Security Bulletin: IBM Integrated Information Core and WebSphere Application Server - Oracle CPU October 2014

Abstract Oracle released the October 2014 critical patch updates which contain multiple fixes for security vulnerabilities in the IBM Java Development Kit that is included with the IBM WebSphere Application Server. Content New IBM WebSphere Application Server updates are available that include an...

Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearCase ( CVE-2021-35578, CVE-2021-35603, CVE-2021-35550, CVE-2021-35561, CVE-2022-21299 )

Summary There are vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which is used by IBM Rational ClearCase. These issues were disclosed as part of the IBM Java SDK updates in October 2021 and January 2022. Vulnerability Details CVEID:CVE-2021-35578 DESCRIPTION: An unspecifi...

CVE-2022-33915

Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. This Hotpatch package is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 or...

CVE-2022-33915

Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. This Hotpatch package is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 or...

Race condition

Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. This Hotpatch package is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 or...

Important: log4j-cve-2021-44228-hotpatch

Issue Overview: Versions of the Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3-5 are affected by a race condition that could lead to a local privilege escalation. The Apache Log4j Hotpatch is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 o...

Important: log4j-cve-2021-44228-hotpatch

Issue Overview: Versions of the Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3-5 are affected by a race condition that could lead to a local privilege escalation. The Apache Log4j Hotpatch is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 o...

Xtend Cross-Site Scripting Vulnerability

Xtend is a general-purpose high-level programming language for the Eclipse Foundation's Java Virtual Machine. Xtend Voice Logger version 1.0 has a security vulnerability that stems from a cross-site scripting vulnerability in the error page. An attacker can use the vulnerability to execute...

GHSA-784J-H234-M56X Protection Mechanism Failure in Jenkins Script Security Plugin

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM...

Oracle Database Server 输入验证错误漏洞

Oracle Database Server is a relational database management system from Oracle Corporation. Oracle Database Server is vulnerable to an input validation error in the Java VM in Oracle Database Server. An authenticated remote attacker could exploit this vulnerability to manipulate data...

CVE-2022-22965

A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain...

CVE-2022-21393

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM...

Oracle Database Server 输入验证错误漏洞

Oracle Database Server is a relational database management system from Oracle Corporation. The database management system provides data management, distributed processing, and other functions.An input validation error vulnerability exists in Oracle Database Server, which stems from an input...

Explanation of what Java API is ❓ Types. Examples

When the two most viable and essential application/software development comes together, programmers are allowed to have unmatched functionality. Java API Application Programming Interface is the perfect example of how to attain this. Acknowledged as a crucial entity for internal and open...

XStream: remote code execution due to insecure XML deserialization when relying on blocklists

A flaw was found in xstream. An unsafe deserialization of user-supplied XML, in conjunction with relying on the default deny list, allows a remote attacker to perform a variety of attacks including a remote code execution of arbitrary code in the context of the JVM running the XStream application...

JVMXRay - Make Java Security Events Of Interest Visible For Analysis

JVMXRay is a technology for monitoring access to system resources within the Java Virtual Machine. It’s designed with application security emphasis but some will also find it beneficial for software quality processes and diagnostics. More about Oracle Java Duke mascot... Contact/Chat Group New ch...

Gradle Remote Code Execution Vulnerability

Gradle is the U.S. Gradle company's set of JVM-based project build tool , it supports maven, Ivy repository and so on. A remote code execution vulnerability exists in Gradle Enterprise prior to 2021.1.2, which stems from the installation configuration user interface available to administrators...

CVE-2021-41619

An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface available to administrators allows specifying arbitrary Java Virtual Machine startup options. Some of the...

CVE-2021-41619

The CVE affects Gradle Enterprise prior to 2021.1.2. The installation configuration UI allows administrators to specify arbitrary JVM startup options (e.g., -XX:OnOutOfMemoryError), which can be abused to execute commands on the host if an attacker gains admin access. Documented impact is potenti...

Gradle 代码注入漏洞

Gradle is the U.S. Gradle company's set of JVM-based project build tool , it supports maven, Ivy repository and so on. A remote code execution vulnerability exists in Gradle Enterprise prior to 2021.1.2, which stems from the installation configuration user interface available to administrators...