MGASA-2024-0056 Updated java-17-openjdk packages fix security vulnerabilities

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: memory corruption issue on x8664 with AVX-512 8317121 CVE-2023-22025 OpenJDK: certificate path validation issue during client authentication...

[SECURITY] Fedora 40 Update: javapackages-bootstrap-1.16.0-3.fc40

In a nutshell, Java Packages Bootstrap JPB is a standalone build of all Java software packages that are required for Java Packages Tools JPT to work. In order to achieve reliable and reproducible builds of Java packages while meeting Fedora policy that requires everything to be built from source,...

cn.acooly:acooly-auth-wechat-authenticator (=5.2.1), cn.herodotus.engine:access-core (>=2.7.2.3 <=3.2.2.1) +834 more potentially affected by CVE-2024-23635 via org.owasp.antisamy:antisamy (>=1.4.3 <=1.7.4)

org.owasp.antisamy:antisamy MAVEN version =1.4.3, =2.7.2.3, =2.7.2.3, =2.7.2.3, =3.1.7.3, =2.7.2.3, =2.7.2.3, =2.7.2.3, =2.7.0.0, =3.1.5.1, =2.7.0.Beta1, =2.7.0.0, =2.7.0.Beta1, =2.7.0.0, =2.7.0.0, =3.2.2.1 and more Source cves: CVE-2024-23635 Source advisory: OSV:GHSA-2MRQ-W8PV-5PVQ...

net.enilink.komma:net.enilink.commons.ui (>=1.6.0 <=1.7.4), net.enilink.komma:net.enilink.komma.common.ui (>=1.6.0 <=1.7.4) +60 more potentially affected by CVE-2023-4218 via org.eclipse.platform:org.eclipse.ui.forms (>=3.10.0 <=3.12.0)

org.eclipse.platform:org.eclipse.ui.forms MAVEN version =3.10.0, =1.6.0, =1.6.0, =1.6.0, =1.6.0, =1.6.0, =1.6.0, =1.6.0, =1.6.0, =1.6.0, =1.6.0, =1.6.0, =1.6.0, =1.5.200, =1.6.0 and more Source cves: CVE-2023-4218 Source advisory: OSV:GHSA-J24H-XCPC-9JW8...

cn.regionsoft:ONE (=2.1.1), co.baiku.boot:ajavaer-cache (=0.3.0-RELEASES) +49 more potentially affected by CVE-2023-33202 via org.bouncycastle:bcprov-ext-jdk16 (>=1.45 <=1.46)

org.bouncycastle:bcprov-ext-jdk16 MAVEN version =1.45, =0.0.1-RELEASE, =0.0.1.RELEASE, =0.0.3.RELEASE, =0.0.1.RELEASE, =0.0.1.RELEASE, =0.0.1.RELEASE, =0.0.3.RELEASE, =0.0.1.RELEASE, =0.0.1.RELEASE, =0.0.1.RELEASE, =0.0.1.RELEASE, =0.0.9.RELEASE and more Source cves: CVE-2023-33202 Source advisor...

AlmaLinux 9 : java-1.8.0-openjdk (ALSA-2023:5733)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5733 advisory. OpenJDK: segmentation fault in ciMethodBlocks CVE-2022-40433 OpenJDK: IOR deserialization issue in CORBA 8303384 CVE-2023-22067 OpenJDK: certificate path...

MGASA-2023-0272 Updated java packages fix security vulnerabilities

The updated packages fix security vulnerabilities and a file conflict : Improper connection handling during TLS handshake. CVE-2023-21930 Incorrect enqueue of references in garbage collector. CVE-2023-21954 Certificate validation issue in TLS session negotiation. CVE-2023-21967 Swing HTML parsing...

club.mrxiao:express-java-common (>=1.0.0 <=1.0.2), club.mrxiao:express-java-jdl (>=1.0.0 <=1.0.2) +439 more potentially affected by CVE-2023-42276 via cn.hutool:hutool-json (>=4.0.0 <=5.8.21)

cn.hutool:hutool-json MAVEN version =4.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.3, =2.0.5, =2.0.1.B, =2.0.1.B, =2.0.1.B, =1.0.1, =1.0.3 and more Source cves: CVE-2023-42276 Source advisory: OSV:GHSA-RXGF-R843-G53H...

MGASA-2023-0037 Updated java/timezone packages fix security vulnerability

Improper restrictions in CORBA deserialization. CVE-2023-21830 Handshake DoS attack against DTLS connections. CVE-2023-21835 Soundbank URL remote loading. CVE-2023-21843...

Security Bulletin: Multiple Vulnerabilities in Java packages affect IBM Voice Gateway

Summary Security Vulnerabilities in Java packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2010-2245 DESCRIPTION: Apache Wink could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE error when...

RHEL 8 : java-1.8.0-openjdk (RHSA-2023:0205)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0205 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

MGASA-2022-0435 Updated java packages fix security vulnerability

Class compilation issue. CVE-2022-21540 Improper restriction of MethodHandle.invokeBasic. CVE-2022-21541 Integer truncation issue in Xalan-J. CVE-2022-34169 Improper MultiByte conversion can lead to buffer overflow. CVE-2022-21618 Improper handling of long NTLM client hostnames. CVE-2022-21619...

RHEL 8 : java-1.8.0-ibm (RHSA-2022:5837)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5837 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

acegisecurity:acegi-security (=0.7.0), acegisecurity:acegi-security-cas (=0.7.0) +9015 more potentially affected by CVE-2022-34169 via xalan:xalan (>=2.3.1 <=2.7.2)

xalan:xalan MAVEN version =2.3.1, =1.3, =0.2.0, =0.2.0, =4.1.3, =19.9.0, =19.9.4, =0.0.1, =0.0.3 and more Source cves: CVE-2022-34169 Source advisory: OSV:GHSA-9339-86WC-4QGF...

RHEL 7 : java-1.8.0-ibm (RHSA-2022:4959)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4959 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.4.0.1), ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.11) +7121 more potentially affected by CVE-2022-22978 via org.springframework.security:spring-security-core (>=2.0.0 <=5.4.10)

org.springframework.security:spring-security-core MAVEN version =2.0.0, =4.4.0.0, =0.1.8, =0.1.6, =0.1.2, =0.5.0, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.3, =1.1.0.RELEASE, =0.3, =0.3, =0.3, =0.3, =0.6 and more Source cves: CVE-2022-22978 Source advisory: OSV:GHSA-HH32-7344-CG2F...

cloud.genesys:web-messaging-sdk (>=3.0.0 <=5.0.0), cn.acooly:acooly-auth-wechat-authenticator (=5.2.1) +233 more potentially affected by CVE-2013-5960 via org.owasp.esapi:esapi (>=2.0.1 <=2.1.0)

org.owasp.esapi:esapi MAVEN version =2.0.1, =3.0.0, =5.0.0 - cn.acooly:acooly-auth-wechat-authenticator =5.2.1 - com.acooly:acooly-component-account =5.2.1 - com.acooly:acooly-component-app =5.2.1 - com.acooly:acooly-component-assetmgmt =5.2.1 - com.acooly:acooly-component-certification =5.2.1 -...

The Log4j Vulnerability Puts Pressure on the Security World

It’s not my intention to be alarmist about the Log4j vulnerability CVE-2021-44228, known as Log4Shell, but this one is pretty bad. First of all, Log4j is a ubiquitous logging library that is very widely used by millions of computers. Second, the director of the U.S. Cybersecurity & Infrastructure...

cc.jweb:jweb-adai (>=1.0.2 <=1.0.6), cc.jweb:jweb-boot (>=1.0.2 <=1.0.5) +49 more potentially affected by CVE-2021-36162 via org.apache.dubbo:dubbo (>=2.7.0 <=2.7.12)

org.apache.dubbo:dubbo MAVEN version =2.7.0, =1.0.2, =1.0.2, =1.2.1, =1.28.0, =0.0.1, =1.5.1, =2.0.1, =0.1.3, =2.4.0, =2.4.0, =2.4.0, =1.0.0, =1.0.0, =1.0, =1.1 and more Source cves: CVE-2021-36162 Source advisory: OSV:GHSA-R577-4HQ7-73QH...

AZL-34808 CVE-2021-36373 affecting package javapackages-bootstrap for versions less than 1.14.0-2

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected...