CVE-2026-32613

Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL Spring Expression Language to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT...

EUVD-2026-23964

Spinnaker: RCE via expression parsing due to unrestricted context handling...

CVE-2026-32613

Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL Spring Expression Language to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT...

CVE-2026-32613 Spinnaker vulnerable to RCE via expression parsing due to unrestricted context handling

Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL Spring Expression Language to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT...

PT-2026-33843

Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2026.1.0 Spinnaker versions prior to 2026.0.1 Spinnaker versions prior to 2025.4.2 Spinnaker versions prior to 2025.3.2 Description Echo uses SPeL Spring Expression Language, a powerful expression language for the...

CVE-2025-11165

Affects dotCMS with its Velocity scripting engine (VTools). The issue is a sandbox escape where authenticated users with scripting privileges can bypass SecureUberspectorImpl protections by dynamically altering the Velocity runtime configuration and reinitializing its Uberspect, removing introspe...

EUVD-2004-1143

Malware in sbrugna...

PT-2024-40377 · Butterfly · Butterfly

Name of the Vulnerable Software and Affected Versions: Butterfly affected versions not specified Description: The issue allows an attacker to execute arbitrary JavaScript code on the server by using the Butterfly.prototype.parseJSON or getJSON functions on an attacker-controlled crafted input...

[SECURITY] Fedora 40 Update: jna-5.14.0-4.fc40

JNA provides Java programs easy access to native shared libraries DLLs on Windows without writing anything but Java code. JNA's design aims to provide native access in a natural way with a minimum of effort. No boilerplate or generated code is required. While some attention is paid to performance...

CVE-2023-31444

In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the Jolokia JMX-HTTP bridge...

PT-2023-23331 · Talend · Talend Studio

Name of the Vulnerable Software and Affected Versions: Talend Studio versions prior to 7.3.1-R2022-10 Talend Studio versions 8.x prior to 8.0.1-R2022-09 Description: The issue allows unauthenticated access to the Jolokia endpoint of the microservice, enabling remote access to the JVM via the...

OpenJDK: Nashorn incompletely blocking access to Java APIs (Scripting, 8171539)

It was discovered that the Nashorn JavaScript engine in the Scripting component of OpenJDK could allow scripts to access Java APIs even when access to Java APIs was disabled. An untrusted JavaScript executed by Nashorn could use this flaw to bypass intended restrictions...

CVE-2016-0768

PostgreSQL PL/Java after 9.0 does not honor access controls on large objects...

Arbitrary Code Execution Bug in Android Adobe Reader

The Android variety of Adobe Reader reportedly contains a vulnerability that could give an attacker the ability to execute arbitrary code on devices running Google’s mobile operating system. The problem arises from the fact that Adobe Reader for Android exposes a number of insecure JavaScript...

java-1_7_0-openjdk: update to icedtea-2.3.4 (critical)

java-170-openjdk was updated to icedtea-2.3.4 fixing bugs and also severe security issues: Security fixes - S8004933, CVE-2012-3174: Improve MethodHandle interaction with libraries - S8006017, CVE-2013-0422: Improve lookup resolutions - S8006125: Update MethodHandles library interactions Bug fixe...

java-1.6.0-openjdk security update

1:1.6.0.0-1.48.1.11.3 - Access gnome bridge jar is forced to have 644 permissions - Resolves: rhbz828751 1:1.6.0.0-1.47.1.11.3 - Modified patch3, java-1.6.0-openjdk-java-access-bridge-security.patch: - com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils. - packages...

Oracle Java Access Manager and OpenSSO Unspecified Vulnerability (Apr 2011)

Access Manager or OpenSSO is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Java Access Manager And OpenSSO Unspecified Vulnerability

Access Manager or OpenSSO is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 9 : java-1.6.0-openjdk-1.6.0.0-0.16.b09.fc9 (2008-6439)

Tue Jul 8 2008 Lillian Angel - 1:1.6.0-0.16.b09 - Only apply hotspot security patch of jitarches. - Wed Jul 2 2008 Lillian Angel - 1:1.6.0-0.16.b09 - Added OpenJDK security patches. - Sat Jun 7 2008 Tom 'spot' Callaway - 1:1.6.0-0.16.b09 - enable sparc/sparc64 builds - Sat May 31 2008 Thomas...

CVE-2008-2705

Unspecified vulnerability in Sun Java System Access Manager AM 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition DSEE, allows remote attackers to bypass authentication via unspecified vectors...