Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
java vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-36114
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memor...
NA
CVE-2023-46442
An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows malicious users to cause a Denial of Service (DoS).
1 Github repository
NA
CVE-2024-3967
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization.
NA
CVE-2024-32888
The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform, Enterprise Editions. Prior to version 2.1.0.28, SQL injection is possible when using the...
NA
CVE-2024-4701
A path traversal issue potentially leading to remote code execution in Genie for all versions before 4.3.18
1 Github repository
NA
CVE-2024-30171
An issue exists in Bouncy Castle Java TLS API and JSSE Provider prior to 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.
NA
CVE-2024-30172
An issue exists in Bouncy Castle Java Cryptography APIs prior to 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.
NA
CVE-2024-29857
An issue exists in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) prior to 1.78, BC Java LTS prior to 2.73.6, BC-FJA prior to 1.0.2.5, and BC C# .Net prior to 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during ...
NA
CVE-2024-28866
GoCD is a continuous delivery server. GoCD versions from 19.4.0 to 23.5.0 (inclusive) are potentially vulnerable to a reflected cross-site scripting vulnerability on the loading page displayed while GoCD is starting, via abuse of a `redirect_to` query parameter with inadequate va...
NA
CVE-2023-38264
The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 up to and including 7.1.5.21 and 8.0.0.0 up to and including 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth d...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »