Oracle Java SE Security Update (jan2023) 03 - Windows

Oracle Java SE is prone to an input validation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-21843

CVE-2023-21843 is a vulnerability in Oracle Java SE (component: Sound) affecting multiple Oracle Java SE versions (8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1) and Oracle GraalVM Enterprise Edition (20.3.8, 21.3.4, 22.3.0). It allows an unauthenticated attacker with network access via various prot...

CVE-2023-21843

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Sound. Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...

CVE-2023-21843

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Sound. Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...

CVE-2023-21835

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows...

CVE-2023-21835

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows...

CVE-2023-21830

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows...

Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli System Automation Application Manager (CVE-2017-10356)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager. IBM Tivoli System Automation Application Manager has addressed the applicable CVEs. These issues were also addressed by WebSphere Application Server...

PT-2023-3456

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1 Oracle GraalVM Enterprise Edition versions 20.3.8, 21.3.4, 22.3.0 Description A difficult to exploit vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition...

KLA20166 Multiple vulnerabilities in Oracle Java SE and GraalVM

Multiple vulnerabilities were found in Oracle Java SE and GraalVM. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability in JSSE can be exploited to cause denial of...

PT-2023-4769

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u351, 8u351-perf Oracle GraalVM Enterprise Edition versions 20.3.8, 21.3.4 Description The issue is related to the Serialization component in Oracle Java SE and Oracle GraalVM Enterprise Edition, allowing an...

Azul Zulu Java Multiple Vulnerabilities (2023-01-17)

The version of Azul Zulu installed on the remote host is prior to 6 6.53.0.12 / 7 7.59.0.18 / 8 8.67.0.22 / 11 11.61.18 / 13 13.53.18 / 15 15.45.18 / 17 17.39.20 / 19 19.32.14. It is, therefore, affected by multiple vulnerabilities as referenced in the 2023-01-17 advisory. - Vulnerability in the...

OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerabili...

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

RHEL 8 : java-1.8.0-ibm (RHSA-2023:0128)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0128 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

Fedora 36 : java-11-openjdk (2022-d989953883)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-d989953883 advisory. New in release OpenJDK 11.0.17 2022-10-18 Release announcement Full release notes Security Fixes - JDK-8282252: Improve BigInteger/Decimal validatio...

Fedora 36 : java-1.8.0-openjdk (2022-361f34f2a9)

"The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-361f34f2a9 advisory. New in release OpenJDK 8u352 2022-10-18 Release announcement Full release notes Security Fixes JDK-8282252: Improve BigInteger/Decimal validation...

Fedora 36 : java-latest-openjdk (2022-e8698f2e5e)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-e8698f2e5e advisory. New in release OpenJDK 19.0.1 2022-10-18 Full release notes CVEs Fixed - CVE-2022-21618 - CVE-2022-21619 - CVE-2022-21624 - CVE-2022-21628 -...

Fedora 35 : java-latest-openjdk (2022-ec7de69ceb)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-ec7de69ceb advisory. New in release OpenJDK 19.0.1 2022-10-18 Full release notes This update depends on FEDORA-2022-10bb6f119e CVEs Fixed - CVE-2022-21618 - CVE-2022-216...

Fedora 35 : java-1.8.0-openjdk (2022-b050ae8974)

"The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-b050ae8974 advisory. New in release OpenJDK 8u352 2022-10-18 Release announcement Full release notes Security Fixes JDK-8282252: Improve BigInteger/Decimal validation...