CVE-2024-55887

Ucum-java (FHIR UCUM services) is vulnerable to XML External Entity (XXE) injections in XML parsing performed by UcumEssenceService in versions before 1.0.9. A crafted XML with a malicious DTD can cause data from the host system to be exposed when external clients submit XML. The fix is Release 1...

GHSA-JP26-88MW-89QR sigstore-java has a vulnerability with bundle verification

Summary sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. Impact This bug impacts clients using any variation of KeylessVerifier.verify Currently checkpoints are only used to ensure the root hash of an inclusion proof was...

CVE-2024-54140 sigstore-java has a vulnerability with bundle verification

sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify. Currently...

IBM Java 7.1 < 7.1.5.24 / 8.0 < 8.0.8.35

The version of IBM Java installed on the remote host is 7.1 prior to 7.1.5.24 / 8.0 prior to 8.0.8.35. It is, therefore, affected by a vulnerability as referenced in the IBM Security Update December 2024 advisory. - In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may...

sigstore-java 安全漏洞

sigstore-java is a sigstore open source sigstore java client for interacting with sigstore infrastructure. A security vulnerability exists in sigstore-java that stems from sigstore-java's inability to adequately verify that validly signed but mismatched bundles are included in transparent logs...

Atlassian Confluence < 7.19.26 / 7.20.x < 8.5.12 / 8.6.x < 8.9.4 / 9.0.1 (CONFSERVER-97723)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-97723 advisory. - An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5...

PT-2024-28980 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: Java affected versions not specified Description: The issue allows an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional...

ROS-20240927-15

A vulnerability in the Hotspot component of the Oracle Java SE software platform, Oracle GraalVM virtual machines Enterprise Edition and Oracle GraalVM for JDK is related to writes beyond buffer boundaries in memory. Exploitation of the of the vulnerability could allow an attacker acting remotely...

ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +33675 more potentially affected by CVE-2024-7254 via com.google.protobuf:protobuf-java (>=2.0.3 <=3.25.4)

com.google.protobuf:protobuf-java MAVEN version =2.0.3, =0.1.1, =0.1.1, =0.1.1, =1.4.6, =1.0.0, =0.0.23, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.2.8 and more Source cves: CVE-2024-7254 Source advisory: OSV:GHSA-735F-PC8J-V9W8...

RHSA-2013:0600 Red Hat Security Advisory: java-1.7.0-oracle security update

Bulletin has no description...

org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service

A vulnerability was found in Bouncy Castle. An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters...

br.com.m4rc310:br-com-m4rc310-graphql (=1.0.1), br.com.m4rc310:br-com-m4rc310-libs (=1.0.1) +880 more potentially affected by CVE-2024-40094 via com.graphql-java:graphql-java (>=0.0.0-2021-06-27T12-22-33-cd2bab76 <=19.1)

com.graphql-java:graphql-java MAVEN version =0.0.0-2021-06-27T12-22-33-cd2bab76, =6.0.0, =6.0.3, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.0, =6.0.0, =6.0.0, =6.0.3, =0.1.0, =1.0.0, =1.2.1 and more Source cves: CVE-2024-40094 Source advisory: OSV:GHSA-H9MQ-F6Q5-6C8M...

Security Bulletin: IBM Maximo Asset Management - There is a vulnerability in Java on z/OS used by IBM Maximo Asset Management application (CVE-2024-3933)

Summary There is a vulnerability in Java on z/OS used by IBM Maximo Asset Management application. Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: Eclipse Openj9 could allow a local authenticated attacker to bypass security restrictions, caused by the failure to restrict access to a buffer...

Eclipse OpenJ9 安全漏洞

Eclipse OpenJ9 is a Java application engine from the Eclipse Foundation. The product is primarily used to run Java applications. A security vulnerability exists in Eclipse OpenJ9 that stems from an out-of-bounds read and out-of-bounds write vulnerability when running with the JVM option...

Security Bulletin: IBM Maximo Application Suite uses ion-java-1.2.0.jar which is vulnerable to CVE-2024-21634.

Summary IBM Maximo Application Suite uses ion-java-1.2.0.jar which is vulnerable to CVE-2024-21634. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21634 DESCRIPTION: Amazon Ion is vulnerable to a denial of service, caused by a...

Security Bulletin: There is a vulnerability in Java on z/OS used by IBM Maximo Asset Management application (PSIRT-ADV0103951)

Summary There is a vulnerability in Java on z/OS used by IBM Maximo Asset Management application Vulnerability Details IBM X-Force ID: PSIRT-ADV0103951 DESCRIPTION: Created from Advisory: ADV0103951 CVSS Base score: 8.1 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products a...

DEBIAN-CVE-2023-51775

The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...

PT-2024-20275 · Unknown · Crmeb Java

Name of the Vulnerable Software and Affected Versions: crmeb java versions prior to 1.3.4 Description: The issue allows attackers to execute arbitrary SQL commands by sending a crafted GET request to the "api/front/spread/people" endpoint. This enables attackers to manipulate the database,...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to snappy-java information disclosure vulnerabilitiy [CVE-2023-43642]

Summary Potential snappy-java denial of service, vulnerability caused by caused by missing upper bound check on chunk length have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information...

SOFARPC Code Issue Vulnerability

SOFARPC is a high-performance , highly scalable , production-grade Java RPC framework for SOFAStack . A code issue vulnerability exists in SOFARPC versions prior to 5.12.0, which stems from a gadget chain that bypasses the SOFA Hessian blacklist protection mechanism and relies only on the JDK, no...