Security Bulletin: IBM Cognos Analytics is affected by multiple security vulnerabilities

Summary There are vulnerabilities in multiple Open-Source Software OSS components consumed by IBM Cognos Analytics. Please review the below vulnerabilities and take necessary remediation actions. This Security Bulletin relates only to the direct usage of third-party components by IBM Cognos...

Infinite loop

Overview org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop via the Java networking APIs. An unauthenticated attacker can cause repeated crashes or hangs by sending crafted network input to applications using the affected networking components, leading to denial of service...

EUVD-2010-3570

Malware in sbrugna...

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server Pattern shipped with IBM Cloud Pak System

Summary IBM Cloud Pak System WebSphere Application Server Pattern WAS pType is vulnerable to multiple vulnerabilities in IBM SDK. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker...

SUSE CVE-2010-3549

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

PT-2020-1466

Name of the Vulnerable Software and Affected Versions Java SE versions 7u241, 8u231, 11.0.5, and 13.0.1 Java SE Embedded version 8u231 Description The issue is related to the Networking component and can be exploited by an unauthenticated attacker with network access via multiple protocols,...

UBUNTU-CVE-2019-10648

Robocode through 1.9.3.5 allows remote attackers to cause external service interaction DNS, as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL...

OpenJDK: HTTP client insufficient check for newline in URLs (Networking, 8176751)

It was found that the HttpURLConnection and HttpsURLConnection classes in the Networking component of OpenJDK failed to check for newline characters embedded in URLs. An attacker able to make a Java application perform an HTTP request using an attacker provided URL could possibly inject additiona...

OpenJDK: newline injection in the SMTP client (Networking, 8171533)

A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...

CVE-2016-5552

CVE-2016-5552 affects Oracle Java SE, Java SE Embedded and JRockit (Networking). An unauthenticated attacker with network access can potentially compromise data by exploiting the Networking component. Affected versions include Java SE: 6u131, 7u121, 8u112; Java SE Embedded: 8u111; JRockit: R28.3....

CVE-2016-5597

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking...

CVE-2016-3485

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking...

jenkins: JNLP slaves not subject to slave-to-master access control (SECURITY-206)

Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665...

Oracle Java SE Multiple Unspecified Vulnerabilities (Windows)

This host is installed with Sun Java SE and is prone to multiple unspecified vulnerabilities. OpenVAS Vulnerability Test $Id: secpodoraclejavamultunspecifiedvulnwinfeb11.nasl 7699 2017-11-08 12:10:34Z santu $ Oracle Java SE Multiple Unspecified Vulnerabilities - Feb11 Windows Authors: Madhuri D...

OpenJDK HttpURLConnection request splitting (6952017)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU...

CVE-2010-3574

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...