Hibernate Validator < 6.2 XSS

The version of Hibernate Validator on the remote host is prior to 6.2. It may, therefore, by affected by a cross-site scripting XSS vulnerability. A flaw was found in the isValid method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed ...

Oracle WebCenter Portal Multiple Vulnerabilities (January 2024 CPU)

The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the January 2024 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities: - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component:...

Security Bulletin: IBM Storage Fusion HCI could be vulnerable to code injection via use of quartz/quartz-jobs [CVE-2023-39017]

Summary The Java library quartz/quartz-jobs is used by IBM Storage Fusion HCI for backup scheduling. A vulnerability in this library includes code injection that could lead to execution of arbitrary code as described in the CVE listed in the 'Vulnerabilities Details' section. This bulletin...

IPAddress security vulnerability

IPAddress is a Java library for working with IP addresses. A security vulnerability exists in IPAddress version v5.1.0, which stems from a security issue in the component IPAddressBitsDivision that causes an infinite loop...

AZL-32259 CVE-2023-48795 affecting package jsch for versions less than 0.1.55-2

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK

A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system...

iText Input Validation Error Vulnerability

iText is an open source library for creating and manipulating PDF files in Java. It is written by Bruno Lowagie, Paulo Soares and others. An input validation error vulnerability exists in Apryse iText version 8.0.2, which stems from a problem in the main function of the PdfDocument.java file,...

ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ai.h2o:h2o-app (>=0.1.22 <=0.1.25) +1039 more potentially affected by CVE-2023-33202 via org.bouncycastle:bcprov-jdk15 (>=1.38 <=1.46)

org.bouncycastle:bcprov-jdk15 MAVEN version =1.38, =1.3, =0.1.22, =0.1.22, =1.0.0, =2.1.0, =1.0.1, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.1.2, =1.0.3, =1.3.3 - cn.dceast.platform:platform-security-starter =2.2.3 and more Source cves: CVE-2023-33202 Source advisory:...

DEBIAN-CVE-2023-44483

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

The vulnerability of the Java library for analyzing, extracting, and managing data in HTML documents, jsoup, is related to deficiencies in handling exceptional states, allowing attackers to trigger a service failure.

The vulnerability of the Java library for analyzing, extracting, and managing data in HTML documents, known as jsoup, is related to deficiencies in handling exceptional states. Exploiting this vulnerability can allow an attacker to cause service interruptions...

The vulnerability of the hasNextChunk function in the snappy-java compression/decompression library allows a hacker to cause a service failure.

The vulnerability of the hasNextChunk function in the snappy-java compression/decompression library is related to the unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the compress(char[] input) function in the snappy-java compression/decompression library, which allows a hacker to cause a service failure.

The vulnerability of the compresschar input function in the snappy-java compression/decompression library is related to integer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure remotely...

CVE-2023-20965

In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Exploit for CVE-2022-33980

riskootext4shell text4shell script for text coomons =1.10...

cloud.piranha.extension:piranha-extension-hazelcast (>=22.5.0 <=22.11.0), cloud.piranha:debug (>=22.5.0 <=22.11.0) +142 more potentially affected by CVE-2023-33264 via com.hazelcast:hazelcast (>=5.1-BETA-1 <=5.1.5)

com.hazelcast:hazelcast MAVEN version =5.1-BETA-1, =22.5.0, =22.5.0, =8.1.1, =8.2.0, =5.1.15, =5.1.15, =1.40.0, =0.7.0, =1.1.8, =1.1.8, =1.1.8, =1.1.8, =1.1.15 - com.gitee.kamismile:gatewayweb =1.2.8 and more Source cves: CVE-2023-33264 Source advisory: OSV:GHSA-5GJ6-62G7-VMGF...

dev-java/snakeyaml: DoS via stack overflow

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack...

Important: xstream

Issue Overview: XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new...

PortEx - Java Library To Analyse Portable Executable Files With A Special Focus On Malware Analysis And PE Malformation Robustness

PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness, and anomaly detection. PortEx is written in Java and Scala, and targeted at Java applications. Features Reading header information from: MSDOS Header, COFF File Header,...

CVE-2022-37936

Unauthenticated Java deserialization vulnerability in Serviceguard Manager...

CVE-2023-25158

GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore...