CVE-2022-21277

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

PT-2022-2130

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 7u321, 8u311, 11.0.13, 17.0.1 Oracle GraalVM Enterprise Edition versions 20.3.4, 21.3.0 Description The issue is related to insufficient input validation in the ImageIO component, allowing an unauthenticated attacker wi...

PT-2022-6856

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 11.0.13, 17.0.1 Oracle GraalVM Enterprise Edition versions 20.3.4, 21.3.0 Description The vulnerability in the ImageIO component of Oracle Java SE and Oracle GraalVM Enterprise Edition is related to unlimited resource...

PT-2022-6842

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 11.0.13, 17.0.1 Oracle GraalVM Enterprise Edition versions 20.3.4, 21.3.0 Description The issue is related to an easily exploitable vulnerability in the ImageIO component of Oracle Java SE and Oracle GraalVM Enterprise...

Security Bulletin: IBM SDK Java 8.0.7.0 Update for IBM DataQuant

Summary Security Bulletin provides IBM DataQuant users with instructions for updating to Java 8.0.7.0 Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server October 2021 CPU that is bundled with IBM WebSphere Application Server Patterns

Summary There are multiple vulnerabilities in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates in October 2021. Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability i...

Security Bulletin: IBM Event Streams affected by multiple vulnerabilities in the Java runtime

Summary IBM Event Streams affected by multiple vulnerabilities in the Java runtime Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. CVSS Base...

The vulnerability of the ImageIO component in operating systems such as Mac OS, tvOS, iOS, iPadOS, and watchOS allows attackers to gain unauthorized access to protected information.

The vulnerability of the ImageIO component in operating systems such as Mac OS, tvOS, iOS, iPadOS, and watchOS relates to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information using a...

The vulnerability of the ImageIO component in operating systems such as Mac OS, tvOS, iOS, iPadOS, and watchOS allows a hacker to gain unauthorized access to protected information and execute arbitrary code.

The vulnerability of the ImageIO component in operating systems such as Mac OS, tvOS, iOS, iPadOS, and watchOS relates to data writing beyond the buffer. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information and execute arbitrary code using a...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/Transaction Processing Facility

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-2341 DESCRIPTION: An unspecified vulnerability in Java SE related to the Networking component cou...

The vulnerability of the ImageIO component in operating systems such as tvOS, iOS, iPadOS, and watchOS allows a hacker to execute arbitrary code.

The vulnerability of the ImageIO component in operating systems such as tvOS, iOS, iPadOS, and watchOS relates to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created malicious WEBP file...

About the security content of watchOS 8.3

About the security content of watchOS 8.3 This document describes the security content of watchOS 8.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Decision Optimization Center (CVE-2021-35586, CVE-2021-35578)

Summary There are multiple vulnerabilities in IBM® SDK Java™ and IBM® Runtime Environment Java™ Versions 7 & 8 used by IBM Decision Optimization Center. IBM Decision Optimization Center has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35586 DESCRIPTION: An unspecified...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details CVEID:...

OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

ai.idylnlp:idylnlp-dl4j (>=1.0.0 <=1.1.0), ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0) +733 more potentially affected by CVE-2021-23792 via com.twelvemonkeys.imageio:imageio-metadata (>=3.0 <=3.7.0)

com.twelvemonkeys.imageio:imageio-metadata MAVEN version =3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.3.0 - ai.konduit.serving:konduit-serving-gpu-nano =0.1.0 and more Source cves: CVE-2021-23792 Source advisory: SNYK:JAVA-COMTWELVEMONKEYSIMAGEIO-231676...

XML External Entity (XXE) Injection

Overview com.twelvemonkeys.imageio:imageio-metadata is an ImageIO metadata module. Affected versions of this package are vulnerable to XML External Entity XXE Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are abl...

Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime

Summary This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their October 2021 Vulnerability Advisory, plus CVE-2021-41035. For more information please refer to OpenJDK's October 2021 Vulnerability Advisory and the X-Force database entries referenced below...

CentOS 7 : java-11-openjdk (RHSA-2021:3892)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3892 advisory. - Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are...