OSV-2025-467 Security exception in java.base/java.lang.StringUTF16.newBytesFor

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=424839378 Crash type: Security exception Crash state: java.base/java.lang.StringUTF16.newBytesFor java.base/java.lang.AbstractStringBuilder.inflate java.base/java.lang.AbstractStringBuilder.append...

Fedora: Security Advisory for apache-commons-math (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for apache-commons-collections (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: apache-commons-math-3.6.1-18.fc40

Commons Math is a library of lightweight, self-contained mathematics and statistics components addressing the most common problems not available in the Java programming language or Commons Lang...

IBM B2B Advanced Communications 代码问题漏洞

IBM B2B Advanced Communications is a comprehensive business-to-business B2B integration solution from International Business Machines IBM. It is part of the IBM Sterling B2B Integration product family and is designed to simplify and optimize B2B interactions between businesses and partners. A...

This Week in Spring - May 30th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! This installment I write on the day of my daughter's High School graduation, an auspicious day indeed! There's a lot to get through this week, though, and I have a graduation to get to, so let's dive right in! Spring...

OpenJDK: Multiple Vulnerabilities

Background OpenJDK is an open source implementation of the Java programming language. Description Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...

[SECURITY] [DLA 2181-1] shiro security update

Package : shiro Version : 1.2.3-1+deb8u1 CVE ID : CVE-2020-1957 Debian Bug : 955018 It was discovered that there was a path-traversal issue in Apache Shiro, a security framework for the Java programming language. A specially-crafted request could cause an authentication bypass. For Debian 8...

CVE-2019-12837

The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints...

[SECURITY] Fedora 23 Update: apache-commons-collections-3.2.2-3.fc23

The introduction of the Collections API by Sun in JDK 1.2 has been a boon to quick and effective Java programming. Ready access to powerful data structures has accelerated development by reducing the need for custom container classes around each core object. Most Java2 APIs are significantly easi...

[SECURITY] Fedora 22 Update: apache-commons-collections-3.2.2-3.fc22

The introduction of the Collections API by Sun in JDK 1.2 has been a boon to quick and effective Java programming. Ready access to powerful data structures has accelerated development by reducing the need for custom container classes around each core object. Most Java2 APIs are significantly easi...

Next Hacker to Organize Biggest Java Programming Competition In Germany

Great news for Hackers and Bug-hunters who enjoy Programming and playing around with Software. A worldwide group of like-minded computer programmers is hosting The Next Hacker IPPC event on the 26th and 27th of February in Berlin, Germany, where participants can meet hackers and programmers from...

Debian Security Advisory DSA 3339-1 (openjdk-6 - security update)

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography. OpenVAS Vulnerability Test $Id: deb3339.nasl 660...

Oracle Java java.awt.image.ByteComponentRaster Overflow

Added: 10/24/2013 CVE: CVE-2013-2473 BID: 60623 OSVDB: 94336 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Oracle Java java.awt.image.ByteComponentRaster Overflow

Added: 10/24/2013 CVE: CVE-2013-2473 BID: 60623 OSVDB: 94336 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Debian DSA-2768-1 : icedtea-web - heap-based buffer overflow

A heap-based buffer overflow vulnerability was found in icedtea-web, a web browser plugin for running applets written in the Java programming language. If a user were tricked into opening a malicious website, an attacker could cause the plugin to crash or possibly execute arbitrary code as the us...

DSA-2768-1 icedtea-web - heap-based buffer overflow

Bulletin has no description...

Oracle Java Serviceability Subcomponent ProviderSkeleton Class Vulnerability

Added: 07/11/2013 CVE: CVE-2013-2460 BID: 60635 OSVDB: 94346 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Oracle Java Serviceability Subcomponent ProviderSkeleton Class Vulnerability

Added: 07/11/2013 CVE: CVE-2013-2460 BID: 60635 OSVDB: 94346 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Java MBeanInstantiator findClass and Introspector Sandbox Escape

Added: 03/04/2013 CVE: CVE-2013-0431 BID: 57726 OSVDB: 89613 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...