OpenJDK: arbitrary Java code execution in Nashorn (8314284)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or...

OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : OpenJDK 8 vulnerabilities (USN-6696-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6696-1 advisory. Yi Yang discovered that the Hotspot component of OpenJDK 8 incorrectly handled array accesses in the C1 compiler. An...

Zimbra Collaboration Server 8.8.x < 8.8.15 Patch 45, 9.x < 9.0.0 Patch 38, 10.0.x < 10.0.6 Multiple Vulnerabilities

According to its self-reported version number, Zimbra Collaboration Server is affected by multiple vulnerabilities including: - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Ja...

SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-openjdk (SUSE-SU-2024:0847-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0847-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Ja...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to high integrity impacts due to Oracle Java SE (CVE-2023-22043)

Summary IBM Sterling Partner Engagement Manager uses Oracle Java SE. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-22043 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the JavaFX component could allow a remote...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to multiple issues due to Oracle Java SE

Summary IBM Sterling Partner Engagement Manager uses Oracle Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the...

SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2024:0804-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0804-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE componen...

K000138850: OpenJDK vulnerabilities CVE-2024-20918, CVE-2024-20925, CVE-2024-20945, CVE-2024-20952, and CVE-2024-20955

Security Advisory Description CVE-2024-20918 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle...

openSUSE: Security Advisory for java (SUSE-SU-2023:3305-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: There are multiple vulnerabilities in IBM Semeru Runtime that is shipped with CICS Transaction Gateway for Multiplatforms.

Summary There are multiple vulnerabilities in IBM Semeru Runtime that is shipped with CICS Transaction Gateway for Multiplatforms. An update to CICS Transaction Gateway for Multiplatforms has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: A...

Security Bulletin: There are multiple vulnerabilities in IBM Semeru Runtime that is shipped with CICS Transaction Gateway Desktop Edition.

Summary There are multiple vulnerabilities in IBM Semeru Runtime that is shipped with CICS Transaction Gateway Desktop Edition. An update to CICS Transaction Gateway Desktop Edition has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : OpenJDK 21 vulnerabilities (USN-6662-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6662-1 advisory. Yi Yang discovered that the Hotspot component of OpenJDK 21 incorrectly handled array accesses in the C1 compiler. An attacker could...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : OpenJDK 11 vulnerabilities (USN-6660-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6660-1 advisory. Yi Yang discovered that the Hotspot component of OpenJDK 11 incorrectly handled array accesses in the C1 compiler. An...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : OpenJDK 17 vulnerabilities (USN-6661-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6661-1 advisory. Yi Yang discovered that the Hotspot component of OpenJDK 17 incorrectly handled array accesses in the C1 compiler. An...

SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-ibm (SUSE-SU-2024:0619-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0619-1 advisory. - IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side chann...

SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2024:0605-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0605-1 advisory. - IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.7.1.6)

The version of AOS installed on the remote host is prior to 6.7.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.7.1.6 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.5.5)

The version of AOS installed on the remote host is prior to 6.5.5.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.5.5 advisory. - A use-after-free vulnerability in the Linux kernel's net/sched: clsu32 component can be exploited to achieve local privileg...

CentOS 7 : java-1.8.0-ibm (RHSA-2024:0879)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0879 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: CORBA. Supported versions that are affect...