6 matches found
CVE-2022-40609
CVE-2022-40609 describes an unsafe deserialization flaw in IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 , enabling a remote attacker to execute arbitrary code through specially crafted data. The IBM bulletin cites an IBM X-Force base likely high severity (base score 8.1, CVSS 3.x) and no...
CVE-2019-4732
CVE-2019-4732 affects IBM SDK Java Technology Edition: IBM Java 7.x (7.0.0.0–7.0.10.55, 7.1.0.0–7.1.4.55) and 8.0.0.0–8.0.6.0 could allow a local authenticated attacker to execute arbitrary code due to DLL search order hijacking on Windows. Exploitation would require placing a crafted file in a c...
CVE-2018-1890
CVE-2018-1890 affects IBM SDK Java Technology Edition Version 8 on the AIX platform, where absolute RPATHs in the JVM launcher may enable local code injection and privilege escalation. The vulnerability is documented across IBM advisories (e.g., January 2019 CPU/IBM Java SDK bulletins) and is ref...
CVE-2018-1656
CVE-2018-1656 affects IBM Java Runtime Environment’s Diagnostic Tooling Framework for Java (DTFJ) and is referenced in IBM advisories for IBM Tivoli Netcool/ITNCM (6.4.1.x, 6.4.2.x). The underlying issue is path traversal when extracting compressed dump files. Remediation details in the connected...
CVE-2017-1289
CVE-2017-1289 affects IBM SDK Java Technology Edition (Java SE/JDK/JRE). The IBM bulletin details an XML External Entity (XXE) vulnerability in XML processing, enabling a remote attacker to expose sensitive data or exhaust memory. Affected IBM Java versions include older 6, 7, and 8 releases (and...
CVE-2016-3956
CVE-2016-3956 describes an HTTP bearer token leak in the npm CLI, allowing a remote attacker to obtain sensitive information via Authorization headers. Affected npm versions include prior to 2.15.1 and 3.x prior to 3.8.3, used with Node.js 0.10 (before 0.10.44), 0.12 (before 0.12.13), 4 (before 4...