SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-openjdk (SUSE-SU-2025:03224-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03224-1 advisory. Update to version jdk8u462 icedtea-3.36.0. Security issues fixed: - CVE-2025-30749: heap corruption allows...

WSO2 API Manager XML External Entity (XXE) vulnerability

An XML External Entity XXE vulnerability exists in the gateway component of WSO2 API Manager due to insufficient validation of XML input in crafted URL paths. User-supplied XML is parsed without appropriate restrictions, enabling external entity resolution. This vulnerability can be exploited by ...

GHSA-H94W-8QHG-3XMC WSO2 API Manager XML External Entity (XXE) vulnerability

An XML External Entity XXE vulnerability exists in the gateway component of WSO2 API Manager due to insufficient validation of XML input in crafted URL paths. User-supplied XML is parsed without appropriate restrictions, enabling external entity resolution. This vulnerability can be exploited by ...

CVE-2025-2905

The CVE-2025-2905 entry describes an XML External Entity (XXE) vulnerability in the WSO2 API Manager gateway component due to insufficient validation of XML input. The issue allows unauthenticated remote attackers to read server filesystem files and perform denial-of-service (DoS) attacks. Affect...

An update on Java 17+ adoption

As a follow-up to my blog post from last years SpringOne, it is time for an update on our Java 17+ baseline efforts! We established the new baseline on our main branches, with a few milestones out already. The feedback has been very positive, not only in terms of framework improvements but also i...

CVE-2019-14843

A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Mitigation This flaw only affects the...

Security Bulletin: CVE-2020-2590 (deferred from Oracle Jan 2020 CPU)

Summary Steps to update Java for QMF Workstation & QMF Vision Vulnerability Details CVEID: CVE-2020-2590 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact,...

Security Bulletin: CVE-2020-2601 (deferred from Oracle Jan 2020 CPU)

Summary Steps to update Java for QMF Workstation & QMF Vision Vulnerability Details CVEID: CVE-2020-2601 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to obtain sensitive information...

Security Bulletin: SBB0002796

Summary Steps to update Java - QMF Workstation & QMF Vision Vulnerability Details CVEID: CVE-2019-4732 DESCRIPTION: IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute...

CVE-2019-14843

A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss E...

Design/Logic Flaw

A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss E...

CVE-2019-14843

CVE-2019-14843 affects Red Hat JBoss Enterprise Application Platform (EAP) 7.x running WildFly-based Security Manager under JDK 8/11, enabling authorization bypass that could expose unauthorized information. Connected advisories confirm this vulnerability (e.g., RHSA-2024:5856) and list a securit...

CVE-2019-14843

A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss E...

RHEL 7 : java-1.8.0-ibm (RHSA-2018:1721)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1721 advisory. - Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 Security CVE-2018-2783 - OpenJDK: incorrect merging of sections in...

sAINT - A Spyware Generator for Windows systems written in Java

sAINT is a Spyware Generator for Windows systems written in Java. Features Keylogger Take Screenshot Webcam Capture Persistence Tested On KaliLinux - ROLLING EDITION How To Use Install dependencies you need Maven and JDK 8 package installed $ apt install maven default-jdk default-jre openjdk-8-jd...

Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references

Overview Several Java implementations of AMF3 are vulnerable to insecure deserialization and XML external entities references. Description Several Java implementations of Action Message Format AMF3 are vulnerable to one or more of the following implementation errors:CWE-502: Deserialization of...

SUSE-SU-2016:1475-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - IBM Java 80-3.0 released: bsc977646 bsc977648 bsc977650 bsc979252 CVE-2016-0376 CVE-2016-0264 CVE-2016-0363 CVE-2016-3443 CVE-2016-0687 CVE-2016-0686 CVE-2016-3427 CVE-2016-3449 CVE-2016-3422 CVE-2016-3426 - There is no HtmlConverter and...

jdk8-openjdk: multiple issues

CVE-2014-3566 man-in-the-middle Nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. - CVE-2014-6549 arbitrary code execution Incorrect class loader permission check in ClassLoader...

Oracle July 2014 Critical Patch Update

Never one to skimp on patches, Oracle is expected to release 113 of them tomorrow as part of its quarterly Critical Patch Update. The company also clarified that Java 7 versions will continue to work on the end-of-life Microsoft Windows XP platform and Oracle security updates for Java on XP...