USN-8334-1: CRaC JDK 25 vulnerabilities

Thomas Beckers discovered that the JAXP component of CRaC JDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of CRa...

USN-8333-1: CRaC JDK 21 vulnerabilities

Thomas Beckers discovered that the JAXP component of CRaC JDK 21 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of CRa...

USN-8330-1 openjdk-8 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 8 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the JSSE component of OpenJDK 8 d...

USN-8328-1 openjdk-21 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 21 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

Important: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalV...

Amazon Linux 2 : java-1.8.0-amazon-corretto, --advisory ALAS2CORRETTO8-2026-023 (ALASCORRETTO8-2026-023)

The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0492.b09-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2026-023 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise...

Important: java-1.8.0-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalV...

CLSA-2026-1777645704 java-17-openjdk: Fix of 2 CVEs

Update to jdk-17.0.19+10 RHSA-2026:9686 - Set fipsver to 62c0f885e30 - CVE-2026-22016: fix JAXP component vulnerability allowing unauthenticated remote attackers to gain unauthorized access to sensitive data in Java SE - CVE-2026-34282: fix Hotspot component vulnerability allowing unauthorized...

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: JAXP. The supported versions affected include Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. This easily exploitable vulnerability...

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: JAXP. The supported versions affected by this vulnerability include Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK:...

Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2025 - Includes Oracle October 2025 CPU

Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...

MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.332.b09-1.el8 (AXSA:2022-3154:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3154:04 advisory. OpenJDK: Defective secure validation in Apache Santuario Libraries, 8278008 CVE-2022-21476 OpenJDK: Unbounded memory allocation when compiling craft...

Security Bulletin:IBM SDK, Java Technology Edition Quarterly CPU - Oct 2025 - Includes Oracle October 2025 CPU for Rational Software Architect Designer

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition,Versions 8 and Java 17 that are used by Rational Software Architect Designer and Rational Software Architect Designer for Websphere Software. These issues were disclosed as part of the IBM SDK, Java Technology Edition...

Security Bulletin: Security vulnerabilities in Java SE shipped with IBM CICS TX Standard (CVE-2025-53066 and CVE-2025-53057)

Summary There are multiple vulnerabilities in the Java SE version shipped with IBM CICS TX Standard CVE-2025-53066 and CVE-2025-53057. An update to IBM CICS TX Standard has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified...

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : OpenJDK 25 vulnerabilities (USN-7884-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7884-1 advisory. Jinfeng Guo discovered that the Security component of OpenJDK 25 did not correctly handle certain representations of encoded...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : OpenJDK 11 vulnerabilities (USN-7882-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7882-1 advisory. Jinfeng Guo discovered that the Security component of OpenJDK 11 did not correctly handle certain...

openjdk: Enhance Path Factories (Oracle CPU 2025-10)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle...

USN-7901-1: CRaC JDK 21 vulnerabilities

Jinfeng Guo discovered that the Security component of CRaC JDK 21 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JA...

USN-7900-1: CRaC JDK 17 vulnerabilities

Jinfeng Guo discovered that the Security component of CRaC JDK 17 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JA...

USN-7884-1: OpenJDK 25 vulnerabilities

Jinfeng Guo discovered that the Security component of OpenJDK 25 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JAX...