Ubuntu 18.04 LTS / 20.04 LTS : OpenJDK vulnerabilities (USN-5313-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5313-1 advisory. It was discovered that OpenJDK incorrectly handled deserialization filters. An attacker could possibly use this issue to insert, delete or...

Azul Zulu Java Multiple Vulnerabilities (2022-01-18)

The version of Azul Zulu installed on the remote host is prior to 6 6.45 / 7 7.51.0.12 / 8 8.59.0.12 / 11 11.53.14 / 13 13.45.12 / 15 15.37.14 / 17 17.32.14. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022-01-18 advisory. - Vulnerability in the Oracle Java SE,...

SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2022:0730-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0730-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their January 2022 Critical Patch Update, except for CVE-2022-21299 which will be covered by a future bulletin. For more information please refer to Oracle's January 2022 CPU Advisory and the X-Force database...

Security Bulletin: February 2022 :Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7.0, 7.1 and 8.0 used by CICS Transaction Gateway. CICS Transaction Gateway has addressed the applicable CVEs. If you run your own Java code using the IBM Java Runtime delivered with this product, you should...

Medium: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to...

Amazon Linux 2 : java-17-amazon-corretto (ALAS-2022-1752)

The version of java-17-amazon-corretto installed on the remote host is prior to 17.0.2+8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1752 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

Amazon Linux 2 : java-11-amazon-corretto (ALAS-2022-1753)

The version of java-11-amazon-corretto installed on the remote host is prior to 11.0.14+9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1753 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

Apple macOS ImageIO PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the ImageIO...

Apple macOS ImageIO DDS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the...

Rocky Linux 8 : java-11-openjdk (RLSA-2022:185)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:185 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are...

Rocky Linux 8 : java-17-openjdk (RLSA-2022:161)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:161 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are...

OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

The vulnerability of the ImageIO component in iOS, iPadOS, tvOS, watchOS, and macOS allows a hacker to execute arbitrary code on the target system.

The vulnerability of the ImageIO component in iOS, iPadOS, tvOS, watchOS, and macOS relates to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code on the target system using a specially created malicious PICT file...

The vulnerability of the ImageIO component in iOS, iPadOS, tvOS, watchOS, and macOS allows attackers to gain access to confidential information.

The vulnerability of the ImageIO component in iOS, iPadOS, tvOS, watchOS, and macOS relates to reading data beyond the buffer in memory. Exploiting this vulnerability can allow attackers to access confidential information through a specially created malicious WEBP file...

The vulnerability of the ImageIO component in operating systems such as iPadOS, watchOS, iOS, tvOS, Mac OS, and the iCloud service allows attackers to execute arbitrary code on the target system.

The vulnerability of the ImageIO component in operating systems such as iPadOS, watchOS, iOS, tvOS, Mac OS, and the iCloud service is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code on the target system using...

The vulnerability of the ImageIO component in iOS, iPadOS, tvOS, watchOS, and macOS allows attackers to gain access to confidential information.

The vulnerability of the ImageIO component in iOS, iPadOS, tvOS, watchOS, and macOS relates to the ability to read data beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to access confidential information...

The vulnerability of the ImageIO component in iOS, iPadOS, tvOS, watchOS, and macOS allows attackers to gain access to confidential information.

The vulnerability of the ImageIO component in iOS, iPadOS, tvOS, watchOS, and macOS relates to reading data beyond the buffer in memory. Exploiting this vulnerability can allow attackers to access confidential information using a specially created malicious ASTC file...

Debian DSA-5057-1 : openjdk-11 - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5057 advisory. Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, bypass of deserialization restrictions or...

Debian DSA-5058-1 : openjdk-17 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5058 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected...