Security Bulletin: Multiple vulnerabilities in IBM JRE affect IBM Tivoli Composite Application Manager for Transactions (Multiple CVEs)

Summary There are multiple vulnerabilities in IBM JRE Version 6.0, 7.0 and 8.0 that is used by IBM Tivoli Composite Application Manager for Transactions. These issues were disclosed as part of the IBM JRE updates in Oct 2017. Vulnerability Details CVEID: CVE-2017-10345 DESCRIPTION: An unspecified...

Security Bulletin: Multiple vulnerabilities in IBM Java SD affect Guardium Data Redaction

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition version 6 that is used by Guardium Data Redaction. These issues were disclosed as part of the IBM Java SDK updates for October 2015. Vulnerability Details CVEID: CVE-2015-4844 DESCRIPTION: An unspecified vulnerability...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect IBM Decision Optimization Center and IBM ILOG ODM Enterprise

Summary There are multiple vulnerabilities in IBM® SDK Java™ and IBM® Runtime Environment Java™ Versions 6 and 7 used by IBM Decision Optimization Center. These issues were disclosed as part of the IBM Java SDK updates in July 2017. Vulnerability Details If you run your own Java code using the IB...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center (CVE-2017-10295, CVE-2017-10345, CVE-2017-10355, CVE-2017-10356)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM Cognos Command Center. These issues were disclosed as part of the IBM Java SDK updates for October 2017. Vulnerability Details CVEID: CVE-2017-10345 DESCRIPTION: An...

Security Bulletin: CICS Transaction Gateway for Multiplatforms

Summary Multiple security vulnerabilities exist in the JREs shipped with CICS Transaction Gateway CICS TG for client applications. CICS TG itself is not vulnerable to all these risks but client side applications using the CICS TG supplied JREs might be. Vulnerability Details CVEID: CVE-2016-3443...

Ubuntu 16.04 LTS : OpenJDK 8 vulnerabilities (USN-3644-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3644-1 advisory. It was discovered that the Security component of OpenJDK did not correctly perform merging of multiple sections for the same file listed in JAR archive...

Oracle Java SE and JRockit have unspecified vulnerabilities (CNVD-2018-09073)

Java SE stands for Java Platform Standard Edition and is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments. Java SE Embedded is based on Java SE and offers specific features and support for embedded systems. the JRockit family of...

USN-3497-1 openjdk-7 vulnerabilities

It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. CVE-2017-10274 Gaston Traberg discovered that th...

OpenJDK: unbounded memory allocation in BasicAttribute deserialization (Serialization, 8174105)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker...

Security update for java-1_8_0-openjdk (important)

java-180-openjdk was updated to fix 24 security issues. These security issues were fixed: - CVE-2015-4734: A remote user can exploit a flaw in the Embedded JGSS component to partially access data - CVE-2015-4803: A remote user can exploit a flaw in the JRockit JAXP component to cause partial deni...

jre7-openjdk: multiple issues

CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...