Security Bulletin: Multiple vulnerabilities reported in YAJSW service shipped in IBM WebSphere eXtreme Scale Liberty Deployment

Summary YAJSWYet Another Java Service Wrapper uses Apache Commons and Netty to manage services, launch and monitor application etc. WebSphere eXtreme Scale Liberty deployments, uses YAJSW to register services with the operating system. CVE-2025-27553, CVE-2025-30474 and CVE-2025-25193...

EUVD-2024-54959

Malicious code in bioql PyPI...

CVE-2024-40653

In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

CVE-2024-40653

In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

CVE-2024-40653

In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. in the United States. A security vulnerability exists in Google Android that stems from a logic error in ConnectionServiceWrapper.java that could lead to local elevation of privilege...

Malicious code in email-service-wrapper (npm)

The package email-service-wrapper was found to contain malicious code...

MAL-2025-19552 Malicious code in email-service-wrapper (npm)

The package email-service-wrapper was found to contain malicious code...

CVE-2020-6958

An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper YAJSW 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service...

CVE-2024-40656

In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability caused by an obfuscated agent in handleCreateConferenceComplete of ConnectionServiceWrapper.java. An attacker can exploit this vulnerability to obtain...

PT-2024-28970 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to the handleCreateConferenceComplete function in ConnectionServiceWrapper.java, where a confused deputy could lead to revealing...

CVE-2022-20006

In several functions of KeyguardServiceWrapper.java and related files,, there is a possible way to briefly view what's under the lockscreen due to a race condition. This could lead to local escalation of privilege if a Guest user is enabled, with no additional execution privileges needed. User...

CVE-2020-6958

An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper YAJSW 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service...

Xxe

An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper YAJSW 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service...

Yet Another Java Service Wrapper Code Issue Vulnerability

NSA Ghidra is an open source reverse engineering tool from the National Security Agency NSA. A code issue vulnerability exists in JnlpSupport in Yet Another Java Service Wrapper YAJSW version 12.14 used in NSA Ghidra and other products. A remote attacker could exploit this vulnerability to obtain...

CVE-2020-6958

CVE-2020-6958 describes an XXE vulnerability in JAWS’ JnlpSupport (YAJSW) version 12.14, used by NSA Ghidra and others. The flaw could allow data exfiltration from remote hosts and may cause a denial of service. The provided documents do not include concrete exploit details or remediation steps. ...

rs-brightcove remote code execution vulnerability

rs-brightcove is a set of wrapper tools for the brightcove web API. A security vulnerability exists in rs-brightcove, which originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the response an...

Important: Red Hat Security Advisory: jakarta-commons-daemon-jsvc security update

An updated jakarta-commons-daemon-jsvc package that fixes one security issue is now available for JBoss Enterprise Web Server 1.0 for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVS...