Important: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...

OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...

Important: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...

ALSA-2023:1880 Important: java-11-openjdk security update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: improper connection handling during TLS handshake 8294474 CVE-2023-21930 OpenJDK: Swing HTML parsing issue 8296832 CVE-2023-21939 OpenJDK:...

Windows Shell, Reverse TCP (via jjs)

Connect back and create a command shell via jjs Module Options msf use payload/cmd/windows/jjsreversetcp msf payloadjjsreversetcp show actions ...actions... msf payloadjjsreversetcp set ACTION msf payloadjjsreversetcp show options ...show and set options... msf payloadjjsreversetcp run This modul...

openSUSE Security Update : java-11-openjdk (openSUSE-2021-719)

This update for java-11-openjdk fixes the following issues : - Update to upstream tag jdk-11.0.11+9 April 2021 CPU - CVE-2021-2163: Fixed incomplete enforcement of JAR signing disabled algorithms bsc1185055 - CVE-2021-2161: Fixed incorrect handling of partially quoted arguments in ProcessBuilder...

Security update for java-11-openjdk (important)

openSUSE Security Update: Security update for java-11-openjdk Announcement ID: openSUSE-SU-2021:0719-1 Rating: important References: 1184606 1185055 1185056 Cross-References: CVE-2021-2161 CVE-2021-2163 CVSS scores: CVE-2021-2161 NVD : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-216...

SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2021:1554-1)

This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.11+9 April 2021 CPU - CVE-2021-2163: Fixed incomplete enforcement of JAR signing disabled algorithms bsc1185055 - CVE-2021-2161: Fixed incorrect handling of partially quoted arguments in ProcessBuilder...

OpenJDK: Incorrect handling of partially quoted arguments in ProcessBuilder on Windows (Libraries, 8250568)

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2...

OpenJDK: Incorrect handling of partially quoted arguments in ProcessBuilder on Windows (Libraries, 8250568)

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2...

SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2021:1314-1)

This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.11+9 April 2021 CPU - CVE-2021-2163: Fixed incomplete enforcement of JAR signing disabled algorithms bsc1185055 - CVE-2021-2161: Fixed incorrect handling of partially quoted arguments in ProcessBuilder...

SUSE-SU-2021:1314-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.11+9 April 2021 CPU CVE-2021-2163: Fixed incomplete enforcement of JAR signing disabled algorithms bsc1185055 CVE-2021-2161: Fixed incorrect handling of partially quoted arguments in ProcessBuilder...

Unix Command Shell, Bind TCP (via jjs)

Listen for a connection and spawn a command shell via jjs This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 795 include Msf::Payload::Single include Msf::Sessions::CommandShellOption...

Unix Command Shell, Reverse TCP (via jjs)

Connect back and create a command shell via jjs This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 863 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def...

Design/Logic Flaw

The Apache OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the serviceContent parameter in the request and deserializes it using XStream. This XStream instance is slightly guard...

CVE-2018-17200

The Apache OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the serviceContent parameter in the request and deserializes it using XStream. This XStream instance is slightly guard...

Pippo Remote Code Execution Vulnerability

Pippo is a Java-based Web framework . A remote code execution vulnerability exists in Pippo 1.11.0 and earlier versions, which stems from the XstreamEngine component failing to use the defense mechanisms available to XStream to limit anti-grouping, and can be exploited by a remote attacker to...