Security update for java-17-openjdk

This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.15+6 April 2025 CPU CVEs: CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of critical data bsc1241274 CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access...

Your First Spring AI 1.0 Application

Your First Spring AI 1.0 Application by Dr. Mark Pollack, Christian Tsolov, and Josh Long Hi, Spring fans! Spring AI is live on the Spring Initializr and everywhere fine bytes might be had. Ask your doctor if AI is right for you! It's an amazing time to be a Java and Spring developer. There's nev...

openjdk: Improve compiler transformations (Oracle CPU 2025-04)

Vulnerability in Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

DEBIAN-CVE-2025-30698

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle...

OESA-2025-1251 openjdk-1.8.0 security update

The OpenJDK runtime environment 8. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4,...

openjdk: Enhance array handling (Oracle CPU 2025-01)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to Oracle Java SE accessible. This vulnerability can be...

Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Update to version jdk8u432 icedtea-3.33.0: - CVE-2024-21208: Fixed partial DoS in component Networking bsc1231702,JDK-8328286 - CVE-2024-21210: Fixed unauthorized update, insert or delete access to some of Oracle Java SE accessible data...

JDK: HTTP client improper handling of maxHeaderSize (8328286)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23;...

JDK: Integer conversion error leads to incorrect range check (8332644)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracl...

JDK: HTTP client improper handling of maxHeaderSize (8328286)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23;...

Oracle Java SE 安全漏洞

Oracle Java SE is a U.S. Oracle Oracle company for the development and deployment of desktop, server and embedded devices and real-time environments in the Java application. A security vulnerability exists in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition, which can...

CVE-2024-46983 Remote Command Execution(RCE) Vulnerbility in sofa-hessian

sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blackli...

wildfly-security-manager: security manager authorization bypass

A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks...

OpenJDK: potential UTF8 size overflow (8314794)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0....

The vulnerability of the Compiler component in Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK allows a attacker to trigger a service failure.

The vulnerability of the Compiler component in Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK is related to deficiencies in the authentication process. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the Networking component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform allows a attacker to compromise data integrity.

The vulnerability of the Networking component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform is related to improper authentication. Exploiting this vulnerability can allow an attacker to compromise data integrity remotely...

The vulnerability of the Hotspot component in the Java SE software platform and Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK virtual machines allows attackers to gain access to and modify data.

The vulnerability of the Hotspot component in the Java SE software platform and the Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK virtual machines is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to gain access to and modify/add dat...

OpenJDK: long Exception message leading to crash (8319851)

A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalV...

OpenJDK: arbitrary Java code execution in Nashorn (8314284)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or...

The vulnerability of the Compiler component in Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition allows attackers to disclose protected information.

The vulnerability of the Compiler component in Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition exists due to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...