6 matches found
CVE-2019-7317
CVE-2019-7317 is a use-after-free involving png_image_free in libpng. A connected document ties this to the FLTK package, affecting versions less than 1.3.8-1, and states that upgrading to a later FLTK version resolves the issue. If applying this advisory, upgrade FLTK to 1.3.8-1 or newer for rem...
CVE-2021-21349
XStream (Java) before 1.4.16 is vulnerable to an input-stream manipulation flaw (CVE-2021-21349) that may allow a remote attacker to access data from internal resources not publicly available. The issue arises from processing the input stream during deserialization. A fix is available in XStream ...
CVE-2022-21496
CVE-2022-21496 affects Oracle Java SE and Oracle GraalVM Enterprise Edition across multiple components (JNDI, JAXP, Libraries, Hotspot) with listed affected versions. The vulnerability enables network-accessible, unauthenticated attackers to modify or access data (integrity/availability impacts) ...
CVE-2022-21443
CVE-2022-21443 is an Oracle Java SE/GraalVM EE vulnerability affecting the Libraries component. Affected: Oracle Java SE 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM EE 20.3.5, 21.3.1, 22.0.0.2. Exploitation is network-based and can lead to a partial denial of service, with unauthenticated a...
CVE-2019-10219
The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...
CVE-2021-41041
CVE-2021-41041 affects Eclipse OpenJ9 (Java VM) prior to 0.32.0. When bytecode verification is triggered by a MethodHandle invocation, the exception raised during verification may not be thrown, allowing unverified methods to be invoked via MethodHandles. This creates a potential for untrusted co...