Total
155 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-51593 | 2024-05-03 | N/A | 9.8 CRITICAL | ||
Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Struts2 dependency. The issue results from the use of a library that is vulnerable to expression language injection. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22095. | |||||
CVE-2024-0715 | 2024-02-20 | N/A | 7.6 HIGH | ||
Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03. | |||||
CVE-2023-22665 | 1 Apache | 1 Jena | 2024-01-21 | N/A | 5.4 MEDIUM |
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query. | |||||
CVE-2023-41331 | 1 Sofastack | 1 Sofarpc | 2023-12-10 | N/A | 9.8 CRITICAL |
SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out dangerous classes encountered during the deserialization process. However, the blacklist is not comprehensive, and an actor can exploit certain native JDK classes and common third-party packages to construct gadget chains capable of achieving JNDI injection or system command execution attacks. Version 5.11.0 contains a fix for this issue. As a workaround, users can add `-Drpc_serialize_blacklist_override=javax.sound.sampled.AudioFileFormat` to the blacklist. | |||||
CVE-2022-42009 | 1 Apache | 1 Ambari | 2023-12-10 | N/A | 8.8 HIGH |
SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7. | |||||
CVE-2022-45855 | 1 Apache | 1 Ambari | 2023-12-10 | N/A | 8.8 HIGH |
SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7. | |||||
CVE-2022-4146 | 4 Hitachi, Linux, Microsoft and 1 more | 4 Replication Manager, Linux Kernel, Windows and 1 more | 2023-12-10 | N/A | 9.8 CRITICAL |
Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02. | |||||
CVE-2023-20863 | 1 Vmware | 1 Spring Framework | 2023-12-10 | N/A | 6.5 MEDIUM |
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | |||||
CVE-2023-32200 | 1 Apache | 1 Jena | 2023-12-10 | N/A | 8.8 HIGH |
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0. | |||||
CVE-2023-27821 | 1 Databasir | 1 Databasir | 2023-12-10 | N/A | 9.8 CRITICAL |
Databasir v1.0.7 was discovered to contain a remote code execution (RCE) vulnerability via the mockDataScript parameter. | |||||
CVE-2022-23504 | 1 Typo3 | 1 Typo3 | 2023-12-10 | N/A | 4.9 MEDIUM |
TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1. | |||||
CVE-2023-26092 | 1 Puzzle | 1 Liima | 2023-12-10 | N/A | 9.8 CRITICAL |
Liima before 1.17.28 allows server-side template injection. | |||||
CVE-2022-34466 | 1 Mendix | 1 Mendix | 2023-12-10 | 3.5 LOW | 6.5 MEDIUM |
A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 < V9.15), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.3). An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that can affect the running applications. The vulnerability could allow a malicious user to leak sensitive information in a certain configuration. | |||||
CVE-2022-23463 | 1 Nepxion | 1 Discovery | 2023-12-10 | N/A | 9.8 CRITICAL |
Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as java.lang.Runtime, leading to Remote Code Execution. There is no patch available for this issue at time of publication. There are no known workarounds. | |||||
CVE-2022-26134 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1. | |||||
CVE-2022-22980 | 1 Vmware | 1 Spring Data Mongodb | 2023-12-10 | 6.8 MEDIUM | 9.8 CRITICAL |
A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized. | |||||
CVE-2022-26111 | 1 Canon | 1 Irisnext | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server. | |||||
CVE-2022-24818 | 1 Geotools | 1 Geotools | 2023-12-10 | 7.5 HIGH | 7.2 HIGH |
GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case, the vulnerability can be triggered if the JNDI names are user-provided, but requires admin-level login to be triggered. The lookups are now restricted in GeoTools 26.4, GeoTools 25.6, and GeoTools 24.6. Users unable to upgrade should ensure that any downstream application should not allow usage of remotely provided JNDI strings. | |||||
CVE-2022-22947 | 2 Oracle, Vmware | 10 Commerce Guided Search, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Console and 7 more | 2023-12-10 | 6.8 MEDIUM | 10.0 CRITICAL |
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host. | |||||
CVE-2021-31805 | 1 Apache | 1 Struts | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation. |