Security Bulletin: Upgrade javaenv:2.2 to address Gradle oauth authentication concerns.

Summary The version of Gradle shipped in the Fabric java chaincode environment image version 2.2. javaenv.2.2 depends on a vulnerable version of the google ouatth client. Vulnerability Details CVEID: CVE-2020-7692 DESCRIPTION: Google APIs google-oauth-java-client could allow a remote attacker to...

mariadb-java-client bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

Google APIs google-oauth-java-client security bypass vulnerability

Google google-oauth-java-client Google OAuth Client Library for Java is a U.S. Google Google company's a Java-based Google OAuth Open Authorization client library. Google com.google.oauth-client: A security vulnerability exists in versions prior to google-oauth-client 1.31.0. An attacker can...

Huawei EulerOS: Security Advisory for thrift (EulerOS-SA-2019-1458)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Eclipse Paho Java client library input validation error vulnerability

Eclipse Paho Java client library is the Eclipse Foundation of a use of the Java language written in MQTT Message Queuing Telemetry Transport client library . An input validation error vulnerability exists in the Eclipse Paho Java client library version 1.2.0. The vulnerability originates from a...

GHSA-63QC-P2X4-9FGF Improper Handling of Exceptional Conditions and Origin Validation Error in Eclipse Paho Java client library

In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information...

CVE-2019-11777

CVE-2019-11777 – confirmed in connected documents : The Eclipse Paho Java client library (v1.2.0) could bypass host name verification when connecting to an MQTT server over TLS, if a host name verifier is configured, allowing a server to impersonate another and feed the client library with incorr...

thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...

EulerOS Virtualization 3.0.1.0 : thrift (EulerOS-SA-2019-1458)

According to the versions of the thrift packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security...

Apache Thrift Java client library authorization issue vulnerability

Apache Thrift is the United States Apache Apache Software Foundation for cross-platform development framework. Java client library is one of the client library . An authorization issue vulnerability exists in the Apache Thrift Java client library versions 0.5.0 through 0.11.0, which can be...

CVE-2018-1320

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...

CVE-2018-1320

CVE-2018-1320 affects Apache Thrift: Java client library versions 0.5.0–0.11.0. The issue stems from an assert in TSaslTransport.isComplete that validates SASL handshakes; disabling this check can leave SASL negotiation validation incomplete, enabling a security bypass. Multiple connected sources...

CVE-2018-1320

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...

Input validation

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...

CVE-2018-1320

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...

DEBIAN-CVE-2018-1320

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...

UBUNTU-CVE-2018-1320

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...

CVE-2018-1320

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...

Man-in-the-Middle (MitM)

spring-rabbit is vulnerable to man-in-the-middle attacks. The Spring RabbitMQ Java client does not perform SSL hostname validation and accepts SSL certificates as long as they are trusted. This allows attackers to perform man-in-the-middle attacks between the RabbitMQ Java client and server...

Remote code execution

The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks...