Sandbox Protection Bypass

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause t...

Sandbox Protection Bypass

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause t...

Authorization Bypass

java is vulnerable to authorization bypass. The vulnerability exists through JSSE...

Authorization Bypass

java is vulnerable to authorization bypass. The vulnerability exists through JSSE...

Information Disclosure

openjdk is vulnerable to information disclosure. An unspecified vulnerability allows remote attackers to affect confidentiality and integrity via vectors related to JSSE...

Denial Of Service (DoS)

openjdk is vulnerable to denial of service. An unspecified vulnerability allows remote attackers to affect availability via vectors related to JSSE...

Oracle Java SE 6 < Update 201 / 7 < Update 191 / 8 < Update 181 / 10 < Update 2 Multiple Vulnerabilities (July 2018 CPU)

Binary data 700658.prm...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Performance Tester. Rational Performance Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-2426 DESCRIPTION: An...

Security Bulletin: Vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Backup-Archive Client on Windows and Macintosh (CVE-2018-3139, CVE-2018-3180)

Summary Multiple vulnerabilities in IBM® Runtime Environment Java™ were disclosed as part of the IBM Java SDK updates in October 2018. IBM® Runtime Environment Java™ is used by the IBM Spectrum Protect formerly Tivoli Storage Manager Backup-Archive Client on Windows and Macintosh platforms...

openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2019-774)

This update for java-180-openjdk to the jdk8u181 icedtea 3.9.0 release fixes the following issues : These security issues were fixed : - CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

openSUSE Security Update : java-11-openjdk (openSUSE-2019-575)

This java-11-openjdk update to version jdk-11+24 fixes the following issues : Security issues fixed : - CVE-2018-2940: Fix unspecified vulnerability in subcomponent Libraries bsc1101645. - CVE-2018-2952: Fix unspecified vulnerability in subcomponent Concurrency bsc1101651. - CVE-2018-2972: Fix...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Operational Decision Manager

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and 8 that is used by IBM Operational Decision Manager ODM. These issues were disclosed as part of the IBM Java SDK updates in October 2018. Vulnerability Details If you run your own Java code using the IBM...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server July 2018 CPU

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in July 2018. These may affect some configurations of IBM WebSphere Application Server...

Security Bulletin: Multiple vulnerabilities in Oracle Java SE affect IBM Spectrum Protect Plus (CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3214, CVE-2018-13785)

Summary There are multiple vulnerabilities in Oracle Java SE which is used by IBM Spectrum Protect™ Plus. These issues were disclosed as part of the Oracle Critical Patch Update CPU in October 2018. Vulnerability Details CVEID: CVE-2018-3136 DESCRIPTION: An unspecified vulnerability in Oracle Jav...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM System Networking Switch Center (CVE-2014-3566, CVE-2014-6512, CVE-2014-6457 CVE-2015-0410, CVE-2015-6593)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 that is used by IBM System Networking Switch Center. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerabilityCVE-2014-3566. These were disclosed as part of th...

Man-in-the-Middle (MitM)

java is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists through an unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2018. Vulnerability Details CVEID: CVE-2018-3139 DESCRIPTION: An...

SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2018:3045-1)

This update for java-180-openjdk to the jdk8u181 icedtea 3.9.0 release fixes the following issues : These security issues were fixed : CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

Security Bulletin: Vulnerabilities in the Java runtime environment that IBM provides affect WebSphere DataPower XC10 Appliance

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Version 7 that affect the WebSphere DataPower XC10 Appliance. The issues were disclosed as part of the IBM SDK, Java™ Technology Edition updates in July and October 2018. Vulnerability Details CVEID: CVE-2018-2973 DESCRIPTION: An...

Scientific Linux Security Update : java-1.7.0-openjdk on SL7.x x86_64 (20181030)

Security Fixes : - OpenJDK: Improper field access checks Hotspot, 8199226 CVE-2018-3169 - OpenJDK: Incomplete enforcement of the trustURLCodebase restriction JNDI, 8199177 CVE-2018-3149 - OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests Security, 8194534 CVE-2018-3136 -...