DEBIAN-CVE-2023-33201

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject...

Bouncy Castle 信任管理问题漏洞

Bouncy Castle is a collection of APIs used in cryptography organized by Bouncy Castle. It includes APIs for the Java and C programming languages. A security vulnerability exists in Bouncy Castle For Java versions prior to 1.74, which stems from an LDAP injection vulnerability due to a failure to...

Security Bulletin: IBM Watson Explorer is affected by multiple vulnerabilities in Java

Summary IBM Watson Explorer contains a vulnerable version of Java. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high...

PT-2023-35888 · Oracle · Java.Base

Name of the Vulnerable Software and Affected Versions: java.base affected versions not specified Description: A security exception occurs due to a crash in the checkSsrf and checkSsrfSocket functions within the ServerSideRequestForgery class. This issue is related to the java.net.Socket.connect...

PT-2023-35887 · Oracle · Java.Base

Name of the Vulnerable Software and Affected Versions: java.base affected versions not specified Description: A security exception occurs due to a crash in the checkSsrf and checkSsrfSocket functions within the ServerSideRequestForgery class. This issue is related to the java.net.Socket.connect...

PT-2023-24241 · Mojang · Minecraft

Name of the Vulnerable Software and Affected Versions: Minecraft versions 1.19 through 1.20 pre-releases before 7 Java Description: The issue allows for arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink. Recommendations: For Minecraft versions...

Security Bulletin: There is a vulnerability in AWS SDK for Java used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-31159)

Summary There is a vulnerability in AWS SDK for Java used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-31159 DESCRIPTION: AWS SDK for Java could allow a remote authenticated attacker to traverse directories on the system, caused by a flaw ...

Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by a vulnerability in IBM® Runtime Environment Java™ (CVE-2021-2161)

Summary CVE-2021-2161 was disclosed as part of the Oracle April 2021 Critical Patch Update. Vulnerability Details CVEID:CVE-2021-2161 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact,...

Important: java-1.8.0-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficul...

OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

au.com.permeance:liferay-clojure-integration (=0.1), br.com.thiagomoreira.liferay.plugins.bootstrap-jumbotron-app:bootstrap-jumbotron-app (>=1.0.0 <=1.0.1) +101 more potentially affected by CVE-2021-33990 via com.liferay.portal:portal-service (>=6.0.2 <=6.2.4)

com.liferay.portal:portal-service MAVEN version =6.0.2, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.0 - br.com.thiagomoreira.liferay.plugins.lorem-ipsum-button-app:hooks =1.0.0 - br.com.thiagomoreira.liferay.plugins.lorem-ipsum-button-app:lorem-ipsum-button-app =1.0.0 -...

com.atlassian:nadel (>=2022-01-19T23-18-30-adbad461 <=2024-01-23T04-58-06-b811e23f), com.atlassian:nadel-api (>=2022-01-19T23-18-30-adbad461 <=2022-03-22T05-05-01-a5d0b804) +4 more potentially affected by CVE-2023-28867 via com.graphql-java:graphql-java (>=0.0.0-2021-06-27T12-22-33-cd2bab76 <=0.0.0-2023-12-05T22-54-46-39d2155)

com.graphql-java:graphql-java MAVEN version =0.0.0-2021-06-27T12-22-33-cd2bab76, =2022-01-19T23-18-30-adbad461, =2022-01-19T23-18-30-adbad461, =2022-01-19T23-18-30-adbad461, =2022-01-19T23-18-30-adbad461, =2022-01-19T23-18-30-adbad461, =2022-04-05T04-35-54-29b76c29 -...

PT-2023-17114 · Zhong Bang · Crmeb

Name of the Vulnerable Software and Affected Versions: Zhong Bang CRMEB Java versions up to 1.3.4 Description: A critical issue affects the function getAdminList of the file "/api/admin/store/product/list". The manipulation of the argument cateId leads to sql injection. The attack can be initiate...

K45356577: Java vulnerability CVE-2022-21449

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable...

Security Bulletin: A vulnerability in Java affects the IBM FlashSystem 840 and 900

Summary There is a vulnerability in Java to which the IBM FlashSystem™ 840 and FlashSystem 900 are susceptible CVE-2019-2602. An exploit of CVE-2019-2602 could make the system susceptible to a denial of service attack. Vulnerability Details CVEID: CVE-2019-2602 DESCRIPTION: An unspecified...

Security Bulletin: The IBM FlashSystem 840 product is affected by a vulnerability in Java

Summary Security vulnerabilities have been discovered in Java Vulnerability Details CVE-ID: CVE-2014-0411 DESCRIPTION: FlashSystem 840 uses an affected version of Oracle Java: CVE-2014-0411 Unspecified Oracle Java vulnerability In Oracle’s January 2014 Critical Patch Update CPU they disclosed, bu...

SUSE CVE-2009-2676

Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.221 and earlier; allows remote attackers to create or modify arbitrary files via vecto...

SUSE CVE-2010-0840

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from...

SUSE CVE-2012-0497

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

SUSE CVE-2012-3174

Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the...