TencentOS Server 3: java-1.8.0-openjdk (TSSA-2026:0394)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0394 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Security Bulletin: IBM Data Studio client - CVE-2023-30441

Summary IBM Java versions 8.0.7.0 - 8.0.7.11 are vulnerable to crypto attacks - Has been fixed in IBM Data Studio client 4.2.0. IBM strongly recommends addressing the vulnerability now by upgrading to release 4.2.0 Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IBM Runtime Environment,...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : OpenJDK 21 vulnerabilities (USN-7885-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7885-1 advisory. Jinfeng Guo discovered that the Security component of OpenJDK 21 did not correctly handle certain representations...

EUVD-2012-4745

Malware in sbrugna...

EUVD-2019-13428

Malware in sbrugna...

EUVD-2016-0529

Malware in sbrugna...

Security Bulletin: Multiple vulnerabilities in IBM Cognos Command Center

Summary There are vulnerabilities in IBM® Semeru Java™ used by IBM Cognos Command Center. Additionally, IBM Cognos Command Center is vulnerable to Open redirection, Clickjacking and Arbitary code execution vulnerabilities. This Security Bulletin relates only to the direct usage of third-party...

CVE-2012-2495

The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by...

Security Bulletin: IBM Security SOAR is using components with multiple known vulnerabilities (CVE-2024-21094, CVE-2024-21085, CVE-2024-21011, CVE-2023-38264)

Summary IBM Security SOAR uses an older version of Java that may be identified and exploited. An update has been released which addresses these issues. It is recommended that customers upgrade to Version 51.0.2.2 or later of IBM Security SOAR. AppHost users should upgrade to version 1.15.2.1 or...

SUSE CVE-2015-1931

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and WebSphere Message Broker

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0.5.5 and IBM® Runtime Environment Java™ Versions 7.0.10.15 & 7.0.10.10 used by IBM Integration Bus. These issues were disclosed as part of the IBM Java SDK updates in January 2018. Vulnerability Details If...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM i. Vulnerability Details CVEID: CVE-2018-2964 DESCRIPTION: An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the...

Code injection

Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Fabric Manager

Summary There are multiple vulnerabilities in IBMR SDK JavaTM Technology Edition, Version 7 used by IBM Fabric Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2018. Vulnerability Details Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects Rational Reporting for Development Intelligence

Summary There are vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 that is used by Rational Reporting for Development Intelligence RRDI. The issues were disclosed as part of the IBM Java SDK updates in October 2016 and January 2017. Vulnerability Details CVEID: CVE-2016-5597...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by z/TPF. These issues were disclosed as part of the IBM Java SDK updates in July 2017. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with this product, you shoul...

OpenJDK: ECDSA implementation timing attack (JCE, 8175110)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

VMware Horizon View Multiple Vulnerabilities (VMSA-2015-0003) (VMSA-2015-0008) (POODLE)

The VMware Horizon View installed on the remote Windows host is version 5.x prior to 5.3.4 or version 6.x prior to 6.1. It is, therefore, affected by the following vulnerabilities : - A man-in-the-middle MitM information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0...

Design/Logic Flaw

The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving 1 ActiveX or 2 Java components, aka Bug IDs CSCtz76128 and CSCtz78204...

MacOSX Cisco AnyConnect Secure Mobility Client Multiple Vulnerabilities

The remote host has a version of Cisco AnyConnect 2.5 MR6 / 3.0 MR8. Such versions are potentially affected by multiple vulnerabilities : - The WebLaunch VPN downloader implementation does not properly validate binaries that are received, which can allow remote attackers to execute arbitrary code...