RHEL 7 : java-1.7.1-ibm (RHSA-2022:4957)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4957 advisory. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IB...

OSV-2022-458 Uncaught exception in com.ctc.wstx.dtd.FullDTDReader.readContentSpec

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47797 Crash type: Uncaught exception Crash state: com.ctc.wstx.dtd.FullDTDReader.readContentSpec java.base/java.util.HashMap.get com.ctc.wstx.dtd.FullDTDReader.findSharedName...

Denial of Service on embed2 servlet

Description The application stores a 5MB file in a hashmap variable using a user input as a key, with a large number of requests its possible to increase the memory usage of the application and deny the access to embed2.js stencils resource Proof of Concept import requests...

Deserialization exploitation in Apache Dubbo

A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in the classes stored...

GHSA-74MG-6XQX-2VRQ Deserialization exploitation in Apache Dubbo

A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in the classes stored...

Mozilla Rust Denial of Service Vulnerability (CNVD-2022-04515)

Rust, a general-purpose, compiled programming language from the Mozilla Foundation, has a security vulnerability in versions prior to Rust ckb crate 0.40.0 that stems from an inability to allocate memory for misbehavior HashMap. An attacker could exploit this vulnerability to cause a denial of...

CVE-2021-45699

An issue was discovered in the ckb crate before 0.40.0 for Rust. Remote attackers may be able to conduct a 51% attack against the Nervos CKB blockchain by triggering an inability to allocate memory for the misbehavior HashMap...

Ubuntu: Security Advisory (USN-5202-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5202-1: OpenJDK vulnerabilities

Varnavas Papaioannou discovered that the FTP client implementation in OpenJDK accepted alternate server IP addresses when connecting with FTP passive mode. An attacker controlling an FTP server that an application connects to could possibly use this to expose sensitive information rudimentary por...

Important: Red Hat Security Advisory: OpenJDK 17.0.1 security update for Windows Builds

The Red Hat Build of OpenJDK 17 java-17-openjdk is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Utility. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

Important: Red Hat Security Advisory: java-17-openjdk security update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Utility. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

RLSA-2021:4135 Important: java-17-openjdk security update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation Libraries, 8266689 CVE-2021-35567 OpenJDK: Excessive memory allocation i...

Important: java-17-openjdk security update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation Libraries, 8266689 CVE-2021-35567 OpenJDK: Excessive memory allocation i...

OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Utility. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

OSV-2021-1478 Uncaught exception in com.alibaba.fastjson.parser.DefaultJSONParser.parseObject

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40208 Crash type: Uncaught exception Crash state: com.alibaba.fastjson.parser.DefaultJSONParser.parseObject java.base/java.util.HashMap.tableSizeFor java.base/java.util.HashMap...

RHEL 8 : java-11-openjdk (RHSA-2021:3891)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3891 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixe...

RHEL 8 : java-1.8.0-openjdk (RHSA-2021:3885)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3885 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

RHEL 7 : java-11-openjdk (RHSA-2021:3892)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3892 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixe...