Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228 — Log4Shell PoC Lab DISCLAIMER Este...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to multiple issues due to IBM Runtime Environment Java Technology Edition Version 8

Summary There are vulnerabilities in IBM Runtime Environment Java Technology Edition Version 8 used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION:...

GHSA-47G3-MF24-6559 Vulnerability affecting the org.openjfx:javafx-media maven component of the OpenJFX project

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated...

Security Bulletin: IBM Sterling Transformation Extender is vulnerable to multiple issues due to IBM Java Runtime Environment

Summary IBM Sterling Transformation Extender uses IBM Java Runtime Environment. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause...

CVE-2023-28500

A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL. Adobe LiveCycle ES4 version 11.0.1 and later may...

Security Bulletin: Multiple Vulnerabilities (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619) affects CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. The fix removes vulnerabilities CVE-2022-21628, CVE-2022-21626, CVE-2022-21624 and CVE-2022-21619 that can allow an unauthenticated attacker to obtain...

The researchers published GAE Google App Engine sandbox escape and remote code execution vulnerability POC-vulnerability warning-the black bar safety net

Last 1 2 months, security researchers at Google App Engine Google App Engine's Java environment found a large number of high-risk vulnerabilities that an attacker can exploit these vulnerabilities to bypass Google's security sandbox protection. And recently the researchers announced these...

Sandbox escapes: Google App Engine GAE in the presence of a 3 0+a sandbox bypass vulnerability-vulnerability warning-the black bar safety net

Security researchers at Google App Engine Google App Engine's Java environment found a large number of high-risk vulnerabilities that an attacker can exploit these vulnerabilities to bypass Google's security sandbox protection. Google App Engine Google App Engine is a Google-managed data centers...

Google App Engine — More than 30 Vulnerabilities Discovered

Security researchers have discovered a number of critical vulnerabilities in the Java environment of the Google App Engine GAE that enables attackers to bypass critical security sandbox defenses. Google App Engine is Google’s PaaS Platform as a Service Cloud computing Platform for developing and...

JDK: privilege escalation via shared class cache

Unspecified vulnerability in IBM Java Runtime Environment JRE 7 R1 before SR2 7.1.2.0, 7 before SR8 7.0.8.0, 6 R1 before SR8 FP2 6.1.8.2, 6 before SR16 FP2 6.0.16.2, and before SR16 FP8 5.0.16.8 allows local users to execute arbitrary code via vectors related to the shared classes cache...

OpenJDK: Incorrect image channel verification (2D, 8012597)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...

Apache Commons Compress和Apache Ant拒绝服务漏洞

BUGTRAQ ID: 53676 CVE ID: CVE-2012-2098 Apache Commons Compress库定义了一个API，可处理ar、cpio、Unix dump、tar、zip、gzip、XZ、Pack200、bzip2文件。Apache Ant，是一个将软件编译、测试、部署等步骤联系在一起加以自动化的一个工具，大多用于Java环境中的软件开发。 Apache Commons Compress 1.4.1之前版本在使用bzip2压缩文件时存在安全漏洞，可通过发送到BZip2CompressorOutputStream类的特制文件利用此漏洞消耗系统资源，造成拒绝服...

Untrusted applet causes DoS by filling up disk space

Sun Java Runtime Environment JRE 1.5.06 and earlier, JDK 1.5.06 and earlier, and SDK 1.5.06 and earlier allows remote attackers to cause a denial of service disk consumption by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory...