Important: java-1.8.0-amazon-corretto

Issue Overview: An issue was discovered in function ciMethodBlocks::makeblockat in Oracle JDK HotSpot VM 11, 17 and OpenJDK HotSpot VM 8, 11, 17, allows attackers to cause a denial of service. CVE-2022-40433 Vulnerability in Oracle Java SE component: CORBA. Supported versions that are affected ar...

Oracle Linux 9 : java-1.8.0-openjdk (ELSA-2023-5733)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5733 advisory. - OpenJDK: segmentation fault in ciMethodBlocks CVE-2022-40433 - OpenJDK: IOR deserialization issue in CORBA 8303384 CVE-2023-22067 - OpenJDK:...

SUSE SLED15: java-17-openjdk / java-17-openjdk-demo / java-17-openjdk-devel / etc (SUSE-SU-2023:4289-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4289-1 advisory. - Updated to JDK 17.0.9+9 October 2023 CPU: - CVE-2023-22081: Fixed a partial denial of service...

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium uses components with the vulnerabilies listed below. Guardium has addressed these vulnerabilities with an update. Vulnerability Details CVEID: CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the...

Security Bulletin: IBM Rational Build Forge 8.0.0.24 addresses multiple vulnerabilities by updating IBMJDK

Summary IBM Rational Build Forge 8.0.0.24 addresses multiple vulnerabilities by updating IBMJDK Vulnerability Details CVEID: CVE-2022-21299 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service...

Oracle Linux 9 : java-17-openjdk (ELSA-2023-5753)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5753 advisory. - OpenJDK: memory corruption issue on x8664 with AVX-512 JDK-8317121 CVE-2023-22025 - OpenJDK: certificate path validation issue during client...

Security Bulletin: Multiple vulnerabilities exist in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Manager.

Summary Multiple vulnerabilities exist in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition v4.2. CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597 Vulnerability Details...

Security Bulletin: A vulnerability exists in the IBM® SDK, Java™ Technology Edition affecting IBM Tivoli Network Manager (CVE-2023-22045, CVE-2023-22049).

Summary Vulnerabilities CVE-2023-22045, CVE-2023-22049 exist in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition v4.2. Vulnerability Details CVEID: CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component...

Oracle Linux 8 : java-17-openjdk (ELSA-2023-5751)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5751 advisory. - OpenJDK: memory corruption issue on x8664 with AVX-512 JDK-8317121 CVE-2023-22025 - OpenJDK: certificate path validation issue during client...

Debian dla-3636 : openjdk-11-dbg - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3636 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3636-1 [email protected] https://www.debian.org/lts/security/...

Debian DSA-5537-1 : openjdk-11 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5537 advisory. Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions or denial of service. For the oldstab...

Oracle Linux 9 : java-11-openjdk (ELSA-2023-5744)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5744 advisory. - OpenJDK: certificate path validation issue during client authentication 8309966 CVE-2023-22081 Tenable has extracted the preceding description block directly...

Oracle Linux 8 : java-11-openjdk (ELSA-2023-5742)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5742 advisory. - OpenJDK: certificate path validation issue during client authentication 8309966 CVE-2023-22081 Tenable has extracted the preceding description block directly...

SUSE SLED15: java-11-openjdk / java-11-openjdk-demo / java-11-openjdk-devel / etc (SUSE-SU-2023:4198-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4198-1 advisory. - Upgraded to JDK 11.0.21+9 October 2023 CPU: - CVE-2023-22081: Fixed a partial denial of service issue...

Security Bulletin: IBM PowerVM Novalink is vulnerable because An unspecified vulnerability in Java SE related to the VM component. (CVE-2023-22045)

Summary Security Bulletin: IBM PowerVM Novalink is vulnerable because An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts. Vulnerability Details CVEID: CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Ja...

Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-34981 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain...

Security Bulletin: Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus. These were disclosed as part of the IBM Java SDK updates in April 2023. Affected platforms are AIX, Linux, Linux on zSystems, and Windows. Vulnerability Detail...

Medium: java-11-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 20.0.2; Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Easily exploitable vulnerability...

Amazon Linux 2023 : java-1.8.0-amazon-corretto, java-1.8.0-amazon-corretto-devel (ALAS2023-2023-398)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-398 advisory. Vulnerability in Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker...

Amazon Linux 2023 : java-21-amazon-corretto, java-21-amazon-corretto-devel, java-21-amazon-corretto-headless (ALAS2023-2023-399)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-399 advisory. Memory corruption bug on JDK 21 and 20 when AVX-512 is enabled. CVE-2023-22025 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE component: JSSE. Supported...