Oracle Linux 8 : java-21-openjdk (ELSA-2024-0248)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0248 advisory. 1:21.0.2.0.13-1.0.1 - Add Oracle vendor bug URL 1:21.0.2.0.13-1 - Rebase to 21.0.2.0.13 Tenable has extracted the preceding description block directly...

Amazon AWS Encryption SDK Data Forgery Issue Vulnerability

The Amazon AWS Encryption SDK is a development toolkit for encryption applications from Amazon.com, Inc. A security vulnerability exists in AWS Encryption SDK for Java versions prior to 1.9.0, 2.0.0 through 2.2.0, which stems from incorrectly validating some invalid ECDSA signatures...

Artemis Java Test Sandbox Security Vulnerability

Artemis Java Test Sandbox is a JUnit 5 extension for the Applied Software Engineering TUM program at the Technical University of Munich, Germany. A security vulnerability exists in Artemis Java Test Sandbox versions prior to 1.11.2. An attacker can exploit this vulnerability to execute arbitrary...

OpenJDK: logging of digital signature private keys (8316976)

Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks o...

DEBIAN-CVE-2024-20926

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Scripting. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition:...

CVE-2024-21634 Ion Java StackOverflow vulnerability

Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in ion-java for applications that use ion-java to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the IonValue model and then...

CVE-2024-21634 Ion Java StackOverflow vulnerability

Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in ion-java for applications that use ion-java to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the IonValue model and then...

PT-2023-35655 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: Java affected versions not specified Description: The issue is related to a security exception in Java. It involves the java.base/java.lang.reflect.Array.newArray and java.base/java.lang.reflect.Array.newInstance functions, as well as the...

Security Bulletin: IBM Operator for Apache Flink is affected by a vulnerability in snappy-java (CVE-2023-43642)

Summary This security vulnerability in snappy-java which is a Java port of the snappy within IBM Operator for Apache Flink is vulnerable to Denial of Service DoS attacks when decompressing data with a too large chunk size. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is...

PT-2023-6589 · Apache +1 · Apache Santuario Xml Security For Java +1

Name of the Vulnerable Software and Affected Versions: Apache Santuario - XML Security for Java versions prior to 2.2.6 Apache Santuario - XML Security for Java versions prior to 2.3.4 Apache Santuario - XML Security for Java versions prior to 3.0.3 Description: The issue is related to the...

Oracle Java SE Security Vulnerability

Oracle Java SE is an Oracle product for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments. A security vulnerability exists in Oracle Java SE version 8u381 and 8u381-perf that originated from a vulnerability that allows an...

ai.catboost:catboost-spark_2.3_2.11 (>=1.2.1 <=1.2.7), ai.catboost:catboost-spark_2.4_2.11 (>=1.2.1 <=1.2.7) +6287 more potentially affected by CVE-2023-43642 via org.xerial.snappy:snappy-java (>=1.0.1-rc3 <=1.1.10.3)

org.xerial.snappy:snappy-java MAVEN version =1.0.1-rc3, =1.2.1, =1.2.1, =1.2.1, =1.2.1, =1.2.1, =1.2.1, =1.2.1, =1.2.1, =1.2.1, =1.2.1, =1.2.1, =1.2.3, =1.2.3, =0.13.0, =0.14.0 and more Source cves: CVE-2023-43642 Source advisory: OSV:GHSA-55G7-9CWV-5QFV...

PT-2023-16826 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: Java affected versions not specified Description: The issue is related to an integer overflow bug. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

Security Bulletin: IBM Storage Protect is vulnerable to a remote attack due to Java ( CVE-2023-21967, CVE-2023-2597 )

Summary IBM Storage Protect Server and Operations Center use Java and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2023-21967 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow a remote...

GHSA-VJ49-J7RC-H54F Esoteric YamlBeans XML Entity Expansion vulnerability

An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size,...

Aerospike Code Issue Vulnerability

Aerospike is a NoSQL database solution from Aerospike, Inc. A code issue vulnerability exists in Aerospike Java versions prior to 7.0.0 that stems from the presence of a deserialization vulnerability. An attacker can exploit this vulnerability to include specially crafted objects in a response an...

Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by Host On-Demand. Host On-Demand has provided a fix for the applicable CVEs. This issue was disclosed as part of the IBM Java SDK and Runtime Environment updates in CVE-2023-30441. Vulnerability Details...

Security Bulletin: IBM Security SOAR is using a component with multiple known vulnerabilities

Summary IBM Security SOAR uses an older version of Java that may be identified and exploited. An update has been released which addresses these issues. It is recommended upgrading to Version 49.2 or later of IBM Security SOAR. Vulnerability Details CVEID:CVE-2023-21830 DESCRIPTION: An unspecified...

OpenJDK: Swing HTML parsing issue (8296832)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable...

PT-2023-4629 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for Java versions 7.50 Description: The issue allows an unauthenticated attacker to craft a request over the network, resulting in unwarranted modifications to a system log without user interaction. It is related to incorrect...