CVE-2022-39429

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of...

[SECURITY] Fedora 35 Update: bcel-6.4.1-10.fc35

The Byte Code Engineering Library formerly known as JavaClass is intended to give users a convenient possibility to analyze, create, and manipulate binary Java class files those ending with .class. Classes are represented by objects which contain all the symbolic information of the given class:...

[SECURITY] Fedora 36 Update: bcel-6.4.1-10.fc36

The Byte Code Engineering Library formerly known as JavaClass is intended to give users a convenient possibility to analyze, create, and manipulate binary Java class files those ending with .class. Classes are represented by objects which contain all the symbolic information of the given class:...

Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Express.

Summary There are multiple vulnerabilities in Open Source Apache Tomcat that is used by IBM Cognos Express. Additionally, there are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM Cognos Express. This bulletin also addresses LOGJAM: The...

CVE-2022-32287

A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior...

CVE-2022-32287

A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior...

CVE-2022-32287

A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior...

CVE-2022-43404

A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandb...

CVE-2022-43401

A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection a...

PT-2022-26890 · Jenkins · Jenkins Pipeline: Shared Groovy Libraries Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Deprecated Groovy Libraries Plugin versions 583.vf3b 454e43966 and earlier Jenkins Pipeline: Groovy Libraries Plugin versions 612.v84da 9c54906d and earlier Description: A sandbox bypass issue allows attackers with permissio...

Jenkins Plugin Pipeline: Groovy 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin Pipeline: ...

CVE-2022-39419

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of...

Oracle Database Server 安全漏洞

Oracle Database Server is a relational database management system from Oracle Corporation. The Java VM is a Java Virtual Machine component of the database management system, and an information disclosure vulnerability exists in the Java VM component of Oracle Database Server. An attacker could...

PT-2022-24966 · Oracle · Oracle Database Server +1

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19c through 21c Description: The issue affects the Java VM component, allowing a low-privileged attacker with Create Procedure privilege and network access via Oracle Net to compromise the Java VM. This can...

Security Bulletin: IBM Integrated Information Core and WebSphere Application Server - Oracle CPU July 2015

Abstract Oracle released the July 2015 critical patch updates which contain multiple fixes for security vulnerabilities in the IBM Java Development Kit that is included with the IBM WebSphere Application Server. Content New IBM WebSphere Application Server updates are available that include an...

Security Bulletin: IBM Integrated Information Core and WebSphere Application Server - Oracle CPU October 2014

Abstract Oracle released the October 2014 critical patch updates which contain multiple fixes for security vulnerabilities in the IBM Java Development Kit that is included with the IBM WebSphere Application Server. Content New IBM WebSphere Application Server updates are available that include an...

Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearCase ( CVE-2021-35578, CVE-2021-35603, CVE-2021-35550, CVE-2021-35561, CVE-2022-21299 )

Summary There are vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which is used by IBM Rational ClearCase. These issues were disclosed as part of the IBM Java SDK updates in October 2021 and January 2022. Vulnerability Details CVEID:CVE-2021-35578 DESCRIPTION: An unspecifi...

Xtend Cross-Site Scripting Vulnerability

Xtend is a general-purpose high-level programming language for the Eclipse Foundation's Java Virtual Machine. Xtend Voice Logger version 1.0 has a security vulnerability that stems from a cross-site scripting vulnerability in the error page. An attacker can use the vulnerability to execute...

GHSA-784J-H234-M56X Protection Mechanism Failure in Jenkins Script Security Plugin

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM...

Oracle Database Server 输入验证错误漏洞

Oracle Database Server is a relational database management system from Oracle Corporation. Oracle Database Server is vulnerable to an input validation error in the Java VM in Oracle Database Server. An authenticated remote attacker could exploit this vulnerability to manipulate data...