GitHub Security Lab: Java: JSONP Injection

This bug was reported directly to GitHub Security Lab...

SUSE-SU-2021:1314-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.11+9 April 2021 CPU CVE-2021-2163: Fixed incomplete enforcement of JAR signing disabled algorithms bsc1185055 CVE-2021-2161: Fixed incorrect handling of partially quoted arguments in ProcessBuilder...

cn.regionsoft:ONE (=2.1.1), co.baiku.boot:ajavaer-cache (=0.3.0-RELEASES) +49 more potentially affected by CVE-2020-26939 via org.bouncycastle:bcprov-ext-jdk16 (>=1.45 <=1.46)

org.bouncycastle:bcprov-ext-jdk16 MAVEN version =1.45, =0.0.1-RELEASE, =0.0.1.RELEASE, =0.0.3.RELEASE, =0.0.1.RELEASE, =0.0.1.RELEASE, =0.0.1.RELEASE, =0.0.3.RELEASE, =0.0.1.RELEASE, =0.0.1.RELEASE, =0.0.1.RELEASE, =0.0.1.RELEASE, =0.0.9.RELEASE and more Source cves: CVE-2020-26939 Source advisor...

DLA-2616-1 libxstream-java - security update

Bulletin has no description...

openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2021-374)

This update for java-180-openjdk fixes the following issues : - Update to version jdk8u282 icedtea 3.18.0 - January 2021 CPU bsc1181239 - Security fixes + JDK-8247619: Improve Direct Buffering of Characters CVE-2020-14803 - Import of OpenJDK 8 u282 build 01 + JDK-6962725: Regtest...

OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

SUSE-SU-2021:0670-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 25 bsc1182186, bsc1181239, CVE-2020-27221, CVE-2020-14803 CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characte...

SUSE-SU-2021:0665-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - Update to version jdk8u282 icedtea 3.18.0 January 2021 CPU bsc1181239 Security fixes + JDK-8247619: Improve Direct Buffering of Characters CVE-2020-14803 Import of OpenJDK 8 u282 build 01 + JDK-6962725: Regtest...

USN-4740-1: Apache Shiro vulnerabilities

It was discovered that Apache Shiro mishandled specially crafted requests. An attacker could use this vulnerability to bypass authentication mechanisms...

KollectApps Code Issue Vulnerability

kollect KollectApps is an application from the individual developers of kollect Kollect in Germany. Offers to automatically collect emails and phone numbers of people who send you contact information via inbox or comments. A security vulnerability exists in KollectApps. The vulnerability stems fr...

Moderate: Red Hat Security Advisory: java-1.8.0-ibm security update

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Vulnerability fixed in Oracle Java SE

Oracle has fixed vulnerabilities in the following Oracle Java products: Java SE JDK and JRE The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable system may be able to system data. Only applications that execute untrusted code e.g., using third-party...

Elastic Elasticsearch Security Information Disclosure Vulnerability (ESA-2018-19)

Elasticsearch Security is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SUSE-SU-2020:14588-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 75 bsc1180063, bsc1177943 CVE-2020-14792 CVE-2020-14797 CVE-2020-14782 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 Class Libraries: - Z/OS specific C function...

SUSE SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2020:3310-1)

This update for java-170-openjdk fixes the following issues : Update to 2.6.24 - OpenJDK 7u281 October 2020 CPU, bsc1177943 - Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts +...

Security update for java-1_8_0-openjdk (important)

openSUSE Security Update: Security update for java-180-openjdk Announcement ID: openSUSE-SU-2020:2188-1 Rating: important References: 1179441 Affected Products: openSUSE Leap 15.1 An update that contains security fixes can now be installed. Description: This update for java-180-openjdk fixes the...

SUSE-SU-2020:3591-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - Update to version jdk8u275 icedtea 3.17.1 JDK-8214440, bsc1179441: Fix StartTLS functionality that was broken in openjdk272. bsc1179441 JDK-8223940: Private key not supported by chosen signature algorithm JDK-8236512: PKCS11 Connectio...

DLA-2471-1 libxstream-java - security update

Bulletin has no description...

OPENSUSE-SU-2020:2083-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - Fix regression '8250861: Crash in MinINode::IdealPhaseGVN, bool', introduced in October 2020 CPU. - Update to version jdk8u272 icedtea 3.17.0 July 2020 CPU, bsc1174157, and October 2020 CPU, bsc1177943 New features + JDK-8245468: Add...

SUSE-SU-2020:3460-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - Fix regression '8250861: Crash in MinINode::IdealPhaseGVN, bool', introduced in October 2020 CPU. - Update to version jdk8u272 icedtea 3.17.0 July 2020 CPU, bsc1174157, and October 2020 CPU, bsc1177943 New features + JDK-8245468: Add...