Shibboleth; OpenSAML Java Security Vulnerabilities
graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and...
7.4AI Score
0.002EPSS
The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them...
7.8AI Score
0.002EPSS
In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and...
7.6AI Score
0.001EPSS
AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA...
5.3AI Score
0.001EPSS
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being...
7.5CVSS
7.2AI Score
0.0005EPSS
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being...
7.2AI Score
0.0005EPSS
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...
7.1AI Score
0.001EPSS
Ion Java is vulnerable to Stack Overflow. The vulnerability is due to improper validation while deserializing Ion text encoded data, or deserializing Ion text or binary encoded data into an IonValue model. This issue can be exploited by an attacker via crafted malicious Ion data, resulting in...
6.8AI Score
0.0005EPSS
A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is...
9.8CVSS
9.4AI Score
0.002EPSS
snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error. The function shuffle(int[] input) in the file BitShuffle.java receives an array of integers and applies a bit shuffle on it.....
7.5AI Score
0.001EPSS
snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an...
7AI Score
0.0005EPSS
snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does...
7AI Score
0.001EPSS
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. maxBodyLebgth was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may.....
7.2AI Score
0.002EPSS
Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when...
8.7AI Score
0.001EPSS
Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject...
7.3AI Score
0.001EPSS
The AWS SDK for Java enables Java developers to work with Amazon Web Services. A partial-path traversal issue exists within the downloadDirectory method in the AWS S3 TransferManager component of the AWS SDK for Java v1 prior to version 1.12.261. Applications using the SDK control the...
9.3AI Score
0.001EPSS
Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has...
5.3AI Score
0.0004EPSS
snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error. The function compress(char[] input) in the file Snappy.java receives an array of characters and compresses...
7.3AI Score
0.001EPSS
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML...
7.5AI Score
0.001EPSS
The package io.socket:socket.io-client before 2.0.1 are vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload...
7.5AI Score
0.002EPSS
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file...
5.5AI Score
0.0004EPSS
The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client...
7.1AI Score
0.002EPSS
The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. ZipSecurity#isBelowCurrentDirectory is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version <=1.1.1, use ZipSecurity as a guard agains...
7AI Score
0.001EPSS
A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been rated as problematic. This issue affects the function save of the file /api/admin/store/product/save. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to.....
5.4CVSS
5.3AI Score
0.001EPSS
A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been declared as critical. This vulnerability affects the function getAdminList of the file /api/admin/store/product/list. The manipulation of the argument cateId leads to sql injection. The attack can be initiated remotely....
9.8CVSS
9.7AI Score
0.001EPSS
Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition
Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 2024 Critical Patch Update, plus CVE-2023-38264. For more information please refer to Oracle's April 2024 CPU Advisory and the X-Force database entries...
6.4AI Score
0.001EPSS
Security Bulletin: CVE-2024-3933 affects IBM® SDK, Java™ Technology Edition
Summary CVE-2024-3933 affects IBM SDK, Java Technology Edition. An update has been released to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-3933 DESCRIPTION: **Eclipse Openj9 could allow a local authenticated attacker to bypass security restrictions, caused by the failure...
6.4AI Score
0.0004EPSS
** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache...
6.5AI Score
0.001EPSS
org.postgresql, postgresql is vulnerable to Sql Injection. The vulnerability is caused due to not escaping user provided literal parameter values in SQL query when using configuration option PreferQueryMode=SIMPLE. An attacker can exploit this vulnerability to inject SQL to alter the query by...
7.8AI Score
0.001EPSS
8.3AI Score
0.0005EPSS
** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could...
7.2AI Score
0.002EPSS
7.3AI Score
Updated java-1.8.0, java-11, java-17, java-latest packages fix security vulnerabilities
Long Exception message leading to crash. (CVE-2024-21011) HTTP/2 client improper reverse DNS lookup. (CVE-2024-21012) Integer overflow in C1 compiler address generation. (CVE-2024-21068) Pack200 excessive memory allocation. (CVE-2024-21085) C2 compilation fails with "Exceeded _node_regs array"....
7.5AI Score
0.001EPSS
6.1AI Score
0.001EPSS
Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows...
5.8AI Score
0.001EPSS
8.4AI Score
0.001EPSS
7.5AI Score
java-21-openjdk security update
An update is available for java-21-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The java-21-openjdk packages provide the OpenJDK 21 Java Runtime...
7.5AI Score
0.001EPSS
java-11-openjdk security update
An update is available for java-11-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The java-11-openjdk packages provide the OpenJDK 11 Java Runtime...
7.5AI Score
0.001EPSS
java-1.8.0-openjdk security update
An update is available for java-1.8.0-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The java-1.8.0-openjdk packages provide the OpenJDK 8 Java...
7.5AI Score
0.001EPSS
Vulnerability in the Lightweight HTTP Server component of the Oracle Java SE software platform and virtual machine Oracle GraalVM Enterprise Edition is related to unrestricted resource allocation. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of...
7.4AI Score
0.002EPSS
[SECURITY] [DLA 3812-1] libpgjava security update
Debian LTS Advisory DLA-3812-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 09, 2024 https://wiki.debian.org/LTS Package : libpgjava Version : 42.2.5-2+deb10u4 CVE ID ...
0.001EPSS
A vulnerability in the Hotspot component of the Oracle Java SE software platform and Oracle GraalVM Virtual Machine Enterprise Edition exists due to insufficient input validation. Exploitation of the vulnerability could Allow a remote attacker to disclose protected information A vulnerability in...
7.1AI Score
0.002EPSS
A vulnerability in the Hotspot component of Java SE software platforms, Oracle GraalVM Enterprise Virtual Machine Edition is related to insufficient input data validation. Exploitation of the vulnerability could allow A remote attacker to create, delete, or modify access to data Vulnerability in...
6.8AI Score
0.002EPSS
GHSA-MW99-9CHC-XW7R vulnerabilities
Vulnerabilities for packages: kots, pulumi-language-yaml, scorecard, apko, tekton-pipelines, nuclei, pulumi-language-dotnet, pulumi, src-fingerprint, gomplate, goreleaser, bom, flux-source-controller-2.0, gitness, go-licenses, kubevela, pulumi-language-java, pulumi-kubernetes-operator, flux,...
7.3AI Score
CVE-2023-49568 vulnerabilities
Vulnerabilities for packages: kots, pulumi-language-yaml, scorecard, apko, tekton-pipelines, nuclei, pulumi-language-dotnet, pulumi, src-fingerprint, gomplate, goreleaser, bom, flux-source-controller-2.0, gitness, go-licenses, kubevela, pulumi-language-java, pulumi-kubernetes-operator, flux,...
7.5AI Score
0.0005EPSS
Ion Java StackOverflow vulnerability
Impact A potential denial-of-service issue exists in ion-java for applications that use ion-java to: Deserialize Ion text encoded data, or Deserialize Ion text or binary encoded data into the IonValue model and then invoke certain IonValue methods on that in-memory representation. An actor could...
7AI Score
0.0005EPSS
Moderate: java-21-openjdk security update
The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fix(es): OpenJDK: long Exception message leading to crash (8319851) (CVE-2024-21011) OpenJDK: integer overflow in C1 compiler address generation (8322122)...
7.5AI Score
0.001EPSS