In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable.
Upon returning from the initial checks, there are conditions that cause an ear
In onStart of BiometricEnrollIntroduction.java, there is a possible way to determine the device's location due to an unsafe PendingIntent. This could lead to local escalation of privilege with no addi
A weakness has been identified in joey-zhou xiaozhi-esp32-server-java up to 3.0.0. This impacts the function tryAuthenticateWithCookies of the file AuthenticationInterceptor.java of the component Cook
There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending craf
In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings.
A vulnerability classified as problematic was found in hailey888 oa_system up to 2025.01.01. This vulnerability affects the function loginCheck of the file cn/gson/oasys/controller/login/LoginsControl
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing.
The HttpURI class does insufficient validation o
In multiple locations, there is a possible permanent denial of service due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invok
In setGlobalProxy of DevicePolicyManagerService.java, there is a possible desync in persistence due to improper input validation. This could lead to local escalation of privilege with no additional ex
In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut due to a missing permission check. This could lead to local escalation of privilege in a privileged ap
Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for remote
In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition
In multiple functions of AccountManagerService.java, there is a possible way to bypass permissions and launch protected activities due to a race condition. This could lead to local escalation of privi
In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional executi
In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional executi
there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need
Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code lo
A local privilege escalation vulnerability in the SecuSUITE Server (System Configuration) of SecuSUITE versions 5.0.420 and earlier could allow a successful attacker that had gained control of code ru
In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. This could lead to local escalation of privilege with no addit
Page 1+ Next →