Security Bulletin: IBM Rational Build Forge is vulnerable and could allow an unauthenticated attacker to obtain sensitive information due to the use of JSSE component (CVE-2021-35603)

Summary IBM Rational Build Forge is affected by CVE-2021-35603. Vulnerability Details CVEID:CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality...

Oracle Linux 8 : java-17-openjdk (ELSA-2023-1898)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-1898 advisory. 1:17.0.7.0.7-1 - Update to jdk-17.0.7.0+7 - Update release notes to 17.0.7.0+7 - Require tzdata 2023c due to local inclusion of JDK-8274864 & JDK-83051...

Oracle Linux 8 : java-11-openjdk (ELSA-2023-1895)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-1895 advisory. 1:11.0.19.0.7-1 - Update to jdk-11.0.19.0+7 - Update release notes to 11.0.19.0+7 - Require tzdata 2023c due to local inclusion of JDK-8274864 &...

Oracle Java SE Multiple Vulnerabilities (April 2023 CPU)

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory: - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE...

Oracle Linux 9 : java-11-openjdk (ELSA-2023-1880)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-1880 advisory. 11.0.19.0.7-1.0.1 - Replace upstream references Orabug: 34340155 1:11.0.19.0.7-1 - Update to jdk-11.0.19.0+7 - Update release notes to 11.0.19.0+7 -...

RHEL 9 : java-17-openjdk (RHSA-2023:1879)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1879 advisory. The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixe...

CVE-2023-21967

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit...

Advisory ROSA-SA-2023-2138

Software: java-11-openjdk 11.0.18.0.10-1 OS: rosa-server79 packageevrstring: 11.0.18.0.10-1 CVE-ID: CVE-2022-21434 BDU-ID: 2022-02839 CVE-Crit: MEDIUM CVE-DESC: A vulnerability exists in the Libraries component of the Libraries component of Oracle GraalVM Enterprise Edition virtual machine due to...

Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller and Storwize Family (CVE-2015-2613 CVE-2015-2601 CVE-2015-2625 CVE-2015-1931)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM SAN Volume Controller and Storwize Family. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details CVEID: CVE-2015-2613 DESCRIPTION: An...

USN-5897-1: OpenJDK vulnerabilities

Juraj Somorovsky, Marcel Maehren, Nurullah Erinola, and Robert Merget discovered that the DTLS implementation in the JSSE subsystem of OpenJDK did not properly restrict handshake initiation requests from clients. A remote attacker could possibly use this to cause a denial of service. CVE-2023-218...

K16352: Multiple OpenJDK vulnerabilities

Security Advisory Description CVE-2015-0383 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot. CVE-2014-6601...

K51591999: Multiple Java vulnerabilities CVE-2020-14562, CVE-2020-14573, CVE-2020-14578, CVE-2020-14579, CVE-2020-14581, CVE-2020-14593

Security Advisory Description CVE-2020-14562 Vulnerability in the Java SE product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols ...

K26555255: Multiple Java vulnerabilities CVE-2020-2781, CVE-2020-2800, CVE-2020-2803, CVE-2020-2805, CVE-2020-2830

Security Advisory Description CVE-2020-2781 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated...

K85742355: Java SE vulnerability CVE-2020-14577

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker wi...

K86435316: OpenJDK vulnerabilities CVE-2020-2585 and CVE-2020-2655

Security Advisory Description CVE-2020-2585 Vulnerability in the Java SE product of Oracle Java SE component: JavaFX. The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromi...

K17169: Java vulnerability CVE-2015-2625

Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE. CVE-2015-2625 Impact Confidentiality is affected when exploited by...

K16353: Multiple JavaSE server-side vulnerabilities CVE-2015-0383, CVE-2015-0410, and CVE-2014-6593

Security Advisory Description CVE-2015-0383 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot. CVE-2015-0410...

K02004209: Oracle Java vulnerability CVE-2014-0411

Security Advisory Description Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from t...

Security Bulletin: The IBM FlashSystem 840 product is affected by a vulnerability in Java

Summary Security vulnerabilities have been discovered in Java Vulnerability Details CVE-ID: CVE-2014-0411 DESCRIPTION: FlashSystem 840 uses an affected version of Oracle Java: CVE-2014-0411 Unspecified Oracle Java vulnerability In Oracle’s January 2014 Critical Patch Update CPU they disclosed, bu...

SUSE CVE-2011-3560

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.233 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity,...