Security Bulletin: IBM MQ Appliance is affected by a Java vulnerability (CVE-2021-35578)

Summary IBM MQ Appliance has resolved a Java vulnerability. Vulnerability Details CVEID: CVE-2021-35578 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact...

Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Java version used in it.(CVE-2021-2341)

Summary IBM Rational Build Forge version 8.0 to 8.0.0.20 is affected by the Java version used in it. CVE-2021-2341 Vulnerability Details CVEID: CVE-2021-2341 DESCRIPTION: An unspecified vulnerability in Java SE related to the Networking component could allow an unauthenticated attacker to obtain...

CVE-2021-22569 Denial of Service of protobuf-java parsing procedure

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

This is an example of exploiting CVE-2021-44228https://gith...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Java

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Java. Vulnerability Details CVEID: CVE-2021-2369 DESCRIPTION: An unspecified vulnerability in Java SE related to the Library component could allow an unauthenticated attacker to cause no confidentiality impac...

OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Utility. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

Apache Tomcat Java Vulnerability (Jan 2014) - Windows

Apache Tomcat is prone to a frame injection vulnerability in Javadoc. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

cn.dustlight.fun:fun-kubeless (>=0.0.2-alpha-1 <=0.0.3-alpha-1), cn.dustlight.jobless:jobless-kubernetes (>=0.0.1-alpha <=0.0.2-alpha) +76 more potentially affected by CVE-2021-25738 via io.kubernetes:client-java (>=0.2 <=11.0.0)

io.kubernetes:client-java MAVEN version =0.2, =0.0.2-alpha-1, =0.0.1-alpha, =1.0.0, =4.0.5, =0.0.3, =2.3.0, =0.2.1, =0.2.1, =0.2.1, =0.2.1, =0.2.1, =0.2.1, =0.2.3, =0.2.3, =0.2.5 and more Source cves: CVE-2021-25738 Source advisory: OSV:GHSA-M8WH-MQGF-RR8G...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Java

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Java. Vulnerability Details CVEID: CVE-2021-2161 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality...

Security Bulletin: IBM Cloud Private is vulnerable to Java vulnerabilities (CVE-2020-2773)

Summary IBM Cloud Private is vulnerable to Java vulnerabilities Vulnerability Details CVEID: CVE-2020-2773 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low...

UBUNTU-CVE-2021-2369

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows...

OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows...

openSUSE 15 Security Update : java-1_8_0-openjdk (openSUSE-SU-2021:1989-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1989-1 advisory. - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versio...

Security Bulletin: IBM DataPower Gateway affected by a vulnerability in Java Runtime (CVE-2020-2654)

Summary IBM has addressed the CVE Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown...

Security Bulletin: A vulnerability in Java affects IBM Cloud Pak for Multicloud Management Monitoring

Summary Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause th...

Security Bulletin: A vulnerability in Java affects IBM Cloud Pak for Multicloud Management Monitoring

Summary An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in...

Security Bulletin: IBM Kenexa LCMS Premier On Premise - CVE-2020-14782 (deferred from Oracle Oct 2020 CPU for Java 8)

Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries...

Security Bulletin: A vulnerability in Java affects the IBM FlashSystem models 840 and 900

Summary A vulnerability in Java CVE-2020-2781 affects IBM Flashsystem 840 and 900. Vulnerability Details CVEID: CVE-2020-2781 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting i...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Java

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Java. Vulnerability Details CVEID: CVE-2020-14781 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to obtain sensitive information...

JDK: Stack-based buffer overflow when converting from UTF-8 characters to platform encoding

In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding...