56257 matches found
EUVD-2025-60994
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment properties or pass a URL used during JNDI lookup operations, enabling access to an unintended JNDI provider.�This could further lead to disclosure or modification of information about the server. There i...
CVE-2025-42884
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment properties or pass a URL used during JNDI lookup operations, enabling access to an unintended JNDI provider.�This could further lead to disclosure or modification of information about the server. There i...
CVE-2025-42919
CVE-2025-42919 affects the SAP NetWeaver Application Server Java. The vulnerability is an information disclosure caused by improper restriction of path components, allowing an unauthenticated attacker to access internal metadata files by crafting URLs. The impact is partial confidentiality loss; ...
CVE-2025-42884
CVE-2025-42884 affects SAP NetWeaver Enterprise Portal. The issue allows an unauthenticated attacker to inject JNDI environment properties or pass a URL during JNDI lookup, enabling access to an unintended JNDI provider and potentially leading to disclosure or modification of server information (...
Amazon Linux 2 : java-1.8.0-openjdk, --advisory ALAS2-2025-3072 (ALAS-2025-3072)
The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.472.b08-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3072 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product ...
QLCoder: A Query Synthesizer for Static Analysis of Security Vulnerabilities
Static analysis tools provide a powerful means to detect security vulnerabilities by specifying queries that encode vulnerable code patterns. However, writing such queries is challenging and requires diverse expertise in security and program analysis. To address this challenge, we present QLCoder...
PT-2025-46238
Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server Java affected versions not specified Description An information disclosure issue exists in SAP NetWeaver Application Server Java. An unauthenticated attacker can access internal metadata files through crafted...
SAP NetWeaver Application Server Java 路径遍历漏洞
SAP NetWeaver Application Server Java is an application server from SAP Germany that provides a Java runtime environment. The product is primarily used to develop and run Java EE applications. A path traversal vulnerability exists in SAP NetWeaver Application Server Java, which stems from the...
PT-2025-46225
Name of the Vulnerable Software and Affected Versions SAP NetWeaver Enterprise Portal affected versions not specified Description An unauthenticated attacker can inject JNDI environment properties or provide a URL during JNDI lookup operations. This could allow access to an unintended JNDI...
java-1.8.0-openjdk security update
1.8.0.472.b08-1.0.1 - Update to 8u472-b08 GA Orabug: 38571645 - Update release notes for 8u472-b08. - Drop local JDK-8339414 fix as this is now included upstream - Reset rpmrelease to 1 now there are no other RPM builds on RHEL 8 - Sync the copy of the portable specfile with the latest update -...
SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2025:4038-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4038-1 advisory. Update to version jdk8u472 icedtea-3.37.0: - CVE-2025-53057: Fixed certificate handling leading to unauthorized creation, deletion or...
CVE-2025-64518
CVE-2025-64518 affects CycloneDX core (Java). From 2.1.0 up to but excluding 11.0.1, the XML Validator in cyclonedx-core-java was insecurely configured, enabling XML External Entity (XXE) injection. The issue is tied to incomplete mitigation that fixed parsing but not validation (GHSA-683x-4444-j...
EUVD-2025-50813
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...
CVE-2025-64518 CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...
CVE-2025-64518 CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...
GHSA-6FHJ-VR9J-G45R CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
Impact The XML Validator used by cyclonedx-core-java was not configured securely, making the library vulnerable to XML External Entity XXE injection. The fix for GHSA-683x-4444-jxh8 / CVE-2024-38374 has been incomplete in that it only fixed parsing of XML BOMs, but not validation. Patches The...
CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
Impact The XML Validator used by cyclonedx-core-java was not configured securely, making the library vulnerable to XML External Entity XXE injection. The fix for GHSA-683x-4444-jxh8 / CVE-2024-38374 has been incomplete in that it only fixed parsing of XML BOMs, but not validation. Patches The...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2025-12967
An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rdssuperuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service RDS users. We recommend customers...
Security update for java-1_8_0-openjdk
This update for java-180-openjdk fixes the following issues: Update to version jdk8u472 icedtea-3.37.0: CVE-2025-53057: Fixed certificate handling leading to unauthorized creation, deletion or modification access to critical data bsc1252414 CVE-2025-53066: Fixed Path factories leading to...