Elasticsearch 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-07)

Elasticsearch yawkat LZ4 Java - CVE-2025-66566 ESA-2026-07 An Information Disclosure vulnerability CVE-2025-66566 exists in the yawkat LZ4 Java library used by Elasticsearch that allows an attacker to read previous buffer contents through specially crafted compressed input sent via the transport...

CVE-2025-68704

CVE-2025-68704 concerns the Jervis library used by Jenkins Job DSL plugin scripts and shared pipelines. Prior to version 2.2, Jervis relies on java.util.Random() for timing attack mitigation, which is not cryptographically secure. The vulnerability, fixed in 2.2, can affect timing-related defense...

CVE-2026-0504

Due to insufficient input handling, the SAP Identity Management REST interface allows an authenticated administrator to submit specially crafted malicious REST requests that are processed by JNDI operations without adequate input neutralization. This may lead to limited disclosure or modification...

CVE-2026-0510 Obsolete Encryption Algorithm Used in NW AS Java UME User Mapping

The User Management Engine UME in NetWeaver Application Server for Java NW AS Java utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially...

CVE-2026-0510

The CVE-2026-0510 entry concerns SAP NetWeaver Application Server for Java (NW AS Java) where the User Management Engine (UME) uses an obsolete cryptographic algorithm to encrypt User Mapping data. The documented impact is low confidentiality risk with no integrity/availability impact. Affected c...

CVE-2026-0500 Remote code execution in SAP Wily Introscope Enterprise Manager (WorkStation)

Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager WorkStation, an unauthenticated attacker could create a malicious JNLP Java Network Launch Protocol file accessible by a public facing URL. When a victim clicks on the URL the accessed Wily Introscope...

CVE-2026-0500 Remote code execution in SAP Wily Introscope Enterprise Manager (WorkStation)

Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager WorkStation, an unauthenticated attacker could create a malicious JNLP Java Network Launch Protocol file accessible by a public facing URL. When a victim clicks on the URL the accessed Wily Introscope...

CVE-2020-36843 affecting package ed25519-java for versions less than 0.3.0-1

CVE-2020-36843 affecting package ed25519-java for versions less than 0.3.0-1. A patched version of the package is available...

PT-2026-2497

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...

MiracleLinux 8 : java-21-openjdk-21.0.6.0.7-1.el8.ML.1 (AXSA:2025-9623:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9623:04 advisory. JDK: Enhance array handling CVE-2025-21502 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note that...

MiracleLinux 9 : java-17-openjdk-17.0.16.0.8-2.el9.ML.1 (AXSA:2025-10678:13)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10678:13 advisory. JDK: Better Glyph drawing CVE-2025-30749 JDK: Enhance TLS protocol support CVE-2025-30754 JDK: Improve HTTP client header handling CVE-2025-50059...

Amazon S3 Encryption Client for Java JAR Detection

Binary data s3encryptionclientjavadetect.nbin...

MiracleLinux 9 : java-17-openjdk-17.0.15.0.6-2.el9.ML.1 (AXSA:2025-9865:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9865:06 advisory. JDK: Better TLS connection support CVE-2025-21587 JDK: Improve compiler transformations CVE-2025-30691 JDK: Enhance Buffered Image handling...

Amazon S3 Encryption Client for Java < 4.0.0 Key Commitment (AWS-2025-032)

The version of Amazon S3 Encryption Client for Java on the remote host is 4.0.0. It is, therefore, affected by a key commitment vulnerability as referenced in the AWS-2025-032 advisory. Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write...

MiracleLinux 9 : java-1.8.0-openjdk-1.8.0.462.b08-3.el9.ML.1 (AXSA:2025-10686:14)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10686:14 advisory. JDK: Better Glyph drawing CVE-2025-30749 JDK: Enhance TLS protocol support CVE-2025-30754 JDK: Improve scripting supports CVE-2025-30761 JDK: Bette...

MiracleLinux 9 : java-21-openjdk-21.0.8.0.9-1.el9.ML.1 (AXSA:2025-10689:14)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10689:14 advisory. JDK: Better Glyph drawing CVE-2025-30749 JDK: Enhance TLS protocol support CVE-2025-30754 JDK: Improve HTTP client header handling CVE-2025-50059...

Jervis 安全特征问题漏洞

Jervis is an automation tool by Sam Gleske Personal Developer. A security signature issue vulnerability exists in versions prior to Jervis 2.2 that stems from the use of non-cryptographically secure java.util.Random, which may not be effective in mitigating timing attacks...

MiracleLinux 8 : java-17-openjdk-17.0.15.0.6-2.el8 (AXSA:2025-9892:08)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9892:08 advisory. JDK: Better TLS connection support CVE-2025-21587 JDK: Improve compiler transformations CVE-2025-30691 JDK: Enhance Buffered Image handling...

MiracleLinux 8 : java-17-openjdk-17.0.14.0.7-3.el8 (AXSA:2025-9605:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9605:04 advisory. JDK: Enhance array handling CVE-2025-21502 Bug Fixes: The Asianux OpenJDK packages rely on the copy-jdk-configs package to transfer configuration files to a...

MiracleLinux 9 : java-21-openjdk-21.0.6.0.7-1.el9.ML.1 (AXSA:2025-9590:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9590:02 advisory. JDK: Enhance array handling CVE-2025-21502 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note that...