11989 matches found
Oracle Linux 8 / 9 : java-1.8.0-openjdk (ELSA-2024-0265)
The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0265 advisory. 1:1.8.0.402.b06-0.2.0.1 - Update to shenandoah-jdk8u402-b06 GA - Update release notes for shenandoah-8u402-b06. - Add Oracle vendor bug URL Orabug:...
Debian dsa-5604 : openjdk-11-dbg - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5604 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5604-1...
Oracle Linux 8 / 9 : java-11-openjdk (ELSA-2024-0266)
The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0266 advisory. 1:11.0.22.0.7-2.0.1 - Update to openjdk-11.0.22+7 Tenable has extracted the preceding description block directly from the Oracle Linux security...
Important: java-1.8.0-amazon-corretto
Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...
Important: java-1.8.0-amazon-corretto
Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...
Oracle Linux 8 / 9 : java-17-openjdk (ELSA-2024-0267)
The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0267 advisory. 1:17.0.10.0.7-2.0.1 - Rebase to 17.0.10.0.7 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...
Important: java-1.8.0-amazon-corretto
Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...
The vulnerability of the JavaFX virtual machine Oracle GraalVM Enterprise Edition and the Oracle Java SE software platform allows a perpetrator to gain access to read, modify, or delete data.
The vulnerability of the JavaFX virtual machine Oracle GraalVM Enterprise Edition and the Oracle Java SE software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to read, modify, or delete data...
The vulnerability of the Scripting component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Scripting component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized...
AlmaLinux 9 : java-1.8.0-openjdk (ALSA-2024:0265)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0265 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...
AlmaLinux 9 : java-11-openjdk (ALSA-2024:0266)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0266 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...
AlmaLinux 9 : java-21-openjdk (ALSA-2024:0249)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0249 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...
AlmaLinux 9 : java-17-openjdk (ALSA-2024:0267)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0267 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...
Oracle Linux 9 : java-21-openjdk (ELSA-2024-0249)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0249 advisory. 1:21.0.2.0.13-1.0.1 - Add Oracle vendor bug URL 1:21.0.2.0.13-1 - Rebase to 21.0.2.0.13 Tenable has extracted the preceding description block directly...
AlmaLinux 8 : java-21-openjdk (ALSA-2024:0248)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0248 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...
OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...
Amazon Linux 2023 : java-11-amazon-corretto, java-11-amazon-corretto-devel, java-11-amazon-corretto-headless (ALAS2023-2024-484)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-484 advisory. A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option --no-java was set. CVE-2024-20918 With carefully crafted custom bytecode...
Important: java-11-amazon-corretto
Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...
Important: java-21-amazon-corretto
Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...
Important: java-17-amazon-corretto
Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...