2025-2 Java Security Weekly News - Canonical, GitHub
2025 » Published on January 24, 2025
 | Ubuntu Security Notices |
 | Github Security Advisories |
| [GHSA-jhvj-f397-8w6q] HAL Console has a Cross Site Scripting (XSS) vulnerability of user input org.jboss.hal:hal-console - impacts versions: < 3.7.7.Final fixed in: 3.7.7.Final [GHSA-2c6g-pfx3-w7h8] Insecure Temporary File in RESTEasy org.jboss.resteasy:resteasy-core - impacts versions: >= 6.0.0.Beta1, < 6.2.3.Final fixed in: 6.2.3.Final org.jboss.resteasy:resteasy-core - impacts versions: >= 5.0.0.Alpha1, < 5.0.6.Final fixed in: 5.0.6.Final org.jboss.resteasy:resteasy-core - impacts versions: >= 4.0.0.Beta1, < 4.7.8.Final fixed in: 4.7.8.Final org.jboss.resteasy:resteasy-multipart-provider - impacts versions: >= 6.0.0.Beta1, < 6.2.3.Final fixed in: 6.2.3.Final org.jboss.resteasy:resteasy-multipart-provider - impacts versions: >= 5.0.0.Alpha1, < 5.0.6.Final fixed in: 5.0.6.Final org.jboss.resteasy:resteasy-multipart-provider - impacts versions: >= 4.0.0.Beta1, < 4.7.8.Final fixed in: 4.7.8.Final org.jboss.resteasy:resteasy-multipart-provider - impacts versions: < 3.15.4.Final fixed in: 3.15.5.Final org.jboss.resteasy:resteasy-core - impacts versions: < 3.15.4.Final fixed in: 3.15.5.Final [GHSA-rmm7-r7wr-xpfg] XWiki Realtime WYSIWYG Editor extension allows privilege escalation (PR) through realtime WYSIWYG editing org.xwiki.platform:xwiki-platform-realtime-wysiwyg-ui - impacts versions: >= 13.9-rc-1, < 15.10.12 fixed in: 15.10.12 org.xwiki.platform:xwiki-platform-realtime-wysiwyg-ui - impacts versions: >= 16.0.0-rc-1, < 16.4.1 fixed in: 16.4.1 org.xwiki.platform:xwiki-platform-realtime-wysiwyg-ui - impacts versions: >= 16.5.0-rc-1, < 16.6.0-rc-1 fixed in: 16.6.0-rc-1 [GHSA-w3g8-r9gw-qrh8] Denial of Service in Keycloak Server via Security Headers org.keycloak:keycloak-quarkus-server - impacts versions: < 26.0.8 fixed in: 26.0.8 [GHSA-f4v7-3mww-9gc2] Keycloak allows unrestricted admin use of system and environment variables org.keycloak:keycloak-quarkus-server - impacts versions: < 26.0.8 fixed in: 26.0.8 [GHSA-vh22-6c6h-rm8q] jte's HTML templates containing Javascript template strings are subject to XSS gg.jte:jte - impacts versions: <= 3.1.15 fixed in: 3.1.16 gg.jte:jte-runtime - impacts versions: <= 3.1.15 fixed in: 3.1.16 |
 | Java CVEs |
| N/A | CVE-2018-9375 In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Published Friday, January 17, 2025 |
| N/A | CVE-2018-9379 In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Published Friday, January 17, 2025 |
| N/A | CVE-2018-9382 In multiple functions of WifiServiceImpl.java, there is a possible way to activate Wi-Fi hotspot from a non-owner profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Published Friday, January 17, 2025 |
| N/A | CVE-2018-9447 In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible way to crash the emergency callback mode due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Published Friday, January 17, 2025 |
| N/A | CVE-2018-9461 In onAttachFragment of ShareIntentActivity.java, there is a possible way for an app to read files in the messages app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Published Saturday, January 18, 2025 |
| 6.3 | CVE-2025-0558 A vulnerability classified as critical was found in TDuckCloud tduck-platform up to 4.0. This vulnerability affects the function QueryProThemeRequest of the file src/main/java/com/tduck/cloud/form/request/QueryProThemeRequest.java. The manipulation of the argument color leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published Saturday, January 18, 2025 |
| 4.8 | CVE-2025-21502 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and 21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). Published Tuesday, January 21, 2025 |
| 9.8 | CVE-2025-21535 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Published Tuesday, January 21, 2025 |
| 7.5 | CVE-2025-21549 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Published Tuesday, January 21, 2025 |
| 4.2 | CVE-2025-21553 Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.25, 21.3-21.16 and 23.4-23.6. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data as well as unauthorized read access to a subset of Java VM accessible data. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N). Published Tuesday, January 21, 2025 |
| N/A | CVE-2025-23011 Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives ("Zip Slip"). A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version (6.5.1 as of 2025-01-23). Published Thursday, January 23, 2025 |