Ubuntu: Security Advisory (USN-7124-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7124-1: OpenJDK 23 vulnerabilities

Andy Boothe discovered that the Networking component of OpenJDK 23 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. CVE-2024-21208 It was discovered that the Hotspot component of OpenJDK 23 did not...

Vulnerability of components of Linux operating system’s kernel/mlx5, allowing a hacker to cause a service failure

The vulnerability of the net/mlx5 components of the Linux operating system’s kernel is related to incorrect initialization of a resource in the addrulefg function. Exploiting this vulnerability can allow an attacker to cause service failures...

OESA-2024-2394 openjdk-1.8.0 security update

The OpenJDK runtime environment 8. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4,...

OESA-2024-2392 openjdk-1.8.0 security update

The OpenJDK runtime environment 8. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4,...

USN-7096-1 openjdk-8 vulnerabilities

Andy Boothe discovered that the Networking component of OpenJDK 8 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. CVE-2024-21208 It was discovered that the Hotspot component of OpenJDK 8 did not...

Security Bulletin: IBM Sterling Control Center is vulnerable to IBM Semeru Runtime Quarterly CPU - Apr 2024 - Includes OpenJDK Apr 2024 CPU

Summary IBM Semeru Runtime Quarterly CPU - Apr 2024 is affecting Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low availability impacts...

Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Updated to version 11.0.25+9 October 2024 CPU: CVE-2024-21208: Fixed partial DoS in component Networking bsc1231702 CVE-2024-21210: Fixed unauthorized read/write access to data in component Hotspot bsc1231711 CVE-2024-21217: Fixed partia...

The vulnerability of the Ivanti Cloud Services Appliance’s networking component, related to the lack of protection for SQL query structures, allows attackers to execute arbitrary SQL queries.

The vulnerability of the Ivanti Cloud Services Appliance relates to the lack of protection for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unsafe circular operation on lists in the net component...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a potential underflow in the qdiscpktleninit function in the net component when handling UFOs...

Advisory ROSA-SA-2024-2481

Software: java-11-openjdk 11.0.23.0.9 OS: rosa-server79 packageevrstring: java-11-openjdk-11.0.23.0.9-2.res7 CVE-ID: CVE-2024-20918 BDU-ID: 2024-00485 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Hotspot component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK,...

kernel: net: do not leave a dangling sk pointer, when socket creation fails

A vulnerability was found in the Linux kernel's networking component in the sockrelease function, where a dangling pointer can occur when socket creation fails. This happens when a reference to the socket is not cleared, leading to a use-after-free condition...

The vulnerability of the Networking component of Windows operating systems, which allows a hacker to trigger a service failure

The vulnerability of the Networking component of Windows operating systems exists due to insufficient checking of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability of the Ivanti Cloud Services Appliance’s networking component exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows a hacker to execute arbitrary code.

The vulnerability of the Ivanti Cloud Services Appliance exists because measures to neutralize special elements used in the operating system are not taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Security Bulletin: IBM Data Product Hub is vulnerable with IBM Semeru Runtime Quarterly CPU - Apr 2024 (CVE-2024-21012)

Summary IBM Data Product Hub has a dependency on IBM Semeru Runtime which is vulnerable CVE-2024-21012. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21012 DESCRIPTION: An unspecified vulnerability in Java SE related to the...

kernel: net: do not leave a dangling sk pointer, when socket creation fails

A vulnerability was found in the Linux kernel's networking component in the sockrelease function, where a dangling pointer can occur when socket creation fails. This happens when a reference to the socket is not cleared, leading to a use-after-free condition...

Low: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10,...

Amazon Linux 2023 : java-22-amazon-corretto, java-22-amazon-corretto-devel, java-22-amazon-corretto-headless (ALAS2023-2024-601)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-601 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java...

OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708)

A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle...