2023-30 Java Security Weekly News - Jenkins, GitHub
2023 » Published on August 4, 2023
 | Jenkins Security Advisories |
 | Github Security Advisories |
 | Java CVEs |
| N/A | CVE-2023-24971 IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. IBM X-Force ID: 246976. Published Monday, July 31, 2023 |
| 6.1 | CVE-2023-34916 Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java. Published Monday, July 31, 2023 |
| 6.1 | CVE-2023-34917 Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java. Published Monday, July 31, 2023 |
| N/A | CVE-2023-38750 In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed. Published Monday, July 31, 2023 |
| N/A | CVE-2023-4055 When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Published Tuesday, August 1, 2023 |
| N/A | CVE-2023-26438 External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly were able to inject configuration that would bypass existing network deny-lists. Attackers could exploit this weakness to discover the existence of restricted network infrastructure and service availability. Improvements were made to include deny-lists not only during the check of the provided connection data, but also during use. No publicly available exploits are known. Published Wednesday, August 2, 2023 |
| N/A | CVE-2022-40609 IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069. Published Wednesday, August 2, 2023 |