OESA-2024-1127 openjdk-1.8.0 security update

Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1;...

K000138462: Oracle Java vulnerabilities CVE-2024-20922, CVE-2024-20923

Security Advisory Description CVE-2024-20922 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to...

Debian dsa-5613 : openjdk-17-dbg - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5613 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

Debian dla-3728 : openjdk-11-dbg - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3728 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3728-1 [email protected]...

Improper Access Control

Oracle Java SE is vulnerable to Improper Access Control. The vulnerability is caused due to improper handling of untrusted code in the Java sandbox environment. This allows unauthenticated attackers with network access to exploit the system and gain unauthorized access to create, delete, or modif...

Unauthorized Access

Oracle Java SE is vulnerable to Unauthorized Access. The vulnerability is due to a flaw in the security component that allows a low-privileged attacker with logon access to the infrastructure to compromise the system, potentially resulting in unauthorized access to critical data or complete acces...

CentOS 7 : java-11-openjdk (RHSA-2024:0232)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0232 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supporte...

CentOS 7 : java-1.8.0-openjdk (RHSA-2024:0223)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0223 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supporte...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition ((CVE-2015-0410, CVE-2014-6593, CVE-2015-0383, CVE-2015-0138))

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 5 and 7, that is used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factorin...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 & 8 used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in Oct 2017. Vulnerability Details If you run your own Java code using the IBM Java Runtime...

Security Bulletin: IBM Security Directory Integrator affected by multiple vulnerabilities affecting IBM Java SDK

Summary Security Vulnerabilities found in IBM Java SDK shipped with IBM Security Directory Integrator have been addressed with this update. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE...

SUSE SLES12: java-11-openjdk / java-11-openjdk-demo / java-11-openjdk-devel / etc (SUSE-SU-2024:0203-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0203-1 advisory. Updated to version 11.0.22 January 2024 CPU: - CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM due to a missing...

The vulnerability of the Security component of the Oracle Java SE software platform, as well as the Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, allows attackers to gain access to modify, add, or delete data.

The vulnerability of the Security component of Oracle Java SE software, as well as of Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to compromise the...

The vulnerability of the Hotspot component of Oracle Java SE and Oracle GraalVM for JDK/Oracle GraalVM Enterprise Edition software allows attackers to access confidential information.

The vulnerability of the Hotspot component in Oracle Java SE and Oracle GraalVM for JDK/Oracle GraalVM Enterprise Edition virtual machines is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidential...

Oracle Linux 8 / 9 : java-1.8.0-openjdk (ELSA-2024-0265)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0265 advisory. 1:1.8.0.402.b06-0.2.0.1 - Update to shenandoah-jdk8u402-b06 GA - Update release notes for shenandoah-8u402-b06. - Add Oracle vendor bug URL Orabug:...

Important: java-1.8.0-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

Debian dsa-5604 : openjdk-11-dbg - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5604 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5604-1...

Oracle Linux 8 / 9 : java-11-openjdk (ELSA-2024-0266)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0266 advisory. 1:11.0.22.0.7-2.0.1 - Update to openjdk-11.0.22+7 Tenable has extracted the preceding description block directly from the Oracle Linux security...

The vulnerability of the JavaFX virtual machine Oracle GraalVM Enterprise Edition and the Oracle Java SE software platform allows a perpetrator to gain access to read, modify, or delete data.

The vulnerability of the JavaFX virtual machine Oracle GraalVM Enterprise Edition and the Oracle Java SE software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to read, modify, or delete data...

The vulnerability of the Scripting component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Scripting component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized...