11 matches found
Amazon Corretto Java 8.x < 8.492.09.1 Multiple Vulnerabilities
The version of Amazon Corretto installed on the remote host is 8 prior to 8.492.09.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-8-2026-Apr-21 advisory. - An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in versions...
CVE-2026-22016
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...
Security Bulletin: IBM Security Verify Governance - Identity Manager has multiple vulnerabilities
Summary Multiple security vulnerabilities have been addressed in updates to IBM Security Verify Governance - Identity Manager software component and IBM Security Verify Governance - Identity Manager virtual appliance component. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu...
Security Bulletin: IBM Cloud Pak for Network Automation 2.5.0 fixes multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.5.0 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-31047 DESCRIPTION: Django could allow a remote attacker to bypass security restrictions. By sending a specially-crafted request, an attacker...
Security Bulletin: IBM Operational Decision Manager May 2023 - Multiple CVEs
Summary This Security Bulletin addresses the security vulnerabilities that have been fixed within the IBM Operational Decision Manager. This product now includes fixes for the following security vulnerabilities. Vulnerability Details CVEID:CVE-2023-20862 DESCRIPTION: VMware Tanzu Spring Security...
Security Bulletin: IBM Sterling Secure Proxy vulnerable to multiple issues
Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy 6.0.3.0 and are addressed in the latest iFix. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading ...
OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...
OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...
DEBIAN-CVE-2022-23437
There's a vulnerability within the Apache Xerces Java XercesJ XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present withi...
OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...
OpenJDK: inefficient use of hash tables and lists during XML parsing (JAXP, 8068842)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911...