PT-2022-36727 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: Java affected versions not specified Description: A security exception occurs due to a crash in the Double.parseDouble function, which is called by FloatingDecimal.readJavaFormatString and FloatingDecimal.parseDouble. Recommendations: At the...

PT-2022-36720 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: Java affected versions not specified Description: The issue is related to a security exception in the Double.parseDouble function, which is called by FloatingDecimal.readJavaFormatString and FloatingDecimal.parseDouble. This suggests a...

Security Bulletin: IBM Sterling Order Management Jave vulnerability

Summary Java SE related to the 2D component could allow a remote attacker Vulnerability Details CVEID:CVE-2014-0459 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the 2D component could allow a remote attacker to cause a denial of service. CVSS Base score: 4.3 CVSS Tempora...

ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +20740 more potentially affected by CVE-2022-3171 via com.google.protobuf:protobuf-java (>=2.0.3 <=3.16.1)

com.google.protobuf:protobuf-java MAVEN version =2.0.3, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.10 and more Source cves: CVE-2022-3171 Source advisory: OSV:GHSA-H4H5-3HR4-J3G2...

ai.bareun.tagger:bareun (>=1.0.0 <=1.4.1), ai.djl.serving:serving (=0.19.0) +3733 more potentially affected by CVE-2022-3171 via com.google.protobuf:protobuf-java (>=3.21.0-rc-1 <=3.21.6)

com.google.protobuf:protobuf-java MAVEN version =3.21.0-rc-1, =1.0.0, =3.42.0.2-1-3.4, =0.0.1, =22.3.2, =22.3.2, =22.3.2, =22.3.2, =1.0.0-beta01, =1.0.0-beta01, =1.0.0-beta06 - at.ac.ait.lablink.clients:universalapiclient =0.1.0 and more Source cves: CVE-2022-3171 Source advisory:...

Security Bulletin: Vulnerability in IBM SDK, Java Technology (CVE-2021-41041) affects Power HMC

Summary IBM Java is used by IBM Power Hardware Management Console HMC for running java applications and services. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2021-41041 by upgrading IBM Power Hardware Management Console HMC respective PTF and thus addressing the...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Java

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Java. Vulnerability Details CVEID:CVE-2021-2163 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality...

AlmaLinux 8 : java-11-openjdk (5683) (ALSA-2022:5683)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5683 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affecte...

Security Bulletin: IBM MQ Appliance is affected by a Java vulnerability (CVE-2021-35550)

Summary IBM MQ Appliance has resolved a Java vulnerability. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality...

Security Bulletin: IBM MQ Appliance is affected by a Java vulnerability (CVE-2021-35603)

Summary IBM MQ Appliance has resolved a Java vulnerability. Vulnerability Details CVEID: CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality...

io.github.comet-crypto:lib (>=0.2 <=0.2.3), io.socket:socket.io-server (>=3.0.0 <=3.0.1) potentially affected by CVE-2022-25867 via io.socket:socket.io-client (=2.0.0)

io.socket:socket.io-client MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on io.socket:socket.io-client and may be impacted: - io.github.comet-crypto:lib =0.2, =3.0.0, =3.0.1 Source cves: CVE-2022-25867 Source advisory:...

Security Bulletin: Java Vulnerability Affects IBM Sterling Connect:Direct Browser User Interface (CVE-2018-1656)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM Sterling Connect:Direct Browser User Interface. These issues were disclosed as part of the IBM Java SDK updates in Sep 2018. Vulnerability Details CVEID: CVE-2018-1656 DESCRIPTION:...

Security Bulletin: IBM Sterling Connect:Direct Browser User Interface has multiple vulnerabilities due to IBM Java

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2022-21365 DESCRIPTION: An unspecified vulnerability in Java SE related to the ImageIO componen...

PT-2022-20637 · Suse · Suse Manager Server +1

Name of the Vulnerable Software and Affected Versions: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1 SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37-1 Description: A Observable Response Discrepancy issue in spacewalk-java of SUSE Manager Server allows remote...

com.clever-cloud:biscuit-pulsar (>=1.1.13 <=2.3.2), com.clever-cloud:integration-test (>=1.2.0 <=1.4.6) +1 more potentially affected by CVE-2022-31053 via com.clever-cloud:biscuit-java (>=0.2.7 <=1.1.4)

com.clever-cloud:biscuit-java MAVEN version =0.2.7, =1.1.13, =1.2.0, =1.5.0, =1.5.5 Source cves: CVE-2022-31053 Source advisory: OSV:GHSA-75RW-34Q6-72CR...

OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

GHSA-8GWC-X7MG-7P7P Apache XML Security For Java vulnerable to Infinite Loop

Affected versions of xmlsec are subject to a denial of service vulnerability. Should a user check the signature of a message larger than 512 MB, the method expandSizeint newPos of class org.apache.xml.security.utils.UnsyncByteArrayOutputStream goes in an endless loop. A remote attacker could use...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Java

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Java. Vulnerability Details CVEID: CVE-2022-21365 DESCRIPTION: An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service...

Amazon Corretto Java 8.x < 8.232.09.2 Vulnerability

The version of Amazon Corretto installed on the remote host is prior to 8 8.232.09.2. It is, therefore, affected by a vulnerability as referenced in the corretto-8-2019-Nov-20 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

DWSurvey 代码问题漏洞

DWSurvey is a survey system written in Java. DWSurvey v3.2.0 has a security vulnerability that allows an attacker to write arbitrary files via the component /utils/ToHtmlServlet.java...