GHSA-HFG7-J82C-FR3W Soot Infinite Loop vulnerability

An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service DoS...

Soot Infinite Loop vulnerability

An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service DoS...

CVE-2023-46442

An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service DoS...

CVE-2023-46442

CVE-2023-46442 affects the Soot framework (Java 8) where an infinite loop in retrieveActiveBody can cause DoS. Public details confirm vulnerable versions prior to 4.4.1 and an exploit/POC exists demonstrating resource exhaustion. Remediation per sources is to upgrade to Soot 4.4.1 or later; as a ...

CVE-2023-46442

An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service DoS...

Exploit for CVE-2023-46442

CVE-2023-46442POC Environment: Java 8 POC for CVE-2023-46...

CVE-2024-27348

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue. Recent assessments: jheysel-r7...

Security Bulletin: IBM Sterling Connect:Direct FTP+ is vulnerable to various attacks due to IBM Runtime Environment Java Technology Edition Version 8

Summary IBM Java 8 is used by IBM Sterling Connect:Direct FTP+ on Solaris platform in product configuration and data transmission. IBM Sterling Connect:Direct FTP+ on Solaris platform is impacted by vulnerabilities in IBM Java 8. IBM Sterling Connect:Direct FTP+ on Solaris platform has upgraded I...

[SECURITY] Fedora 40 Update: modulemaker-maven-plugin-1.11-1.fc40

This plugin allows the creation of a module-info.class for projects on Java 6 to Java 8 where a module-info.java file cannot be compiled...

Exploit for Cross-site Scripting in Helpsystems Cobalt_Strike

Gui-poc-test A testing tool for CobaltStrike-RCE:CVE-2022-3919...

Remote code execution

This High severity RCE Remote Code Execution vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code...

Security Bulletin: IBM Integration Designer is vulnerable to a denial of service (CVE-2023-21967)

Summary The fix includes a new version of the IBM Runtime Environment Java 8 that resolve the specified vulnerability. Vulnerability Details CVEID:CVE-2023-21967 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Hotspot component could...

Security Bulletin: IBM Copy Services Manager is vulnerable to crypto attack vulnerabilities due to IBM Java 8 vulnerabilities.

Summary IBM Copy Services Manager is vulnerable to the listed attack vectors in the bundled depencency IBM Java 8.0.7.0 through 8.0.7.11. IBM Java is used by IBM Copy Services Manager as a code base and virtal machine runtime. The following vulnerabilities have been identified: CVE-2023-30441...

Amazon Corretto Java 8.x < 8.372.07.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 8 8.372.07.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-8-2023-Apr-18 advisory. - security-libs/javax.net.ssl CVE-2023-21930, CVE-2023-21967 - core-libs/java.net CVE-2023-21937 -...

Exploit for Deserialization of Untrusted Data in Apache Dubbo

CVE-2023-23638 For educational purposes only. Provided by Zo...

Exploit for Deserialization of Untrusted Data in Apache Dubbo

CVE-2023-23638 For educational purposes only. Provided by Zo...

Security Bulletin: WebSphere Application Server Liberty is vulnerable to server-side request forgery due to Apache CXF

Summary This security bulletin addresses the vulnerabilitiy in Open Source Apache CXF that affect IBM Tivoli Application Dependency Discovery Manager CVE-2022-46364. IBM Tivoli Application Dependency Discovery Manager is using Apache CXF for its SOAP API and REST API implementation. Vulnerability...

openSUSE 15 Security Update : java-1_8_0-openj9 (SUSE-SU-2022:3092-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3092-1 advisory. - In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is trigger...

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server

Summary The following security issues have been identified in the WebSphere Application and IBM HTTP Server included as part of IBM Tivoli Monitoring ITM portal server: CVE-2022-34336 CVE-2022-22477 CVE-2022-22473 CVE-2022-34165. The IBM Tivoli Monitoring include IBM HTTP Server is also affected...

TestNG is vulnerable to Path Traversal

Impact Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal only for .xml, .yaml and .yml files by default. The attack implies running an...