CVE-2022-22965

A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain...

CVE-2022-21393

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM...

Oracle Database Server 输入验证错误漏洞

Oracle Database Server is a relational database management system from Oracle Corporation. The database management system provides data management, distributed processing, and other functions.An input validation error vulnerability exists in Oracle Database Server, which stems from an input...

Explanation of what Java API is ❓ Types. Examples

When the two most viable and essential application/software development comes together, programmers are allowed to have unmatched functionality. Java API Application Programming Interface is the perfect example of how to attain this. Acknowledged as a crucial entity for internal and open...

XStream: remote code execution due to insecure XML deserialization when relying on blocklists

A flaw was found in xstream. An unsafe deserialization of user-supplied XML, in conjunction with relying on the default deny list, allows a remote attacker to perform a variety of attacks including a remote code execution of arbitrary code in the context of the JVM running the XStream application...

JVMXRay - Make Java Security Events Of Interest Visible For Analysis

JVMXRay is a technology for monitoring access to system resources within the Java Virtual Machine. It’s designed with application security emphasis but some will also find it beneficial for software quality processes and diagnostics. More about Oracle Java Duke mascot... Contact/Chat Group New ch...

Gradle Remote Code Execution Vulnerability

Gradle is the U.S. Gradle company's set of JVM-based project build tool , it supports maven, Ivy repository and so on. A remote code execution vulnerability exists in Gradle Enterprise prior to 2021.1.2, which stems from the installation configuration user interface available to administrators...

CVE-2021-41619

An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface available to administrators allows specifying arbitrary Java Virtual Machine startup options. Some of the...

CVE-2021-41619

The CVE affects Gradle Enterprise prior to 2021.1.2. The installation configuration UI allows administrators to specify arbitrary JVM startup options (e.g., -XX:OnOutOfMemoryError), which can be abused to execute commands on the host if an attacker gains admin access. Documented impact is potenti...

Gradle 代码注入漏洞

Gradle is the U.S. Gradle company's set of JVM-based project build tool , it supports maven, Ivy repository and so on. A remote code execution vulnerability exists in Gradle Enterprise prior to 2021.1.2, which stems from the installation configuration user interface available to administrators...

Oracle Database Server 输入验证错误漏洞

Oracle Database Server is a relational database management system from Oracle Corporation USA. The database management system provides data management, distributed processing, and other functions.An unspecified vulnerability exists in the Java VM component of Oracle Database Server versions...

CVE-2021-2438

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM...

Oracle Database Server 输入验证错误漏洞

Oracle Database Server is an object-a relational database management system that provides an open, comprehensive, and integrated approach to information management. A security vulnerability exists in the Java VM component of Oracle Database Server versions 12.1.0.2, 12.2.0.1, and 19c. An attacker...

CVE-2021-2234

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM...

Oracle Database Server Input Validation Error Vulnerability (CNVD-2021-33861)

Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing and other functions. Oracle Database Server suffers from an input validation error vulnerability that...

Oracle Database Server 输入验证错误漏洞

Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing and other functions. Oracle Database Server suffers from an input validation error vulnerability that...

Eclipse OpenJ9 缓冲区错误漏洞

Eclipse OpenJ9 is a Java application engine from the Eclipse Foundation. The product is primarily used to run Java applications. A buffer overflow vulnerability exists in Eclipse OpenJ9 versions prior to 0.23, which stems from a stack-based buffer overflow that can occur when the virtual machine ...

CVE-2021-1993

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM...

Oracle Database Server 授权问题漏洞

Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing and other functions. A security vulnerability exists in the Java VM component of Oracle Database Server. An...

SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2021:0032-1)

This update for java-180-ibm fixes the following issues : Update to Java 8.0 Service Refresh 6 Fix Pack 20 bsc1180063,bsc1177943 CVE-2020-14792 CVE-2020-14797 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 - Class libraries : - SOCKETADAPTOR$SOCKETINPUTSTREAM.READ is...