OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows...

Apache Shiro 安全漏洞

Apache Shiro is a suite of Java security frameworks for performing authentication, authorization, encryption, and session management from the Apache Foundation USA. A security vulnerability exists in Apache Shiro versions prior to 1.11.0, which stems from a specially crafted HTTP request that cou...

SUSE-SU-2022:4602-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: IBM Security Update November 2022: bsc1205302, bsc1204703 - CVE-2022-3676: A security vulnerability was fixed in version 8.0.7.20, adding the reference here...

SUSE-SU-2022:4452-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Update to version jdk8u352 icedtea-3.25.0: - CVE-2022-21619,CVE-2022-21624: Fixed difficult to exploit vulnerability allows unauthenticated attacker with network access and can cause unauthorized update, insert or delete access via...

SUSE-SU-2022:4373-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Update to version jdk8u352 icedtea-3.25.0: - CVE-2022-21619,CVE-2022-21624: Fixed difficult to exploit vulnerability allows unauthenticated attacker with network access and can cause unauthorized update, insert or delete access via...

SUSE-SU-2022:4166-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition bsc1204471. - CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can...

SUSE-SU-2022:4079-1 Security update for java-17-openjdk

This update for java-17-openjdk fixes the following issues: - Update to jdk-17.0.5+8 October 2022 CPU - CVE-2022-39399: Improve HTTP/2 client usagebsc1204480 - CVE-2022-21628: Better HttpServer service bsc1204472 - CVE-2022-21624: Enhance icon presentations bsc1204475 - CVE-2022-21619: Improve NT...

CVE-2022-41917

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a...

Information disclosure

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a...

CVE-2022-41917 Incorrect Error Handling Allowed Partial File Reads Over REST API in OpenSearch

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a...

PT-2022-26147 · Unknown · Opensearch

Name of the Vulnerable Software and Affected Versions: OpenSearch versions prior to 1.3.7 OpenSearch versions prior to 2.4.0 Description: An issue in OpenSearch allows certain specially crafted queries to return a response containing the first line of text from arbitrary files. The list of...

CVE-2022-41917

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a...

The platform’s vulnerability related to ensuring security standards for XML Apache Santuario XML Security for Java allows attackers to trigger a service failure.

The vulnerability of the jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java component of the Apache Santuario XML Security for Java platform is related to resource management errors. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

[SECURITY] [DLA 3159-1] libbluray bugfix update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3159-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 25, 2022 https://wiki.debian.org/LTS -...

Jadx-gui vulnerable to swing HTML Denial of Service (DoS) attack

Impact Using jadx-gui to open a special zip file with entry containing HTML sequence like will cause interface to get stuck and throw exceptions like: java.lang.RuntimeException: Can't build aframeset, BranchElementframeset 1,3 :no ROWS or COLS defined. at...

OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated...

OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerabili...

OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to...

OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated...

OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated...