Amazon Linux 2 : java-17-amazon-corretto (ALAS-2025-2936)

The version of java-17-amazon-corretto installed on the remote host is prior to 17.0.16+8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2936 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product...

Security Bulletin: IBM Informix addresses several Java security vulnerabilities by updating the bundled IBM Java version.

Summary In addition to various updates, the security vulnerabilities mentioned in the Remediation/Fixes section have been addressed with IBM Informix. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote...

Alibaba Cloud Linux 3 : 0123: java-17-openjdk (ALINUX3-SA-2025:0123)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0123 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-30749: Vulnerability in the Oracl...

Debian dla-4246 : libowasp-esapi-java - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4246 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4246-1 [email protected]...

AlmaLinux 9 : java-1.8.0-openjdk (ALSA-2025:10862)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:10862 advisory. JDK: Better Glyph drawing CVE-2025-30749 JDK: Enhance TLS protocol support CVE-2025-30754 JDK: Improve scripting supports CVE-2025-30761 JDK: Better Glyp...

Debian dla-4243 : libbatik-java - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4243 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4243-1 [email protected]...

Amazon Corretto Java 11.x < 11.0.28.6.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is 11 prior to 11.0.28.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-11-2025-Jul-15 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition...

KLA85872 Multiple vulnerabilities in Oracle Java

Multiple vulnerabilities were found in Oracle Java. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability in JavaFX can be exploited to cau...

Difficult to exploit Java SDK Updates in ASCG

Difficult to exploit vulnerabilities in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9,...

Azul Zulu Java Multiple Vulnerabilities (2025-07-15)

The version of Azul Zulu installed on the remote host is 7 prior to 7.79.0.12 / 8 prior to 8.87.0.14 / 11 prior to 11.81.14 / 17 prior to 17.59.16 / 21 prior to 21.43.16 / 24 prior to 24.32.14. It is, therefore, affected by multiple vulnerabilities as referenced in the 2025-07-15 advisory. -...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to multiple issues due to IBM Runtime Environment Java Technology Edition Version 8

Summary There are vulnerabilities in IBM Runtime Environment Java Technology Edition Version 8 used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An...

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high...

Security Bulletin: IBM Sterling Connect:Direct Web Service is affected by multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote...

Security Bulletin: Security Vulnerabilities in Java affect IBM Voice Gateway

Summary Security Vulnerabilities in Java affect IBM Voice Gateway Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and high integrity impact. CWE:CWE-284...

SAP NetWeaver AS Java Multiple Vulnerabilities (July 2025)

SAP NetWeaver Application Server for Java is affected by multiple vulnerabilities, including the following: - A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful...

Security Bulletin: Security vulnerabilities in Java SE shipped with IBM CICS TX Standard (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447)

Summary There are multiple vulnerabilities in the Java SE version shipped with IBM CICS TX Standard CVE-2025-21587, CVE-2025-30698, CVE-2025-4447. An update to IBM CICS TX Standard has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An...

Security Bulletin: IBM MQ Appliance is affected by multiple Java vulnerabilities (CVE-2025-21587 & CVE-2025-4447)

Summary IBM MQ Appliance has addressed multiple Java vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and high integrity impact...

Security Bulletin: IBM Cognos Transformer is affected by vulnerabilities in IBM® Java™

Summary There are vulnerabilities in IBM® Java™ Version 8 used by IBM Cognos Transformer. Vulnerability Details CVEID:CVE-2024-21131 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low integrity impact. CVSS Source: IBM X-For...

Security Bulletin: IBM Cognos Analytics is affected by security vulnerabilities

Summary There are vulnerabilities in IBM® Java™ Version 8 used by IBM Cognos Analytics. There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Cognos Analytics. Additionally, IBM Cognos Analytics is vulnerable to a Stored Cross-Site Scripting XSS vulnerability...

SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-openj9 (SUSE-SU-2025:01954-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01954-1 advisory. - CVE-2025-4447: Fixed buffer overflow in Eclipse OpenJ9 bsc1243429. - CVE-2025-30698: Fixed 2D unauthorized data access and DoS...