Debian dla-4262 : libcommons-lang-java - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4262 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4262-1 [email protected] https://www.debian.org/lts/security/...

SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-openj9 (SUSE-SU-2025:02545-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02545-1 advisory. Update to OpenJDK 8u462 build 08 with OpenJ9 0.53.0 virtual machine: - CVE-2025-30749: several scenarios can lead to heap...

Fedora 41 : java-21-openjdk / java-25-openjdk / java-latest-openjdk (2025-dbb980101e)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-dbb980101e advisory. security update for July CPU 2025 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Security Bulletin: IBM® Db2® federated server is vulnerable to unbounded recursions due to a vulnerability in protobuf-java (CVE-2024-7254).

Summary Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite...

RHEL 8 / 9 : java-1.8.0-openjdk (RHSA-2025:10862)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10862 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Securit...

Security Bulletin: IBM Sterling Connect:Direct for Unix is vulnerable to various attacks due to IBM Runtime Environment Java Technology Edition Version 17

Summary IBM Java 17 is used by IBM Sterling Connect:Direct for UNIX in product configuration and data transmission. IBM Sterling Connect:Direct for UNIX is impacted by vulnerabilities in IBM Java 17. IBM Sterling Connect:Direct for UNIX has upgraded IBM Java 17 to address the issues. Vulnerabilit...

CVE-2025-42966 Insecure Deserialization vulnerability in SAP NetWeaver (XML Data Archiving Service)

SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability ...

Security Bulletin: IBM Sterling Transformation Extender is affected by multiple IBM Semeru Java 17 vulnerabilities

Summary IBM Sterling Transformation Extender uses IBM Semeru Runtime Certified Edition, Version 17. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and...

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to protobuf-java (CVE-2024-7254)

Summary protobuf-java is vulnerable to a StackOverflow attack. This vulnerability affects IBM Spectrum Control. CVE-2024-7254. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of...

TencentOS Server 3: java-11-openjdk (TSSA-2023:0249)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0249 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

PT-2025-22971 · Suse +1 · Suse Manager Server Module +1

Name of the Vulnerable Software and Affected Versions: spacewalk-java versions 5.0.4.7.19.1 through 5.0.24-150600.3.25.1 SUSE Manager Server Module 4.3 versions prior to 4.3.85-150400.3.105.3 Description: A vulnerability in spacewalk-java allows execution of arbitrary Javascript code on users'...

Advisory ROSA-SA-2025-2874

Software: java-1.8.0-openjdk 1.8.0.442.b06 OS: rosa-server79 packageevrstring: java-1.8.0-openjdk-1.8.0.442.b06-1.0.3.res7 CVE-ID: CVE-2025-21587 BDU-ID: 2025-05070 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the JSSE component of the Oracle Java SE software platform, Oracle GraalVM for JDK and...

CVE-2024-20922

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated...

CVE-2023-39685

An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service DoS via supplying a crafted JSON string...

CVE-2023-1609

A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been rated as problematic. This issue affects the function save of the file /api/admin/store/product/save. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to...

CVE-2022-21271

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

CVE-2022-29805

A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload...

CVE-2019-0391

Under certain conditions SAP NetWeaver AS Java corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 allows an attacker to access information which would otherwise be restricted...

ABB Cylon Aspect 3.08.03 (Java/PHP) Log Forging

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description Multiple PHP and Java components across the system fail to properly...

Alibaba Cloud Linux 3 : 0134: java-11-openjdk (ALINUX3-SA-2023:0134)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0134 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-22081: Vulnerability in the Oracle Java SE...