SUSE-SU-2021:0032-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 20 bsc1180063,bsc1177943 CVE-2020-14792 CVE-2020-14797 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 Class libraries: - SOCKETADAPTOR$SOCKETINPUTSTREAM.READ is...

SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2020:3932-1)

This update for java-180-ibm fixes the following issues : Update to Java 8.0 Service Refresh 6 Fix Pack 20 bsc1180063,bsc1177943 CVE-2020-14792 CVE-2020-14797 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 - Class libraries : - SOCKETADAPTOR$SOCKETINPUTSTREAM.READ is...

Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest

Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed in the IBM Java SDK updates in July 2020. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEI...

SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2020:2461-1)

This update for java-180-ibm fixes the following issues : Update to Java 8.0 Service Refresh 6 Fix Pack 15 bsc1175259, bsc1174157 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 - Class Libraries : -...

SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2020:2453-1)

This update for java-180-ibm fixes the following issues : Update to Java 8.0 Service Refresh 6 Fix Pack 15 bsc1175259, bsc1174157 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 - Class Libraries : -...

SUSE-SU-2020:2461-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 15 bsc1175259, bsc1174157 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 Class Libraries: -...

SUSE-SU-2020:2453-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 15 bsc1175259, bsc1174157 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 Class Libraries: -...

LY Corporation: Spring Actuator endpoints publicly available, leading to account takeover

Due to insufficient access controls, it was possible to access the Spring Boot Actuator endpoints /heapdump and /env. The /heapdump endpoint leaks data from the Java Virtual Machine, leading to disclosure of admin credentials, user tokens and a combination of other data. This endpoint was not...

Arbitrary Code Execution

openjdk is vulnerable to arbitrary code execution. A flaw was found in the HotSpot component in OpenJDK. Certain bytecode instructions confused the memory management within the Java Virtual Machine JVM, which could lead to heap corruption...

CVE-2020-11450

Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been...

CVE-2020-4325

The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the...

Java Debug Wire Protocol (JDWP) Service Detection (TCP)

TCP based detection of services supporting the Java Debug Wire Protocol JDWP. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-2518

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to...

CVE-2012-4420

CVE-2012-4420 affects the JVM implementation of Java SE 7 provided by OpenJDK 7, where integer arrays could be incorrectly initialized after memory allocation, allowing a remote attacker to disclose potentially sensitive information. The connected sources confirm this information disclosure in th...

CVE-2019-2749

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multipl...

JDK: Read beyond the end of bytecode array causing JVM crash

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load...

Buffer Overflows

AtomicReferenceFieldUpdater in OpenJDK does not properly check if the field to be updated is of primitive type. An untrusted Java application or applet could use flaw to trigger Java virtual machine memory corruption and possibly bypass Java sandbox restrictions...

Sandbox Restrictions Bypass

OpenJDK 7 is vulnerable to sandbox restrictions bypass. The attack is possible because of a flaw in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component, allowing an untrusted application to trigger Java Virtual Machine memory corruption...

Sandbox Restrictions Bypass

OpenJDK 7 Java Runtime Environment and Software Development Kit is susceptible to sandbox restriction bypass. Due to the flaws in ImagingLib and the image attribute, channel, layout and raster processing in the 2D component, it does not prevent an untrusted Java application or applet to trigger...

SUSE-SU-2018:4064-2 Security update for java-1_8_0-ibm

java-180-ibm was updated to Java 8.0 Service Refresh 5 Fix Pack 25 bsc1116574 Class Libraries: - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10930 CVE-2018-3183 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTIO...