Red Hat Security Advisory 2023-0192-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include a denial of service vulnerability.
b1365170e80dae7b983aac1b41cdf3a227b9aa44d2d0bbb054f83c9f7a2d4d74Red Hat Security Advisory 2023-0200-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a denial of service vulnerability.
66d3407e4b56bc53fd6571b3a84e0c626021a1e6d939cd1645dfcd67aa48854aRed Hat Security Advisory 2023-0197-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a denial of service vulnerability.
c13b923e24549dd6c83842ff8b7012300fc43e8e3bd41aa5974974da3238ffb0Red Hat Security Advisory 2023-0191-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include a denial of service vulnerability.
8dfc045efb2e5c6655cbef79d40adec44b6c752e71e5eee03ace774019df8d8eRed Hat Security Advisory 2023-0193-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include a denial of service vulnerability.
dd8210fe6712e6c27ee6c7d244c11f0852e1049d47db66ddef696d1f136e52dcRed Hat Security Advisory 2023-0163-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a server-side request forgery vulnerability.
d55d12dfc8660dd2ed19af26307d3d77442e78e3c73a603fb139af29c4a6822fRed Hat Security Advisory 2023-0163-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a server-side request forgery vulnerability.
d55d12dfc8660dd2ed19af26307d3d77442e78e3c73a603fb139af29c4a6822fRed Hat Security Advisory 2023-0164-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a server-side request forgery vulnerability.
616521c388a566f932319b081aa87e65cb569e58ad0c35329e4380e9a0b8cb49Debian Linux Security Advisory 5316-1 - Several out-of-memory, stack overflow or HTTP request smuggling vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework, which may allow attackers to cause a denial of service or bypass restrictions when used as a proxy.
d79e44dc740a4bdba61067f17bc2f8d1870d872798afcbc0a4bdd6ffab09ccddDebian Linux Security Advisory 5315-1 - XStream serializes Java objects to XML and back again. Versions prior to 1.4.15-3+deb11u2 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation of the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This update handles the stack overflow and raises an InputManipulationException instead.
442616c277f5fe435b492c064fd24a02dc319b343463ace4afb9427f04df76b8Red Hat Security Advisory 2023-0128-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR7-FP20. Issues addressed include a randomization vulnerability.
bdbddc7d3df8e2f53b434840a6cd8a1cb93bb002a0d7aa7fff1f98a6b17fe17cRed Hat Security Advisory 2023-0074-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. Issues addressed include deserialization and traversal vulnerabilities.
dcad900288a123d4634bb79ea34d68fb76fa1874797c13f3279e826b93e3f6d9Gentoo Linux Security Advisory 202301-9 - A vulnerability has been discovered in protobuf-java which could result in denial of service. Versions less than 3.20.3 are affected.
cc6d14bcef672773530eeb289efb90812d18552fdbb505d47acafcd798c97a92Debian Linux Security Advisory 5313-1 - It was found that those using java.sql.Statement or java.sql.PreparedStatement in hsqldb, a Java SQL database, to process untrusted input may be vulnerable to a remote code execution attack.
1d7fc878734f084dc8dcd41a06ba4458d483fcff883a09dbd6cb56025fb30b75Debian Linux Security Advisory 5312-1 - Several flaws have been discovered in libjettison-java, a collection of StAX parsers and writers for JSON. Specially crafted user input may cause a denial of service via out-of-memory or stack overflow errors.
3daa77d88d206ccc8e01f6d94f0bded06078aee0fd8414f2f8b9dacfa6025445SimpleRmiDiscoverer is a JMX RMI scanning tool for unsecured (without enabled authentication) instances of JAVA JMX. It does not use standard Java RMI/JMX classes like other available tools but rather communicates directly over TCP. The tool is written in Java and is very useful in red teaming operations because JVM is still ubiquitous in corporate environments. It can be executed by unprivileged (non-admin) users.
93daab8314c5a134f408dc5214f71dbb47eac17e499aa7e761104430bd8a7f8fRed Hat Security Advisory 2023-0005-01 - The Byte Code Engineering Library is intended to give users a convenient way to analyze, create, and manipulate Java class files.
c16ea2f401bbe704b0f32faa6312162d77ed61009599a7363e1704bafd2c7635Red Hat Security Advisory 2023-0004-01 - The Byte Code Engineering Library is intended to give users a convenient way to analyze, create, and manipulate Java class files.
53d31bbdb453e192ea80bf19110cc5ec4cf023bc100419c112bcf5235e765cfdDebian Linux Security Advisory 5307-1 - ZeddYu Lu discovered that the FTP client of Apache Commons Net, a Java client API for basic Internet protocols, trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client.
41b44ea9f6994bb126334a021ce554f5d235573bf2cf4cf42ab4a2effd6c874dRed Hat Security Advisory 2022-8958-01 - The Byte Code Engineering Library is intended to give users a convenient way to analyze, create, and manipulate Java class files.
05708bff0d4a08388956b85cd866b9546a0151ce451bc28b40079ba9692f5090Red Hat Security Advisory 2022-8959-01 - The Byte Code Engineering Library is intended to give users a convenient way to analyze, create, and manipulate Java class files.
5fcc252f1af4e3c39a853f7ae8bd2d0e8299d9a0e45b3fab82201a9663edb84aRed Hat Security Advisory 2022-8917-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.1 serves as a replacement for Red Hat JBoss Web Server 5.7.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a code execution vulnerability.
e2ebdbaf4c79d3de91c8c304faa329eba295ed6a073effe53a962cd2f1ed5044Red Hat Security Advisory 2022-8913-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.1 serves as a replacement for Red Hat JBoss Web Server 5.7.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a code execution vulnerability.
3e504f38beac3d1906cd48f6f34212f6eeba7ec47f89bcdde4c10f1dd05640deRed Hat Security Advisory 2022-8880-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR7-FP20. Issues addressed include a randomization vulnerability.
6b0e12669a496c03e3fcf417bfe87a62a2c1c1451873324aef6c10e400194730This Metasploit module exploits a privilege escalation in vSphere/vCenter due to improper permissions on the /usr/lib/vmware-vmon/java-wrapper-vmon file. It is possible for anyone in the cis group to write to the file, which will execute as root on vmware-vmon service restart or host reboot. This module was successfully tested against VMware VirtualCenter 6.5.0 build-7070488. Vulnerable versions should include vCenter 7.0 before U2c, vCenter 6.7 before U3o, and vCenter 6.5 before U3q.
e5bb28e758144ba8e3fbddf9c9f2df8795ff92df6198a13b91a6aa3fb2f54509
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed