BIT-JRE-2022-21624

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

EUVD-2007-4347

Malware in sbrugna...

EUVD-2010-3544

Malware in sbrugna...

RHEL 6 : jbossas-web and jboss-naming (RHSA-2012:1027)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1027 advisory. JBoss Application Server is the base package for JBoss Enterprise Web Platform, providing the core server components. The Java Naming and...

CVE-2023-25141

Apache Sling JCR Base 3.1.12 has a critical injection vulnerability when running on old JDK versions JDK 1.8.191 or earlier through utility functions in RepositoryAccessor. The functions getRepository and getRepositoryFromURL allow an application to access data stored in a remote location via JDN...

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

USN-3824-1: OpenJDK 7 vulnerabilities

It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...

USN-3804-1: OpenJDK vulnerabilities

It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...

OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)

It was discovered that the JNDI component in OpenJDK did not handle DNS resolution errors correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution...

MGASA-2014-0189 Updated java-1.7.0-openjdk packages fix multiple security vulnerabilities

Updated java-1.7.0-openjdk packages fix security vulnerabilities: An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application...

Important: Red Hat Security Advisory: JBoss Enterprise BRMS Platform 5.3.0 update

JBoss Enterprise BRMS Platform 5.3.0, which fixes multiple security issues, various bugs, and adds enhancements is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS...

Security feature bypass

The Java Naming and Directory Interface JNDI implementation in IBM WebSphere Application Server WAS 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information via ...

CVE-2010-3548

Unspecified vulnerability in the Java Naming and Directory Interface JNDI component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.227 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October...

IBM WebSphere Application Server 6.0 < 6.0.2.39 Multiple Vulnerabilities

IBM WebSphere Application Server 6.0 before Fix Pack 39 for 6.0.2 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - A cross-site request forgery vulnerability exists due to insufficient validation of user-supplied input by the...

IBM WebSphere Application Server 7.0 < Fix Pack 7

IBM WebSphere Application Server 7.0 before Fix Pack 7 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - A cross-site request forgery vulnerability exists due to insufficient validation of user-supplied input by the administrative console...