PT-2024-40753 · Unknown · Checkstyle

Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: A security exception occurs in the JavaLanguageParser.expr function, potentially related to encoding issues in the UTF 8.updatePositions and UTF 8$Encoder.encodeArrayLoop functions...

PT-2024-40703 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: A security exception occurs due to a crash in the JavaLanguageParser.expr function. The issue is related to the UTF 8.updatePositions and UTF 8$Encoder.encodeArrayLoop functions in the...

PT-2024-40702 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: Java affected versions not specified Description: A security exception occurs in the JavaLanguageParser statement, specifically in the com.puppycrawl.tools.checkstyle.grammar.java package. The issue involves the weakCompareAndSetInt and...

PT-2024-40700 · Oracle · Java.Base

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A security exception crash was reported, involving the com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr and related Java functions. T...

[SECURITY] Fedora 40 Update: javassist-3.30.2-4.fc40

Javassist enables Java programs to define a new class at runtime and to modify a class file when the JVM loads it. Unlike other similar bytecode editors, Javassist provides two levels of API: source level and bytecode level. If the users use the source-level API, they can edit a class file withou...

FlyCms Security Vulnerability

sunkaifei FlyCms is sunkaifei open source application . A similar to Zhihu to Q&A based on the fully open source JAVA language development of social networking site builder . FlyCms security vulnerabilities , the vulnerability stems from /system/score/scorerulesave location cross-site request...

OpenJDK: Multiple Vulnerabilities

Background OpenJDK is an open source implementation of the Java programming language. Description Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...

PublicCMS Cross-Site Scripting Vulnerability (CNVD-2024-02991)

PublicCMS is China PublicCMS company's set of open source content management system CMS written in Java language . A cross-site scripting vulnerability exists in PublicCMS v4.0. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which ca...

PT-2024-40752 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A security exception crash was reported, involving the com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr function,...

OSV-2023-1338 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65230 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr java.base/sun.nio.cs.UTF8.updatePositions java.base/sun.nio.cs.UTF8$Encoder.encodeArrayLoop...

PT-2023-35660 · Unknown · Checkstyle

Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: A security exception occurs in the JavaLanguageParser.expr function, potentially related to encoding issues in the UTF 8.updatePositions and UTF 8$Encoder.encodeArrayLoop functions...

A Bootiful Podcast: Java Language Architect Brian Goetz

Hi, Spring fans! Are you using Java 21 in production already? No? you should listen to this episode. Yes? Then you should listen to this episode! This week, Josh Long talks to legendary Java Language Architect Brian Goetz @BrianGoetz recaping the latest-and-greatest and previewing Java.next...

UBUNTU-CVE-2023-4785

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms ex. Linux allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Jav...

JetBrains IntelliJ IDEA has an unspecified vulnerability (CNVD-2022-55673)

JetBrains IntelliJ IDEA is a suite of integrated development environments for the Java language from Czech company Jetbrains. security vulnerability exists in versions of JetBrains IntelliJ IDEA prior to 2022.1, which stems from an insufficient notification mechanism for using Unicode...

JetBrains IntelliJ IDEA Code Injection Vulnerability

JetBrains IntelliJ IDEA is a suite of integrated development environments for the Java language from Jetbrains, a Czech company.A code injection vulnerability exists in versions of JetBrains IntelliJ IDEA prior to 2022.1, which stems from the execution of native code via a link in Quick...

cron-utils: template Injection leading to unauthenticated Remote Code Execution

A flaw was found in cron-utils. This flaw allows an attacker to perform unauthenticated Remote Code Execution RCE via Java Expression Language EL injection...

Unspecified vulnerability in jpress (CNVD-2022-08352)

Jpress is Jpress team of a set of blogging platform developed using the Java language . A security vulnerability exists in jpress version 4.2.0, which originates from a failure of a networked system or product to properly filter specific elements of externally entered data during the construction...

Oracle GraalVM Input Validation Error Vulnerability

Oracle GraalVM is a set of on-the-fly compilers written in the Java language from Oracle Corporation USA.GraalVM Enterprise Edition is the enterprise version of GraalVM.An input validation error vulnerability exists in Oracle GraalVM due to an Oracle GraalVM Enterprise Edition has incorrect input...

Oracle GraalVM Input Validation Error Vulnerability (CNVD-2022-15476)

Oracle GraalVM is a set of on-the-fly compilers written in the Java language from Oracle Corporation USA.GraalVM Enterprise Edition is the enterprise version of GraalVM.An input validation error vulnerability exists in Oracle GraalVM due to an Oracle GraalVM Enterprise Edition has incorrect input...

Oracle GraalVM Input Validation Error Vulnerability (CNVD-2022-15475)

Oracle GraalVM is a set of on-the-fly compilers written in the Java language from Oracle Corporation USA. The product supports multiple programming languages and execution modes.GraalVM Enterprise Edition is the enterprise version of GraalVM.An input validation error vulnerability exists in Oracl...