Unity Linux 20.1060e / 20.1070e Security Update: junit (UTSA-2026-016613)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016613 advisory. In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's...

BIT-JRE-2021-2432

Vulnerability in the Java SE product of Oracle Java SE component: JNDI. The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

BIT-JRE-2020-14577

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to...

BIT-JAVA-MIN-2021-35586

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

BIT-JAVA-2021-35561

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Utility. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

BIT-JAVA-2020-2800

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

BIT-JAVA-MIN-2020-14579

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols ...

BIT-JAVA-2020-14578

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols ...

PT-2026-37927

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

PT-2026-37667

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to...

Astra Linux - уязвимость в junit4

In JUnit 4, versions starting from 4.7 and before 4.13.1, the TemporaryFolder test rule contains a local information disclosure vulnerability. On Unix-like systems, the system’s temporary directory is shared among all users on that system. As a result, when files and directories are written to th...

Astra Linux - уязвимость в guava-libraries

There is a vulnerability related to the creation of temporary directories in all versions of Guava. An attacker with access to the system can potentially access data stored in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir. By default, on Unix-like systems...

Astra Linux - уязвимость в libpgjava

pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or PreparedStatemet.setByteaint, InputStream will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which...

IBM Java 7.1 < 7.1.5.30 / 8.0 < 8.0.8.65 Multiple Vulnerabilities

The version of IBM Java installed on the remote host is 7.1 prior to 7.1.5.30 / 8.0 prior to 8.0.8.65. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle April 21 2026 CPU advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM...

MiracleLinux 7 : java-1.7.0-openjdk-1.7.0.221-2.6.18.0.0.1.el7.AXS7 (AXSA:2019-3860:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3860:03 advisory. Enhancement - Oracle Java SE REIWA Security Fix - Oracle Java SE Libraries DoSCVE-2019-2602 - Oracle Java SE RMI CVE-2019-2684 - Oracle Java SE 2D...

MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.241-2.6.20.0.AXS4 (AXSA:2019-4343:05)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4343:05 advisory. OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler Networking, 8223892 CVE-2019-2978 OpenJDK: Incorrect handling of HTTP proxy...

CVE-2023-0017

An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current...

SUSE CVE-2013-1490

Unspecified vulnerability in Oracle Java SE 7 Update 11 JRE 1.7.011-b21 allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors, aka "Issue 51," a different vulnerability than CVE-2013-0431. NOTE: as of 20130130, this vulnerability does not contain any...

log4j1-socketappender: DoS via hashmap logging

A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in th...

OESA-2023-1366 postgresql-jdbc security update

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. Security Fixes: pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint,...