PT-2024-5599

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1 Oracle GraalVM for JDK versions 17.0.11, 21.0.3, 22.0.1 Oracle GraalVM Enterprise Edition versions 20.3.14, 21.3.10 Description A difficult to exploit vulnerability in...

Security Bulletin: SANnav software used by IBM b-type SAN directors and switches is affected by Oracle Java SE vulnerabilities

Summary The SANnav Management Portal and Global View products are affected due to a Jave SE issue. The affected issue has been addressed and can be resolved by applying the SANnav code level listed below. CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968,...

IBM MQ 9.0 <= 9.0.0.26 / 9.1 <= 9.1.0.22 / 9.2 <= 9.2.0.26 / 9.3 < 9.3.0.20 LTS / 9.3 < 9.4 CD (7157980)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7157980 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Concurrency. Supported versions that are affected are Oracle...

Oracle Java SE Multiple Vulnerabilities (April 2023 CPU)

CVE-2023-21930 CVSS 3.1 Base Score 7.4 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2023-21937 CVSS 3.1 Base Score 3.7 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2023-21938 CVSS 3.1 Base Score 3.7 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N...

RHEL 7 : nss (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Mozilla NSS: Errors in mpdiv and mpexptmod cryptographic functions CVE-2016-1938 - SSL/TLS: Birthday atta...

RHEL 7 : lcms2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - lcms2: Out-of-bounds read in TypeMLURead CVE-2016-10165 - Unspecified vulnerability in Oracle Java SE 7u8...

RHEL 6 : java-1.5.0-ibm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - OpenJDK: inefficient use of hash tables and lists during XML parsing JAXP, 8068842 CVE-2015-4803 - OpenJD...

RHEL 6 : java-1.6.0-ibm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - OpenJDK: insufficient loader constraints checks for invokespecial Hotspot, 8180711 CVE-2017-10346 -...

RHEL 5 : java-1.6.0-sun (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - OpenJDK: improper re-use of NTLM authenticated connections Networking, 8163520 CVE-2017-3509 - OpenJDK:...

RHEL 7 : icu (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ICU: missing boundary checks in layout engine OpenJDK 2D, 8132042 CVE-2015-4844 - icu: Double free in...

RHEL 5 : java-1.5.0-ibm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - OpenJDK: inefficient use of hash tables and lists during XML parsing JAXP, 8068842 CVE-2015-4803 - OpenJD...

ROS-20240529-01

Vulnerability in the Lightweight HTTP Server component of the Oracle Java SE software platform and virtual machine Oracle GraalVM Enterprise Edition is related to unrestricted resource allocation. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of...

ROS-20240529-04

A vulnerability in the ImageIO component of the Oracle Java SE software platform and the Oracle GraalVM Virtual Machine Enterprise Edition is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a partial denial of service Vulnerability i...

ROS-20240529-05

A vulnerability in the ImageIO component of the Oracle Java SE software platform and the Oracle GraalVM Virtual Machine Enterprise Edition is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a partial denial of service Vulnerability i...

ROS-20240424-03

A vulnerability in the Serialization component of the Oracle Java SE software platform and Oracle Virtual Machine GraalVM Enterprise Edition is related to the recovery of invalid data in memory. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of...

ROS-20240424-02

A vulnerability in the Libraries component of the Oracle Java SE software platform and Oracle GraalVM virtual machine. Enterprise Edition is related to a flaw in the authorization procedure. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected informatio...

ROS-20240521-10

A vulnerability in the JSSE component of the Oracle Java SE software platform and Oracle GraalVM virtual machine. Enterprise Edition is related to the lack of message integrity checking. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information or...

ROS-20240521-09

A vulnerability in the JSSE component of the Oracle Java SE software platform and Oracle GraalVM virtual machine. Enterprise Edition is related to the lack of message integrity checking. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information or...

ROS-20240521-05

A vulnerability in the Hotspot component of the Oracle Java SE software platform and Oracle GraalVM Virtual Machine Enterprise Edition exists due to insufficient input validation. Exploitation of the vulnerability could Allow a remote attacker to disclose protected information A vulnerability in...

ROS-20240521-11

A vulnerability in the JSSE component of the Oracle Java SE software platform and Oracle GraalVM virtual machine. Enterprise Edition is related to the lack of message integrity checking. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information or...