CVE-2018-1417

Under certain circumstances, a flaw in the J9 JVM IBM SDK, Java Technology Edition 7.1 and 8.0 allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823...

Code injection

Under certain circumstances, a flaw in the J9 JVM IBM SDK, Java Technology Edition 7.1 and 8.0 allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823...

CVE-2018-1417

CVE-2018-1417 : A flaw in the IBM J9 VM within IBM SDK Java Technology Edition 7.1 and 8.0 can allow untrusted code running under a security manager to elevate privileges. IBM X-Force ID: 138823. CVSSv3 base score 8.1 (HIGH) with network attack vector, no authentication, and all impact metrics at...

UBUNTU-CVE-2017-10350

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAX-WS. Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoco...

CVE-2017-1289

IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150...

CVE-2017-1289

CVE-2017-1289 affects IBM SDK Java Technology Edition (Java SE/JDK/JRE). The IBM bulletin details an XML External Entity (XXE) vulnerability in XML processing, enabling a remote attacker to expose sensitive data or exhaust memory. Affected IBM Java versions include older 6, 7, and 8 releases (and...

JDK: XML External Entity Injection (XXE) error when processing XML data

IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150...

[SECURITY] Fedora 26 Update: batik-1.9-3.fc26

Batik is a Javatm technology based toolkit for applications that want to use images in the Scalable Vector Graphics SVG format for various purposes, such as viewing, generation or manipulation...

There are multiple vulnerabilities in IBM SDK Java Technology Edition

IBM SECURITY ADVISORY First Issued:Wed Apr 5 23:21:06 CDT 2017 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/javajan2017advisory.asc https://aix.software.ibm.com/aix/efixes/security/javajan2017advisory.asc...

ManagEnegine ADManager Plus 6.5.40 - Multiple Vulnerabilities

Exploit for java platform in category web applications 1. ADVISORY INFORMATION ======================================== Title: ManagEnegine ADManager Plus = 6.5.40 Multiple Vulnerabilities Application: ManagEnegine Admanager Remotely Exploitable: Yes Authentication Required: Yes Versions Affected...

SQL Injection Vulnerability in Channelcode Parameter of Hopping Synergy Content Management System

HZCMS is a website group content management system based on Java and XML technology. A SQL injection vulnerability exists in the channelcode parameter of the HZCMS. An attacker can exploit the vulnerability to obtain database information...

JDK: buffer overflow vulnerability in the IBM JVM

Buffer overflow in the Java Virtual Machine JVM in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 allows remote attackers to execute arbitrary code via unspecified...

Design/Logic Flaw

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods...

CVE-2015-5041

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods...

CVE-2015-5041

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods...

CVE-2015-5041

CVE-2015-5041 : IBM J9 JVM flaw in IBM SDK, Java Technology Edition allows remote attackers to invoke non-public interface methods, potentially exposing sensitive data or allowing data injection. Affected IBM Java versions: 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 bef...

CVE-2016-0376

The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 does not properly deserialize classes in an AccessController...

Design/Logic Flaw

The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 uses the invoke method of the java.lang.reflect.Method class in an...

CVE-2016-0376

The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 does not properly deserialize classes in an AccessController...

CVE-2016-0363

CVE-2016-0363 affects IBM SDK, Java Technology Edition prior to specific SR updates: 6.0.16.25 (SR16 FP25) for 6.x, 6 R1 before SR8 FP25, 7 before SR9 FP40, 7 R1 before SR3 FP40, and 8 before SR3 (6.0.3.0–? not fully listed). The vulnerability arises when the invoke method of java.lang.reflect.Me...