Alibaba Cloud Linux 3 : 0021: java-17-openjdk (ALINUX3-SA-2025:0021)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0021 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-21502: Vulnerability in the Oracle Java SE...

IBM Java 7.1 < 7.1.5.26 / 8.0 < 8.0.8.45

The version of IBM Java installed on the remote host is 7.1 prior to 7.1.5.26 / 8.0 prior to 8.0.8.45. It is, therefore, affected by a vulnerability as referenced in the IBM Security Update May 2025 advisory. - In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based...

CVE-2025-4494

CVE-2025-4494 affects JAdmin-JAVA JAdmin 1.0, specifically the toLogin function in NoNeedLoginController.java within Admin Backend. The vulnerability enables improper authentication and can be exploited remotely; public exploits have been disclosed. Connected sources corroborate the issue and des...

CVE-2025-4494 JAdmin-JAVA JAdmin Admin Backend NoNeedLoginController.java toLogin improper authentication

A vulnerability, which was classified as critical, was found in JAdmin-JAVA JAdmin 1.0. Affected is the function toLogin of the file NoNeedLoginController.java of the component Admin Backend. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The...

PT-2025-20601 · Unknown · Jadmin-Java

Name of the Vulnerable Software and Affected Versions: JAdmin-JAVA JAdmin version 1.0 Description: A critical vulnerability was found in the function toLogin of the file NoNeedLoginController.java of the component Admin Backend. The manipulation leads to improper authentication. It is possible to...

K000151202: Java vulnerability CVE-2025-30691

Security Advisory Description Vulnerability in Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Fedora 41 : java-1.8.0-openjdk (2025-e81dbae527)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-e81dbae527 advisory. April 2025 CPU Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this iss...

CVE-2025-3843 panhainan DS-Java cross-site request forgery

A vulnerability was found in panhainan DS-Java 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...

PT-2025-22644 · Suse · Spacewalk-Java

Name of the Vulnerable Software and Affected Versions: spacewalk-java versions prior to 4.3.85-150400.3.105.3 spacewalk-java versions prior to 5.0.24-150600.3.25.1 Description: A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in spacewalk-java allows...

CVE-2025-30691

Vulnerability in Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

RHEL 6 : spacewalk-java (RHSA-2014:1184)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1184 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of...

Security Bulletin: Vulnerability in Oracle Java affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Oracle Java has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

Security Bulletin: IBM Sterling Control Center is affected by JSON-java vulnerability (CVE-2022-45688)

Summary Vulnerability in JSON-java is impacting IBM Sterling Control Center v6.3.1 and v6.2.1. Customers must upgrade to latest patch below to address this vulnerability. Vulnerability Details CVEID:CVE-2022-45688 DESCRIPTION: Hutool is vulnerable to a denial of service, caused by stack-based...

CVE-2025-2365

A vulnerability, which was classified as problematic, has been found in crmebjava up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has bee...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of integrity [CVE-2025-21502]

Summary IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of data integrity due to a vulnerability in Java. This bulletin provides patch information to address the reported vulnerability in Java. CVE-2025-21502 Vulnerabili...

Security Bulletin: InfoSphere Data Replication is affected by a Snappy-Java vulnerability (CVE-2023-43642)

Summary InfoSphere Data Replication uses Snappy-Java. This bulletin identifies the steps to take to address the vulnerability in that package. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk...

Security Bulletin: IBM Cognos Command Center has addressed vulnerabilities IBM® Semeru Java™ and Eclipse Jetty

Summary There are vulnerabilities in IBM® Semeru Java™ and Eclipse Jetty used by IBM Cognos Command Center. Please refer to the table in the Related Information section for vulnerability impact. This Security Bulletin relates only to the direct usage of third-party components by IBM Cognos Comman...

Linux Distros Unpatched Vulnerability : CVE-2022-21626

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are...

CVE-2025-1695 NGINX Unit Java Vulnerability

In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service DoS. There...

Linux Distros Unpatched Vulnerability : CVE-2012-5081

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and...