Security Bulletin: IBM Security SOAR is using a component with multiple known vulnerabilities (CVE-2023-22081, CVE-2023-22067, CVE-2023-5676)

Summary IBM Security SOAR uses an older version of Java that may be identified and exploited. An update has been released which addresses these issues. It is recommended that customers upgrade to Version 51.0.0.2 or later of IBM Security SOAR. AppHost users should upgrade to version 1.15.1.1...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Java

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Java. Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of...

Cloud Foundry products uses vulnerable versions of Java | Cloud Foundry

Severity Critical Vendor Cloud Foundry Affected Cloud Foundry Products and Versions Severity is Critical unless otherwise noted. Credhub 1.7.x prior to 1.7.9 1.9.x prior to 1.9.9 2.1.x prior to 2.1.2 Java Buildpack All versions prior to 4.16.1 Ruby Buildpack All versions prior to 1.7.25 UAA Relea...

org.apache.juddi.client.plugins:juddi-client-plugins (>=3.2.1 <=3.3.4), org.apache.juddi.client.plugins:juddi-ddl-generator (>=3.2.1 <=3.3.4) +28 more potentially affected by CVE-2018-1307 via org.apache.juddi:juddi-client (>=3.2.0 <=3.3.4)

org.apache.juddi:juddi-client MAVEN version =3.2.0, =3.2.1, =3.2.1, =3.2.1, =3.2.0, =3.2.0, =3.2.0, =3.2.0, =3.2.0, =3.2.0, =3.2.0, =3.3.0, =3.2.0, =3.3.10 and more Source cves: CVE-2018-1307 Source advisory: OSV:GHSA-P99P-726H-C8V5...

Java enabled browsers are highly vulnerable

Oracle has released emergency patches multiple of times in recent months for Java for one after another set of vulnerabilities. About 100 million computers reported to be vulnerable to unauthorized access via different flaw in Java software. Department of Homeland Security's US-CERT already warne...

New Mac Malware, SabPub, Used In Targeted Attacks

Researchers at Kaspersky Lab says a new malicious program, dubbed SabPub, exploits the same Java security hole as the Flashback Trojan and enables targeted attacks against Mac users. The new malware was identified in a blog post by Kaspersky Lab expert Costin Raiu on Saturday and is described as ...

Many Mac Users Running Vulnerable Java Versions

Researchers have known for a long time that many users don’t pay much attention to updating the third-party software, browser plugins and extensions, and that lack of care has been to the benefit of attackers for years. Attacks on Flash, Java, QuickTime and various other ubiquitous apps have been...

JDK unspecified vulnerability in 2D component

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October...

OpenJDK: Possibility of trusted applet run in older, vulnerable version of JRE (6706490)

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490...

Java-API calls in untrusted Javascript allow network privilege escalation

Unspecified vulnerability in Sun JDK and Java Runtime Environment JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java AP...

security flaw

Unspecified vulnerability in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 6 and earlier, Java System Development Kit SDK and JRE 1.4.212 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allows attackers to use untrusted applets to "access data in other...