Unity Linux 20.1070e Security Update: datanucleus-core (UTSA-2026-016737)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016737 advisory. Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not...

BIT-JRE-2021-2432

Vulnerability in the Java SE product of Oracle Java SE component: JNDI. The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

PT-2026-38697

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

PT-2026-37710

Vulnerability in the Java SE product of Oracle Java SE component: JNDI. The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

Astra Linux – Vulnerability in Jackson-Databind

FasterXML Jackson-Databind 2.x versions before 2.9.10.8 mishandle the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool...

CVE-2026-27727

CVE-2026-27727 is confirmed in multiple IBM advisories as affecting the mchange-commons-java library used by IBM Maximo Monitor Component and related IBM products. The vulnerability stems from JNDI dereferencing code in mchange-commons-java, which can allow an attacker to cause download and execu...

CVE-2025-42884

SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment properties or pass a URL used during JNDI lookup operations, enabling access to an unintended JNDI provider.�This could further lead to disclosure or modification of information about the server. There i...

CVE-2025-42884

CVE-2025-42884 affects SAP NetWeaver Enterprise Portal. The issue allows an unauthenticated attacker to inject JNDI environment properties or pass a URL during JNDI lookup, enabling access to an unintended JNDI provider and potentially leading to disclosure or modification of server information (...

PT-2025-46225

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Enterprise Portal affected versions not specified Description An unauthenticated attacker can inject JNDI environment properties or provide a URL during JNDI lookup operations. This could allow access to an unintended JNDI...

CVE-2025-64164 DataEase is vulnerable to Oracle JNDI Injection

Dataease is an open source data visualization analysis tool. In versions 2.10.14 and below, DataEase did not properly filter when establishing JDBC connections to Oracle, resulting in a risk of JNDI injection Java Naming and Directory Interface injection. This issue is fixed in version 2.10.15...

adobe-connect-exploits

It is an offensive tool for Adobe Connect. Exploit module/toolki...

PT-2025-36440

Name of the Vulnerable Software and Affected Versions: Apache Jackrabbit Core versions 1.0.0 through 2.22.1 Apache Jackrabbit JCR Commons versions 1.0.0 through 2.22.1 Description: This issue involves the deserialization of untrusted data in Apache Jackrabbit Core and Apache Jackrabbit JCR Common...

Cloudera JDBC Connector 安全漏洞

Cloudera JDBC Connector is a driver from Cloudera, Inc. A security vulnerability exists in Cloudera JDBC Connector versions prior to 2.6.26, which stems from the presence of a JNDI injection issue that allows an attacker to inject malicious parameters into a JDBC URL, which could lead to remote...

The vulnerability of the business rule management system in the IBM Operational Decision Manager environment arises from the failure to take measures to neutralize special elements used in the operating system. This allows a violator to execute arbitrary code.

The vulnerability of the Business Rules Management system in a corporate environment exists due to the lack of measures taken to neutralize the special elements used in the operating system’s command set. Exploiting this vulnerability allows an attacker to execute arbitrary code by injecting JNDI...

CVE-2024-22319

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145...

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

CVE-2022-41272

An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search UDS of SAP NetWeaver Process Integration PI - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized...

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

DEBIAN-CVE-2022-21624

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...