RockyLinux 8 : java-21-openjdk (RLSA-2026:0928)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:0928 advisory. JDK: Improve JMX connections CVE-2026-21925 JDK: Improve HttpServer Request handling CVE-2026-21933 JDK: Enhance Certificate Checking CVE-2026-21945...

EUVD-2020-1505

Malware in sbrugna...

Security Bulletin: Multiple vulnerabilities in IBM JAVA JDK affects IBM Storage Scale packaged in IBM Storage Scale System

Summary Multiple vulnerabilities in IBM Java JDK, used by IBM Storage Scale System GUI, could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact and no availability impact. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability...

SUSE CVE-2008-3115

Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases...

Security Bulletin: Vulnerabilities in the Java JDK affect IBM Event Streams (CVE-2022-3676, CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619)

Summary There are a number of vulnerabilities in the Java JDK used by IBM Event Streams. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. By sending a...

Security Bulletin: Potential security exposure when using InfoSphere BigInsights due to vulnerability in Java JDK Version 6

Abstract IBM InfoSphere BigInsights makes use of Java Development Kit JDK Version 6. An unspecified vulnerability affecting availability has been identified in IBM Java 6 that may affect InfoSphere BigInsights. Content VULNERABILITY DETAILS: CVE-2012-0501 DESCRIPTION: An unspecified vulnerability...

Security Bulletin: InfoSphere Streams is affected by multiple vulnerabilities in the IBM Java JDK (CVE-2013-1500, CVE-2013-2412, CVE-2013-1571)

Abstract The IBM JDK shipped with InfoSphere Streams has security vulnerabilities which can potentially impact InfoSphere Streams. Content VULNERABILITY DETAILS: CVEID: CVE-2013-1500 An unspecified vulnerability in the Java Runtime Environment JRE component allows local users to affect...

Security Bulletin: Multiple Vulnerabilities in InfoSphere BigInsights due to vulnerabilities in IBM Java JDK Version 6 (CVE-2012-1717, CVE-2012-1718)

Abstract IBM InfoSphere BigInsights makes use of IBM Java Development Kit JDK Version 6. Multiple vulnerabilities have been identified in IBM Java 6, and addressed in IBM Java 6 JDK SR 11. Content VULNERABILITYDETAILS: CVE-2012-1718, CVE-2012-1717 DESCRIPTION: Vulnerabilities in the Java...

Security Bulletin: Multiple vulnerabilities in IBM JAVA JDK affects IBM Spectrum Scale packaged in IBM Elastic Storage System.

Summary Multiple vulnerabilities in IBM Java JDK, used by IBM Elastic Storage System GUI, which could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact and no availability impact. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An unspecified...

Security Bulletin: Vulnerabilities in the Java JDK affect IBM Event Streams (CVE-2021-35550, CVE-2021-35603)

Summary There are a number of vulnerabilities in the Java JDK used by IBM Event Streams. Vulnerability Details CVEID:CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting ...

Security Bulletin: Vulnerabilities in the Java JDK affect IBM Event Streams (CVE-2022-21496, CVE-2022-21434, CVE-2022-21443)

Summary There are a number of vulnerabilities in the Java JDK used by IBM Event Streams. Vulnerability Details CVEID: CVE-2022-21496 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low...

Security Bulletin: Vulnerabilities in the Java JDK affect IBM Event Streams (CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21248)

Summary There are a number of vulnerabilities in the Java JDK used by IBM Event Streams. Vulnerability Details CVEID: CVE-2022-21365 DESCRIPTION: An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting...

Elastic Elasticsearch Java Vulnerability (ESA-2022-06)

Elastic Elasticsearch is prone to a vulnerability in Java. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:elasticsearch"...

Security Bulletin: A vulnerability in IBM JAVA JDK affects IBM Spectrum Scale packaged in IBM Elastic Storage System (CVE-2022-21291)

Summary There is a vulnerability in IBM Java JDK, used by IBM Elastic Storage System GUI, which could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact and no availability impact. Vulnerability Details CVEID: CVE-2022-21291 DESCRIPTION: An unspecified...

Security Bulletin: Vulnerability in IBM JAVA JDK affects IBM Spectrum Scale (CVE-2022-21291)

Summary A vulnerability in IBM JAVA JDK could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. This library is used by the Graphical User Interface GUI of IBM Spectrum Scale. Vulnerability Details CVEID: CVE-2022-21291...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

vuln4japi A vulnerable Java based REST API for demonstrating C...

Exploit for Deserialization of Untrusted Data in Apache Log4J

This is a proof-of-concept PoC exploit for CVE-2021-44228, a v...

Security Bulletin: CVE-2020-17521 Apache Groovy's provided extension methods to aid with creating temporary directories was using a now superseded Java JDK method call that is potentiallly not secure in some situations.

Summary Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Vulnerabili...

Adobe ColdFusion 2016.x < 2016u17 / 2018.x < 2018u11 / 2021.x < 2021u1 Improper Input Validation RCE (APSB21-16)

The version of Adobe ColdFusion installed on the remote Windows host is prior to 2016.x update 17, 2018.x update 11, or 2021.x update 1. It is, therefore, affected by an unspecified input validation vulnerability as referenced in the APSB21-16 advisory that could allow remote arbitrary code...

Code injection

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the...