49 matches found
Important: Red Hat Security Advisory: java-17-openjdk security and bug fix update
An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of...
OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...
OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...
Important: Red Hat Security Advisory: java-1.8.0-openjdk security update
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...
Important: Red Hat Security Advisory: java-11-openjdk security update
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...
OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...
OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...
OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...
Important: Red Hat Security Advisory: java-11-openjdk security update
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this...
Important: java-17-openjdk security and bug fix update
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: incorrect handling of ZIP files with duplica...
Use-After-Free
hermes-engine is vulnerable to Use-After-Free. When Hermes allows execution of untrusted JavaScript, an attacker is able to cause remote code execution due to a use-after-free bug, which is possible as a result of unsound inference in the bytecode generation when optimizations are enabled...
SUSE CVE-2018-19184
cmd/evm/runner.go in Go Ethereum aka geth 1.8.17 allows attackers to cause a denial of service SEGV via crafted bytecode...
OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...
OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...
OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...
GHSA-9339-86WC-4QGF Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. A fix for this issue was published in September 20...
Important: java-11-amazon-corretto
Issue Overview: Generated code produced by C1 may leak a package-private class to a class from a different package. CVE-2022-21540 MethodHandle.invokeBasic method can be accessed on byte code level from an arbitrary class. CVE-2022-21541 The Xalan Java XSLT library has an integer truncation issue...
Apache Xalan 输入验证错误漏洞
Apache Xalan is an open source software library from the Apache Foundation USA. Apache Xalan Java XSLT Stock in Input Validation Error vulnerability stems from an integer truncation issue when processing malicious XSLT stylesheets. The vulnerability can be exploited to corrupt Java class files...
CVE-2020-25258
CVE-2020-25258 (Hyland OnBase) affects OnBase versions 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below, and 20.3.10.1000 and below. The issue arises from using ASP.NET BinaryFormatter.Deserialize in SOAP messages, enabling an attacker to transmit and execute...