Packages
Get Gentoo!
gentoo.org sites
gentoo.org
Wiki
Bugs
Forums
Packages
Planet
Archives
Sources
Infra Status
Home
Packages
Maintainers
USE flags
Architectures
About
Gentoo Project
Java
Packages
398
Outdated
45
Pull requests
38
Bugs
134
Security
29
Changelog
Security Bug Reports
<dev-java/fop-2.3: XML external entity processing vulnerability
616474 - Assigned to Gentoo Security
<dev-java/bcprov-1.65: Multiple vulnerabilities (CVE-2016-{1000338,1000339,1000340,1000341,1000342,1000343, 1000344,1000352}, CVE-2017-13098, CVE-2018-{1000180,1000613})
717950 - Assigned to Gentoo Security
<dev-java/c3p0-0.9.5.5: Denial of service ("billion laughs") by recursive XML expansion (CVE-2019-5427)
719144 - Assigned to Gentoo Security
<dev-java/dom4j-2.1.3: XML External Entity (XEE) vulnerability in default SAX parser (CVE-2020-10683)
719318 - Assigned to Gentoo Security
<dev-java/jdbc-postgresql-42.4.0: XXE vulnerability (CVE-2020-13692)
727906 - Assigned to Gentoo Security
<dev-java/junit-4.13.1: TemporaryFolder information disclosure vulnerability (CVE-2020-15250)
748402 - Assigned to Gentoo Security
<dev-java/guava-30.1.1: Multiple vulnerabilities (CVE-2018-10237, CVE-2020-8908)
760111 - Assigned to Gentoo Security
<dev-java/bcprov-1.69: Invalid password comparison logic for bcrypt (CVE-2020-28052)
760729 - Assigned to Gentoo Security
<www-apache/mod_jk-1.2.46 bypass htaccess by adding ';' at the end of an URL (CVE-2018-11759)
780051 - Assigned to Gentoo Security
<dev-java/commons-compress-1.21: multiple vulnerabilities (CVE-2021-{35515,35516,35517,36090})
802078 - Assigned to Gentoo Security
<dev-java/openjfx-11.0.11_p1: OOB read in bundled gstreamer
819633 - Assigned to Gentoo Security
<dev-java/jdbc-postgresql-42.4.1: sql injection via crafted column names
863506 - Assigned to Gentoo Security
<net-vpn/i2p-2.3.0: Eepsite deanonymization attack
911550 - Assigned to Gentoo Security
<dev-java/bcprov-1.74: LDAP injection vulnerability
912248 - Assigned to Gentoo Security
dev-java/ant-ivy: multiple vulnerabilities
916262 - Assigned to Gentoo Security
<dev-java/gradle-bin-8.4: multiple vulnerabilities
917402 - Assigned to Gentoo Security
<dev-java/json-20231013: unconstrained memory usage DoS
918529 - Assigned to Gentoo Security
<dev-java/commons-compress-1.26.0-r1: multiple vulnerabilities
924996 - Assigned to Gentoo Security
<dev-java/fop-2.10: Improper Restriction of XML External Entity Reference
941239 - Assigned to Gentoo Security
<dev-java/json-smart-2.5.1: possible stack overflow
947204 - Assigned to Gentoo Security
<dev-java/commons-lang-3.19.0: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs
960838 - Assigned to Gentoo Security
net-p2p/biglybt:does install software without user's consent?
961146 - Assigned to Gentoo Security
<dev-java/log4j-core-2.25.3: Missing TLS hostname verification in Socket appender
971360 - Assigned to Gentoo Security
www-servers/tomcat: Multiple vulnerabilities
972560 - Assigned to Gentoo Security
dev-java/bcprov: LDAP Injection Vulnerability in LDAPStoreHelper.java
972723 - Assigned to Gentoo Security
dev-java/jdbc-postgresql: client-side denial of service during SCRAM-SHA-256 authentication
973405 - Assigned to Gentoo Security
dev-java/openjdk: multiple vulnerabilities, also openjdk-bin and openjdk-jre-bin
974242 - Assigned to Gentoo Security
Contact Information
Please file new vulnerability reports on
Gentoo Bugzilla
and assign them to the Gentoo Security product and Vulnerabilities component.
Packages