Lucene search
K

183 matches found

OSV
OSV
added 2022/07/16 7:58 p.m.22 views

MGASA-2022-0261 Updated java packages fix security vulnerability

OpenJDK: Defective secure validation in Apache Santuario Libraries, 8278008 CVE-2022-21476 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions JAXP, 8270504 CVE-2022-21426 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler Libraries, 8277672...

7.5CVSS5.9AI score0.04046EPSS
Exploits0References4
OSV
OSV
added 2022/05/17 3:2 a.m.7 views

GHSA-H3Q4-6J7F-R24C priority vulnerable to denial of service

A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority informati...

8.7CVSS7.3AI score0.01792EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/04/28 6:58 p.m.6 views

OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

5.3CVSS7.4AI score0.03203EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/04/27 12:0 a.m.277 views

RHEL 7 : java-1.8.0-openjdk (RHSA-2022:1487)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1487 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

7.5CVSS6.3AI score0.04046EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2022/04/25 3:13 p.m.3 views

OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

5.3CVSS7.4AI score0.03203EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/04/21 12:0 a.m.232 views

RHEL 8 : java-11-openjdk (RHSA-2022:1441)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1441 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixe...

7.5CVSS6.3AI score0.04046EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2022/04/20 2:18 p.m.4 views

OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

5.3CVSS7.4AI score0.03203EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/04/20 1:33 p.m.4 views

OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

5.3CVSS7.4AI score0.03203EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/04/20 1:6 p.m.5 views

OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

5.3CVSS7.4AI score0.03203EPSS
Exploits0References4
Rockylinux
Rockylinux
added 2022/04/20 12:24 p.m.42 views

java-11-openjdk security update

An update is available for java-11-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The java-11-openjdk packages provide the OpenJDK 11 Java Runtime...

7.5CVSS6.7AI score0.04046EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/04/20 12:0 a.m.58 views

RHEL 8 : java-11-openjdk (RHSA-2022:1443)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1443 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixe...

7.5CVSS6.3AI score0.04046EPSS
Exploits0References12
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.30 views

Mageia: Security Advisory (MGASA-2019-0241)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS6AI score0.04351EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2020/10/27 1:40 p.m.95 views

USN-4600-2: Netty vulnerabilities

USN-4600-1 fixed multiple vunerabilities in Netty 3.9. This update provides the corresponding fixes for CVE-2019-20444, CVE-2019-20445 for Netty. Also it was discovered that Netty allow for unbounded memory allocation. A remote attacker could send a large stream to the Netty server causing it to...

9.1CVSS7.1AI score0.13474EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2020/06/15 8:35 p.m.89 views

Denial of Service in Google Guava

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class when serialized with Java serialization...

5.9CVSS4.3AI score0.05119EPSS
Exploits0References56Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/06 12:2 p.m.22 views

Security Bulletin: Vulnerability in Google Guava affects IBM Cloud Pak System (CVE-2018-10237)

Summary There is a potential denial of service with the Google Guava library that is used in IBM Cloud Pak System. Vulnerability Details CVEID: CVE-2018-10237 DESCRIPTION: Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of...

5.9CVSS1.2AI score0.05119EPSS
Exploits0Affected Software1
NVD
NVD
added 2020/04/07 6:15 p.m.38 views

CVE-2020-11612

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder...

7.5CVSS8.2AI score0.09438EPSS
Exploits0References45
Prion
Prion
added 2020/04/07 6:15 p.m.34 views

Design/Logic Flaw

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder...

5CVSS8.3AI score0.09438EPSS
Exploits0References45Affected Software10
UbuntuCve
UbuntuCve
added 2020/04/07 6:15 p.m.42 views

CVE-2020-11612

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder...

7.5CVSS6.9AI score0.09438EPSS
Exploits0References13
Cvelist
Cvelist
added 2020/04/07 6:0 p.m.30 views

CVE-2020-11612

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder...

8.2AI score0.09438EPSS
Exploits0References45
Debian CVE
Debian CVE
added 2020/04/07 6:0 p.m.27 views

CVE-2020-11612

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder...

7.5CVSS7.1AI score0.09438EPSS
Exploits0
Rows per page
Query Builder