Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
groovy vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2013-2760
Buffer overflow in Groovy Media Player 3.2.0 allows remote malicious users to execute arbitrary code via a long string in a .m3u file.
Bestwebsharing Groovy Media Player 3.2.0
1 EDB exploit
6.8
CVSSv2
CVE-2009-4931
Stack-based buffer overflow in Groovy Media Player 1.1.0 allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file.
Bestwebsharing Groovy Media Player 1.1.0
6.5
CVSSv2
CVE-2022-25173
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and previous versions uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on t...
Jenkins Pipeline\\ Groovy
6.5
CVSSv2
CVE-2022-25174
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and previous versions uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafte...
Jenkins Pipeline\\ Shared Groovy Libraries
6.5
CVSSv2
CVE-2022-25181
A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and previous versions allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a glo...
Jenkins Pipeline\\ Shared Groovy Libraries
6.5
CVSSv2
CVE-2022-25182
A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and previous versions allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pip...
Jenkins Pipeline\\ Shared Groovy Libraries
6.5
CVSSv2
CVE-2022-25183
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and previous versions uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Je...
Jenkins Pipeline\\ Shared Groovy Libraries
6.5
CVSSv2
CVE-2022-23616
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for an unprivileged user to perform a remote code execution by injecting a groovy script in her own profile and by calling the Reset pa...
Xwiki Xwiki 3.1
Xwiki Xwiki
6.5
CVSSv2
CVE-2021-23259
Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause malicious users to execute arbitrary commands remotely(RCE).
Craftercms Crafter Cms
6.5
CVSSv2
CVE-2021-32834
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerabilit...
Eclipse Keti -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »