Important: java-1.8.0-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

Important: java-1.8.0-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

Oracle Linux 8 / 9 : java-17-openjdk (ELSA-2024-0267)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0267 advisory. 1:17.0.10.0.7-2.0.1 - Rebase to 17.0.10.0.7 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

AlmaLinux 9 : java-21-openjdk (ALSA-2024:0249)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0249 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

AlmaLinux 9 : java-1.8.0-openjdk (ALSA-2024:0265)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0265 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

AlmaLinux 9 : java-17-openjdk (ALSA-2024:0267)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0267 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

AlmaLinux 8 : java-21-openjdk (ALSA-2024:0248)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0248 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

AlmaLinux 9 : java-11-openjdk (ALSA-2024:0266)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0266 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

Oracle Linux 9 : java-21-openjdk (ELSA-2024-0249)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0249 advisory. 1:21.0.2.0.13-1.0.1 - Add Oracle vendor bug URL 1:21.0.2.0.13-1 - Rebase to 21.0.2.0.13 Tenable has extracted the preceding description block directly...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

Important: java-11-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

Amazon Linux 2023 : java-1.8.0-amazon-corretto, java-1.8.0-amazon-corretto-devel (ALAS2023-2024-482)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-482 advisory. 2024-05-03: The severity of this advisory has been changed from important to low. 2024-05-02: CVE-2024-20918 was removed from this advisory. 2024-05-02: CVE-2024-20919 was removed from this advisory...

Amazon Linux 2 : java-11-amazon-corretto (ALAS-2024-2414)

The version of java-11-amazon-corretto installed on the remote host is prior to 11.0.22+7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2414 advisory. A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even...

Important: java-17-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

Important: java-17-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

Amazon Linux 2 : java-17-amazon-corretto (ALAS-2024-2415)

The version of java-17-amazon-corretto installed on the remote host is prior to 17.0.10+7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2415 advisory. A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even...

Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2024-009)

The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0402.b06-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2CORRETTO8-2024-009 advisory. 2024-05-03: The severity of this advisory has been changed from important to low. 2024-05-02:...

Important: java-21-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

Important: java-21-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

Amazon Linux 2023 : java-11-amazon-corretto, java-11-amazon-corretto-devel, java-11-amazon-corretto-headless (ALAS2023-2024-484)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-484 advisory. A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option --no-java was set. CVE-2024-20918 With carefully crafted custom bytecode...