1944 matches found
Apache Tomcat `CGIServlet` enableCmdLineArguments - Remote Code Execution
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by...
BIT-JRE-2024-21147
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0....
BIT-JRE-2022-21366
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...
BIT-JRE-2021-35586
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...
Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters
Apache Log4j Core's XmlLayout, in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification, producing invalid XML output whenever a log message or MDC value contains such characters. The impact depends on the StAX implementation in use: JRE built-in...
Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2026 - Includes Oracle January 2026 CPU
Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...
Security Bulletin: Communications Server (CS) for Data Center Deployment and CS for AIX are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2025 - Includes Oracle October 2025 CPU
Summary Communications Server CS for Data Center Deployment and CS for AIX install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database used by the TN3270 Server and...
Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle October 2024 CPU plus CVE-2024-10917
Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...
RHSA-2026:4832 Red Hat Security Advisory: java-1.8.0-ibm security update
Bulletin has no description...
MiracleLinux 3 : java-1.6.0-openjdk-1.6.0.0-1.40.1.11.11.0.1.AXS3 (AXSA:2013-427:02)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-427:02 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2013-0401 The Java Runtime Environment JRE component in Oracle Java SE ...
Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition (CVE-2025-53066, CVE-2025-53057)
Summary Multiple Vulnerabilities were disclosed as part of the JAVA October 2025 Critical Patch Update affecting IBM® SDK, Java™ Technology Edition in IBM License Key Server Administration and Reporting Tool ART and Administration Agent. For more information please refer to Oracle's CPU Advisory...
EUVD-2025-131906
CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST/REST/UpdateJRE request payload...
CVE-2025-11565
CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST /REST/UpdateJRE request payload...
CVE-2025-11565
CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST /REST/UpdateJRE request payload...
Schneider Electric PowerChute Serial Shutdown 安全漏洞
Schneider Electric PowerChute Serial Shutdown is a UPS management, normal shutdown, and energy management software from Schneider Electric France. A security vulnerability exists in Schneider Electric PowerChute Serial Shutdown that stems from an improperly restricted pathname, which could allow ...
EUVD-2008-1200
Malware in sbrugna...
EUVD-2012-1705
Malware in sbrugna...
EUVD-2008-5318
Malware in sbrugna...
EUVD-2008-5319
Malware in sbrugna...
EUVD-2007-5218
Malware in sbrugna...