529 matches found
GHSA-WF9G-RH76-6JVR Incorrect Permission Assignment for Critical Resource in Jenkins
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials SECURITY-392, resulting in future builds possibly failing to download a JDK...
GHSA-WJJR-H4WH-W6VV Spring Framework Inefficient Regular Expression Complexity
Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit JDK before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to...
OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...
OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...
OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...
OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...
Exploit for Code Injection in Vmware Spring_Framework
spring4shell ⭐ a python implementation of CVE-2022-22965 that...
The vulnerability of the JNDI component in the OpenJDK application development kit allows a hacker to cause a service failure.
The vulnerability of the JNDI component in the OpenJDK application development kit is related to errors during resource release. Exploiting this vulnerability allows an attacker who operates remotely to cause service failures...
SpringCore0day
Information https://spring.io/blog/2022/03/31/spring-framewor...
OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...
OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...
OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...
OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allow...
OpenJDK: Excessive resource use when reading JAR manifest attributes (Libraries, 8272026)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...
Explanation of what Java API is ❓ Types. Examples
When the two most viable and essential application/software development comes together, programmers are allowed to have unmatched functionality. Java API Application Programming Interface is the perfect example of how to attain this. Acknowledged as a crucial entity for internal and open...
OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated...
JDK: Stack-based buffer overflow when converting from UTF-8 characters to platform encoding
In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding...
Vulnerabilities fixed in Oracle Java SE
Oracle has fixed vulnerabilities in the following Oracle Database products: Oracle Java SE JDK Oracle Java SE JRE Oracle Java Oracle Java Web Start The vulnerabilities allow an unauthenticated remote malicious person to remote may be able to launch attacks that result in the following categories ...
Multiple packages on Sun Solaris including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier SDK and JRE 1.4.x up to 1.4.2_12 and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice when using an RSA key with exponent 3 removes PKCS-1 padding before generating a hash which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1.
...
Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Software Architect for WebSphere Software (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Rational Software Architect for WebSphere Software. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An...