openjdk: Better TLS connection support (Oracle CPU 2025-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle...

Important: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.1...

JDK: Array indexing integer overflow (8328544)

Vulnerability in Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

CVE-2024-21217

Summary of CVE-2024-21217 details (from connected advisories): Affects Oracle Java SE and Oracle GraalVM families (JDK and Enterprise) with components including Serialization, Networking, and Hotspot. Affected Java SE versions include 8u421, 11.0.24, 17.0.12, 21.0.4, 23; GraalVM for JDK/EE includ...

UBUNTU-CVE-2024-20921

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM...

OpenJDK: range check loop optimization issue (8314307)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or...

CVE-2022-34267

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint...

UBUNTU-CVE-2022-21624

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

Oracle Java SE 输入验证错误漏洞

Oracle Java SE is an Oracle Corporation USA Java application for developing and deploying Java applications on desktops and servers, as well as embedded devices and real-time environments. An input validation error vulnerability exists in Oracle Java SE that could allow an unauthenticated attacke...

Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments typically in clients running sandboxed Java Web Start applications or sandboxed Java applets that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component e.g. through a web service which supplies data to the APIs. CVSS 3.1

...

CVE-2021-30201

The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. When this XML is processed external entities are insecurely processed and fetched by the system and returned to the attacker. Detailed description Given the following request: POST /vsaWS/KaseyaWS.asmx HTTP/1.1 Content-Type:...

CVE-2019-2742

Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware subcomponent: Web Service API. The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Whil...

CVE-2019-2742

Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware subcomponent: Web Service API. The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Whil...

Design/Logic Flaw

Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware subcomponent: Web Service API. The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Whil...

Code injection

Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware subcomponent: Web Service API. Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI...

CVE-2017-10037

Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware subcomponent: Web Service API. Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI...

CVE-2017-10037

CVE-2017-10037 is a vulnerability in Oracle Fusion Middleware’s Oracle BI Publisher (Web Service API subcomponent). Affected are BI Publisher versions 11.1.1.7.0 and 11.1.1.9.0. An unauthenticated attacker with network access via HTTP can compromise BI Publisher, potentially enabling unauthorized...

Unspecified Vulnerability in Oracle BI Publisher (CNVD-2017-31688)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of Oracle's business innovation platform for enterprise and cloud environments, which provides middleware, software collections, etc. Oracle BI Publisher formerly known as XML Publisher is one of the reporting component. An unspecified...

Foreman Security Mechanism Bypass Vulnerability

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. A security vulnerability exists in Foreman versions prior to 1.7.5. A remote attacker could exploit this...

[RT-SA-2013-003] Endeca Latitude Cross-Site Scripting

Advisory: Endeca Latitude Cross-Site Scripting RedTeam Pentesting discovered a Cross-Site Scripting XSS vulnerability in Endeca Latitude. By exploiting this vulnerability an attacker is able to execute arbitrary JavaScript code in the context of other Endeca Latitude users. Details ======= Produc...