CLSA-2024-1718796396 java-1.8.0-openjdk: Fix of 4 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u412-b08. That fixes following CVEs: - CVE-2024-21011: Long Exception message leading to crash - CVE-2024-21085: Pack200 excessive memory allocation - CVE-2024-21068: Integer overflow in C1 compiler address generation - CVE-2024-21094: C2...

CLSA-2024-1718791224 java-1.8.0-openjdk: Fix of 4 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u412-b08. That fixes following CVEs: - CVE-2024-21011: Long Exception message leading to crash - CVE-2024-21085: Pack200 excessive memory allocation - CVE-2024-21068: Integer overflow in C1 compiler address generation - CVE-2024-21094: C2...

CVE-2023-46442

An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service DoS...

PT-2024-13358 · Soot · Soot

Name of the Vulnerable Software and Affected Versions: Soot versions prior to 4.4.1 Description: The issue is related to an infinite loop in the retrieveActiveBody function under Java 8, allowing attackers to cause a Denial of Service DoS. Recommendations: For versions prior to 4.4.1, update to...

OpenJDK: IOR deserialization issue in CORBA (8303384)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows...

CLSA-2024-1706698228 java-1.8.0-openjdk: Fix of 8 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u402-b06. That fixes following CVEs: - CVE-2024-20918: Array out-of-bounds access due to missing range check in C1 compiler - CVE-2024-20919: JVM class file verifier flaw allows unverified bytecode execution - CVE-2024-20921: Range check loop...

Low: java-1.8.0-amazon-corretto

Issue Overview: No CVE associated with this advisory Affected Packages: java-1.8.0-amazon-corretto Issue Correction: Run dnf update java-1.8.0-amazon-corretto --releasever 2023.3.20240117 or dnf update --advisory ALAS2023-2024-482 --releasever 2023.3.20240117 to update your system. More informati...

Low: java-1.8.0-amazon-corretto

Issue Overview: No CVE associated with this advisory Affected Packages: java-1.8.0-amazon-corretto Note: This advisory is applicable to Amazon Linux 2 - Corretto8 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2...

Oracle Java SE and Oracle GraalVM Security Vulnerabilities

Oracle Java SE and Oracle GraalVM are both products of Oracle Corporation.Oracle Java SE is a product for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments.Oracle GraalVM is a set of on-the-fly compilers written in the Java language...

OESA-2023-1642 openjdk-1.8.0 security update

The OpenJDK runtime environment 8. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily...

CLSA-2023-1691081102 java-1.8.0-openjdk: Fix of 2 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u382-b05. That fixes following CVEs: - CVE-2023-22045: Array indexing integer overflow issue. 8304468 - CVE-2023-22049: Improper handling of slash characters in URI-to-path conversion 8305312 - Remove patch for pkcs11 cause issue was fixed in...

CVE-2023-28462

A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 Enterprise, 5.20.0 and newer Enterprise, and 5.2020.1 and newer Community, when Java 1.8u181 and earlier is used, allows remote attackers to load malicious code on the server once a JNDI directory scan is performed...

SUSE CVE-2014-0448

Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment...

SUSE CVE-2014-0464

Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0463...

SUSE CVE-2014-2403

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP...

SUSE CVE-2014-2420

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment...

SUSE CVE-2014-6519

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot...

SUSE CVE-2014-6531

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries...

SUSE CVE-2015-0413

Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability...

SUSE CVE-2015-1916

Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider...