UBUNTU-CVE-2024-20932

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easi...

GLSA-202401-11 : Apache Batik: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-11 Apache Batik: Multiple Vulnerabilities - In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the...

Jupyter Notebook Viewer Security Vulnerability

Jupyter Notebook Viewer is a macOS application for viewing Jupyter/IPython notebooks. A security vulnerability exists in Jupyter Notebook Viewer prior to version 0.1.6, which stems from a problem with the get-task-allow function and can be exploited by an attacker to load untrusted code...

GHSA-4MQ4-7RW3-VM5J Wasmer filesystem sandbox not enforced

Summary As of Wasmer version v4.2.3, Wasm programs can access the filesystem outside of the sandbox. Details https://github.com/wasmerio/wasmer/issues/4267 PoC A minimal Rust program: fn main let f = std::fs::OpenOptions::new .writetrue .createnewtrue .open"abc" .unwrap; This should be compiled...

PT-2023-31873 · Wasmer · Wasmer

Name of the Vulnerable Software and Affected Versions: Wasmer versions prior to 4.2.4 Description: The issue affects Wasmer, a WebAssembly runtime, allowing Wasm programs to access the filesystem outside of the sandbox. This can lead to service providers running untrusted Wasm code on Wasmer...

Improper Authorization

openjdk is vulnerable to Improper Authorization. An unauthenticated attacker with network access via multiple protocols is able to potentially compromise the system and gain unauthorized access to some data. This vulnerability requires human interaction and primarily affects Java deployments...

OESA-2023-1829 openjdk-latest security update

The OpenJDK runtime environment. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK:...

K000137612: Oracle Java SE vulnerability CVE-2023-22025

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle...

CVE-2023-39913 Apache UIMA Java SDK Core, Apache UIMA Java SDK CPE, Apache UIMA Java SDK Vinci adapter, Apache UIMA Java SDK tools: Potential untrusted code execution when deserializing certain binary CAS formats

Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0. Users are recommended to upgrade to version 3.5.0, which fixes the issue. The...

CVE-2023-39913 Apache UIMA Java SDK Core, Apache UIMA Java SDK CPE, Apache UIMA Java SDK Vinci adapter, Apache UIMA Java SDK tools: Potential untrusted code execution when deserializing certain binary CAS formats

Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0. Users are recommended to upgrade to version 3.5.0, which fixes the issue. The...

Unauthorized Data Access

Oracle Java SE is vulnerable to Unauthorized Data Access. The vulnerability is due to the lack of proper authentication measures and due to running untrusted code that rely on Java sandbox for security. This results in unauthorized creation, deletion, or modification access to critical data or al...

Rocky Linux 8 : idm:DL1 and idm:client (RLSA-2021:1846)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:1846 advisory. - In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one...

Important: java-11-amazon-corretto

Issue Overview: An issue was discovered in function ciMethodBlocks::makeblockat in Oracle JDK HotSpot VM 11, 17 and OpenJDK HotSpot VM 8, 11, 17, allows attackers to cause a denial of service. CVE-2022-40433 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE...

F5 Networks BIG-IP : jQuery vulnerability (K02453220)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4. It is, therefore, affected by a vulnerability as referenced in the K02453220 advisory. In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after...

Medium: java-11-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 20.0.2; Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Easily exploitable vulnerability...

OpenJDK: memory corruption issue on x86_64 with AVX-512 (8317121)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition:...

DEBIAN-CVE-2023-22081

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise...

Debian dla-3571 : openjdk-11-dbg - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3571 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3571-1 [email protected]...

DEBIAN-CVE-2023-41039

RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to...

OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...