Lucene search
K

935 matches found

Redos
Redos
added 2024/05/24 12:0 a.m.35 views

ROS-20240424-01

A vulnerability in the ImageIO component of Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service A vulnerability ...

7.5CVSS7.3AI score0.14839EPSS
Exploits0
OSV
OSV
added 2024/05/01 4:40 p.m.29 views

GHSA-CHFM-68VV-PVW5 XMLUnit for Java has Insecure Defaults when Processing XSLT Stylesheets

Impact When performing XSLT transformations XMLUnit for Java did not disable XSLT extension functions by default. Depending on the XSLT processor being used this could allow arbitrary code to be executed when XMLUnit is used to transform data with a stylesheet who's source can not be trusted. If...

4CVSS7.9AI score0.00216EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/05/01 4:40 p.m.76 views

XMLUnit for Java has Insecure Defaults when Processing XSLT Stylesheets

Impact When performing XSLT transformations XMLUnit for Java did not disable XSLT extension functions by default. Depending on the XSLT processor being used this could allow arbitrary code to be executed when XMLUnit is used to transform data with a stylesheet who's source can not be trusted. If...

4CVSS8.1AI score0.00216EPSS
Exploits0References5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/12 5:37 p.m.25 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to Java SE (CVE-2022-21426)

Summary IBM Sterling Partner Engagement Manager uses Java SE. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated...

5.3CVSS6AI score0.03203EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.14 views

Fedora: Security Advisory for xml-commons-apis (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02578EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.16 views

Fedora: Security Advisory for jaxb-istack-commons (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02578EPSS
Exploits3References2
Fedora
Fedora
added 2024/03/07 10:33 p.m.22 views

[SECURITY] Fedora 40 Update: xml-commons-apis-1.4.01-46.fc40

xml-commons-apis is designed to organize and have common packaging for the various externally-defined standard interfaces for XML. This includes the DOM, SAX, and JAXP...

8.8CVSS6.8AI score0.02578EPSS
Exploits3
Fedora
Fedora
added 2024/03/07 10:33 p.m.24 views

[SECURITY] Fedora 40 Update: jaxb-istack-commons-4.2.0-8.fc40

Code shared between JAXP, JAXB, SAAJ, and JAX-WS projects...

8.8CVSS7AI score0.02578EPSS
Exploits3
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/11 2:3 p.m.20 views

Security Bulletin: CVE-2022-21426 may affect IBM® SDK, Java™ Technology Edition shipped with IBM TXSeries for Multiplatforms

Summary CVE-2022-21426 may affect IBM® SDK, Java™ Technology Edition shipped with IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP...

5.3CVSS5.9AI score0.03203EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/12/22 12:0 a.m.35 views

CentOS 7 : java-1.8.0-ibm (RHSA-2023:3136)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3136 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affecte...

5.3CVSS6.4AI score0.03203EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.42 views

Rocky Linux 8 : java-11-openjdk (RLSA-2022:1442)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1442 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected...

7.5CVSS6.2AI score0.04046EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.31 views

Rocky Linux 8 : java-1.8.0-openjdk (RLSA-2022:0307)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0307 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are...

5.3CVSS6.1AI score0.08346EPSS
Exploits0References26
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.27 views

Rocky Linux 8 : java-17-openjdk (RLSA-2022:0161)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0161 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are...

5.3CVSS6.1AI score0.08346EPSS
Exploits0References31
OSV
OSV
added 2023/10/20 11:6 a.m.6 views

OESA-2023-1746 xerces-j2 security update

Security Fixes: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attack...

5.3CVSS6.8AI score0.15141EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.26 views

Oracle Linux 8 : java-1.8.0-openjdk (ELSA-2019-3134)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3134 advisory. 1:1.8.0.232.b09-0 - Update to aarch64-shenandoah-jdk8u232-b09. - Switch to GA mode for final release. - Remove PR1834/RH1022017 which is now handled by...

6.8CVSS6.7AI score0.03749EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.25 views

Oracle Linux 8 : java-11-openjdk (ELSA-2019-3135)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3135 advisory. 1:11.0.5.10-0.0.1 - link atomic for ix86 build Livy Ge 1:11.0.5.10-0 - Update to shenandoah-jdk-11.0.5+10 GA - Switch to GA mode for final release. -...

6.8CVSS6.7AI score0.03749EPSS
Exploits0References16
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/05 1:36 p.m.24 views

Security Bulletin: A vulnerability found in IBM Java which is shipped with IBM® Intelligent Operations Center(CVE-2022-21426)

Summary A vulnerability have been identified in IBM Java which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21426...

5.3CVSS6.1AI score0.03203EPSS
Exploits0Affected Software1
Broadcom
Broadcom
added 2023/08/29 12:0 a.m.46 views

Oracle Java SE Multiple Vulnerabilities (July 2022 CPU update) CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-25647 CVE-2022-34169

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory: - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot...

7.5CVSS7.1AI score0.17673EPSS
Exploits2
Cvelist
Cvelist
added 2023/08/21 6:55 a.m.41 views

CVE-2022-46751 Apache Ivy: XML External Entity vulnerability in Apache Ivy

Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...

8.6AI score0.01855EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/27 12:26 p.m.24 views

Security Bulletin: CVE-2022-21426 may affect JAXP component in Java SE used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary CVE-2022-21426 vulnerability in JAXP component in Java SE could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java ...

5.3CVSS6AI score0.03203EPSS
Exploits0Affected Software1
Rows per page
Query Builder