Security Bulletin: Communications Server (CS) for Data Center Deployment and CS for AIX are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle October 2024 CPU plus CVE-2024-10917

Summary Communications Server CS for Data Center Deployment and CS for AIX install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database used by the TN3270 Server and...

CVE-2026-21235

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally...

CVE-2026-21235

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally...

CVE-2026-21235

CVE-2026-21235 describes a use-after-free vulnerability in Microsoft Graphics Component that can allow an authorized attacker to elevate privileges locally. Reported CVSS v3.1Base score 7.3 (HIGH) with LOCAL attack vector, low attack complexity, requiring user interaction and low privileges. Impa...

CVE-2026-21235

creationtimestamp| type| source ---|---|--- 2026-02-10 17:30:28+00:00| seen| https://www.thezdi.com/blog/2026/2/10/the-february-2026-security-update-review 2026-02-10 18:01:45+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0053 2026-02-12 05:00:00+00:00| seen|...

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ affect IBM Cloud Pak System

Summary Multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition were addressed in IBM Cloud Pak System version 2.3.6.1. Vulnerability Details CVEID:CVE-2025-30754 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Orac...

MiracleLinux 9 : java-11-openjdk-11.0.25.0.9-2.el9.ML.1 (AXSA:2024-8933:18)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8933:18 advisory. giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function CVE-2023-48161 JDK: Array indexing integer overflow 8328544 CVE-2024-212...

MiracleLinux 8 : java-11-openjdk-11.0.25.0.9-2.el8 (AXSA:2024-8931:17)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8931:17 advisory. giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function CVE-2023-48161 JDK: Array indexing integer overflow 8328544 CVE-2024-212...

MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.432.b06-2.el8 (AXSA:2024-8930:18)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8930:18 advisory. giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function CVE-2023-48161 JDK: Array indexing integer overflow 8328544 CVE-2024-212...

TencentOS Server 4: java-11-konajdk (TSSA-2024:1018)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1018 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: java-8-konajdk (TSSA-2024:0997)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0997 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Security Bulletin: Java SE Hotspot Vulnerability Enables Remote Data Access and Modification via Multiple Protocols, which affects IBM watsonx.data

Summary Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to accessib...

Linux Distros Unpatched Vulnerability : CVE-2021-21235

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kamadak-exif is an exif parsing library written in pure Rust. In kamadak-exif version 0.5.2, there is an infinite loop in parsing crafted PNG files. Specificall...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional

Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in October 2024, App Connect Professional has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21235...

Security Bulletin: Vulnerability in Java SE affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Java SE has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

Security Bulletin: Vulnerability in Java SE affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Java SE has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

Security Bulletin: IBM Copy Services Manager may be affected by multiple vulnerabilities due to IBM SDK which are addressed in the Java Technology Edition quarterly updates

Summary Multiple Vulnerabilities were disclosed as part of the JAVA SE March 2025 Patch Update. Although likelihood of these issues being exploited is very low, IBM Copy Services Manager frequently updates product stack to ensure the utmost security is maintained. Vulnerability Details Refer to t...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle October 2024 CPU plus CVE-2024-10917

Summary Multiple Vulnerabilities were disclosed as part of the JAVA SE March 2025 Critical Patch Update affecting IBM® SDK, Java™ Technology Edition in IBM License Key Server Administration and Reporting Tool ART and Administration Agent. For more information please refer to Oracle's CPU Advisory...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle October 2024 CPU plus CVE-2024-10917

Summary Multiple Vulnerabilities were disclosed as part of the JAVA SE March 2025 Critical Patch Update Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

Security Bulletin: IBM Security SOAR is using components with multiple known vulnerabilities (CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208, CVE-2024-10917)

Summary IBM Security SOAR uses an older version of Java that may be identified and exploited. An update has been released which addresses these issues. It is recommended that customers upgrade to Version 51.0.5.0 or later of IBM Security SOAR. AppHost users should upgrade to version 1.15.3.2 or...