Red Hat Security Advisory 2023-4175-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
83a3c6369bdd9752a487c063987cc0f6a0810b06c9029984a1cd66fe3912d804Red Hat Security Advisory 2023-4176-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.
0dda9e3a18d728f1e2c6089aa3a15d8e7f3706b99b3ca038b203724538557316Red Hat Security Advisory 2023-4208-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.
debb5209202e6e23615d29004a64dcead48b7e1db16e0eb6b0f439d41ddafa31Red Hat Security Advisory 2023-4209-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include an integer overflow vulnerability.
fb7e3796c3a1c32137bdf76b3c1b96d31eb6d5a1cdaebd4d7eed67d2f9163aecRed Hat Security Advisory 2023-4212-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include an integer overflow vulnerability.
502e14cf3d84e4253ead1d3fb32ef25a6a9663af4db4f8c17b3a4f77d11f1376Red Hat Security Advisory 2023-4161-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for Windows serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.
b4743a1f577fb5ee07e16a414faf65145a78773fd4180e08bc70413700126f1aRed Hat Security Advisory 2023-4170-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
2c10cbd533b2a94ea4d216dfe2553df79effa161cf7633a4a9f501f36e6490efRed Hat Security Advisory 2023-4169-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
be0e1d9cdfcd585a2a014632248064fb9b82700c9fc76506df15bfc734c76120Red Hat Security Advisory 2023-4167-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.
00c1ed36ddf5fef6faa82f97a2fca81de2aa83232b7741b0eae8028f029ae3b3Red Hat Security Advisory 2023-4172-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.
35ef6159c86a9c90f963da9e20aa0fdd274810da146dde8cfb2c667f52677b31Red Hat Security Advisory 2023-4174-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.
60d2b83bae4b5c80fa369ff36fef0438c1ae7b91f5456ff63eafe98f9d139c7cRed Hat Security Advisory 2023-4171-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
d36684de3404023539789c600d2acec00d1f2a8855841710fac1347d6c81b184Red Hat Security Advisory 2023-4164-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
80ded36cf0b4676f6d7c6347abb784002ff1c7f1df40f22c3d9bfab540cbb4e9Red Hat Security Advisory 2023-4168-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.
4c8fdbefad0ac05dd14bf80c5ddce668cb6d4aab52da2fc153e4150c0edba79fRed Hat Security Advisory 2023-4173-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.
6bae0d15572a084c74f3fc310dcc877efc65a94ff1007ea941c62fa4a8888062Red Hat Security Advisory 2023-4157-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
3a3071ff5f3f2da21220de9d45364468bd459efed20352c7fd0a5b1516d222b8Red Hat Security Advisory 2023-4162-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
cd879ddd37835d6589c722e7e5bb026f1bd82ab0ed07f877caf77ed74f37a350Red Hat Security Advisory 2023-4163-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
14d94bd95068b9a88b044c156849858e7b231b9f6e97b436c0f36e1e152a1bdfRed Hat Security Advisory 2023-4165-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.
0a522aa78e90df1e7175e8f42e575bee9fd22a58d583f64a81aaddb409aa5177Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This Metasploit module will use the vulnerability to create a new admin user that will be used to upload a Openfire management plugin weaponized with a java native payload that triggers remote code execution. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the first version on the 4.8 branch, which is version 4.8.0.
88a0702601cff01264e02916f842525d503acf8b450db38e6b24d4a2d9099b89Red Hat Security Advisory 2023-4103-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR8-FP5.
bcd885781e971c74de00a58d2acc42a6ad6a8692ab15e28ae801682a3e6c5ebdThis Metasploit module is designed to exploit the JNDI injection vulnerability in Druid. The vulnerability specifically affects the indexer/v1/sampler interface of Druid, enabling an attacker to execute arbitrary commands on the targeted server. The vulnerability is found in Apache Kafka clients versions ranging from 2.3.0 to 3.3.2. If an attacker can manipulate the sasl.jaas.config property of any of the connector's Kafka clients to com.sun.security.auth.module.JndiLoginModule, it allows the server to establish a connection with the attacker's LDAP server and deserialize the LDAP response. This provides the attacker with the capability to execute java deserialization gadget chains on the Kafka connect server, potentially leading to unrestricted deserialization of untrusted data or even remote code execution (RCE) if there are relevant gadgets in the classpath. To facilitate the exploitation process, this module will initiate an LDAP server that the target server needs to connect to in order to carry out the attack.
f66b350948de8d0c6e468d03fb8436dd9af78149309b8e72facbdb3d5300a0eaDebian Linux Security Advisory 5437-1 - Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL database engine, allowed the execution of spurious scripting commands in .script and .log files. Hsqldb supports a "SCRIPT" keyword which is normally used to record the commands input by the database admin to output such a script. In combination with LibreOffice, an attacker could craft an odb containing a "database/script" file which itself contained a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.
7c544f31219784b743536b45da6065cc810499bfb45dbd1197cd11a809f8e80aDebian Linux Security Advisory 5436-1 - Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL database engine, allowed the execution of spurious scripting commands in .script and .log files. Hsqldb supports a "SCRIPT" keyword which is normally used to record the commands input by the database admin to output such a script. In combination with LibreOffice, an attacker could craft an odb containing a "database/script" file which itself contained a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.
10c658300144766f15b5f3423e106e451ef63ac07ea18305bd88c937ac36abf1Debian Linux Security Advisory 5430-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or bypass of sandbox restrictions.
a4ece4420f8b96970d286b1d8fdd46ce7c0bbe2000da066ceb03829110b5bb0d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed