CVE-2019-10080

The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE and reveal information such as the versions of Java, Jersey, and Apache that the NiFI...

Information disclosure

The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE and reveal information such as the versions of Java, Jersey, and Apache that the NiFI...

CVE-2019-14222

An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation.

Summary There are multiple vulnerabilities in IBM®Runtime Environment Java™Version 7 used by IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation. IBM Platform Cluster Manager Standard Edition, IBM Platform...

Security Bulletin: The IBM Runtime Environment Java Version 8 used by Transparent Cloud Tiering has a vulnerability which disclosed as part of the IBM Java SDK updates in April 2019

Summary The IBM Runtime Environment Java Version 8 used by Transparent Cloud Tiering has a vulnerability which disclosed as part of the IBM Java SDK updates in April 2019. Transparent Cloud Tiering has addressed the applicable vulnerability. Vulnerability Details CVEID: CVE-2019-2602 DESCRIPTION:...

SUSE-SU-2019:0049-2 Security update for java-1_7_0-openjdk

This update for java-170-openjdk to version 7u201 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support bsc1112142 - CVE-2018-3139: Better HTTP Redirection bsc1112143 - CVE-2018-3149: Enhance JNDI lookups bsc1112144 - CVE-2018-3169: Improve field accesses...

Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Transparent Cloud Tiering. Transparent Cloud Tiering has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-3139 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to...

Security Bulletin: Vulnerabilities in the Java runtime environment that IBM provides affect WebSphere DataPower XC10 Appliance

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Version 7 that affect the WebSphere DataPower XC10 Appliance. The issues were disclosed as part of the IBM SDK, Java™ Technology Edition updates in July and October 2018. Vulnerability Details CVEID: CVE-2018-2973 DESCRIPTION: An...

Security Bulletin: There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Transparent Cloud Tiering. Transparent Cloud Tiering has addressed the applicable CVEs.

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Transparent Cloud Tiering. Transparent Cloud Tiering has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-1656 DESCRIPTION: The IBM Java Runtime Environment''s Diagnostic Tooling...

Oracle Java SE Denial of Service Vulnerability (cpuoct2018) - Linux

Oracle Java SE is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WeChat Pay SDK XXE Injection

Hi List, Title XXE in WeChat Pay Sdk WeChat leave a backdoor on merchant websites ------------------------------------------ Background aMobile payments surge to $9 trillion a year, changing how people shop, borrowaeven panhandlea, as WSJ.com once reported. As a payment security researcher, I...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification

Summary There are multiple vulnerabilities in IBM® SDK Java Technology Edition, Version 6 and IBM® Runtime Environment Java Version 7 used by IBM Content Classification. These issues were disclosed as part of the IBM Java SDK updates in October 2017. Vulnerability Details CVEID: CVE-2017-10346...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2016 - Includes Oracle Oct 2016 CPU affect IBM Content Collector for File Systems

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 6 and Java™ Version 7 that is used by Content Collector for File Systems Vulnerability Details CVEID: CVE-2016-5582 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and Java SE Embedded relat...

Security Bulletin: IBM Tivoli Key Lifecycle Manager can be affected by a denial of service vulnerability in WebSphere Application Server (CVE-2014-0964)

Summary The IBM WebSphere Application Server component provided with Tivoli Key Lifecycle Manager is vulnerable to potential denial of service. Vulnerability Details CVEID: CVE-2014-0964 DESCRIPTION: The version IBM WebSphere Application Server used by Tivoli Key Lifecycle Manager is subject to a...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6, 7 and 8 used by IBM ILOG CPLEX Optimization Studio. These issues were disclosed as part of the IBM Java SDK updates in April 2018. Vulnerability Details If you run your own Java code using the IBM Java Runtim...

Security Bulletin: Multiple vulnerabilities in Java runtime from IBM affect IBM MQ and IBM MQ Appliance

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM MQ and the IBM MQ Appliance. These issues were disclosed as part of the Java SDK updates from IBM in Jan 2017. Please ensure that you read the remediation/fixes section carefully before applying...

RHEL 6 : java-1.6.0-sun (RHSA-2018:1203)

An update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

SUSE-SU-2018:0743-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issue: The version was updated to 7.1.4.20 bsc1082810 Security fixes: - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677...

SUSE-SU-2018:0630-1 Security update for java-1_7_1-ibm

This update for java-171-ibm provides the following fix: The version was updated to 7.1.4.20 bsc1082810 Security fixes: - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677...

OpenJDK: JAR verifier incorrect handling of missing digest (Security, 8169392)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successfu...