22 matches found
EUVD-2024-32500
Malicious code in bioql PyPI...
Security Bulletin: There are multiple vulnerabilities that affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.
Summary There are multiple vulnerabilities that affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. Updates for CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition have been released to address these vulnerabilities...
Security Bulletin: Multiple vulnerabilities affect IBM® Semeru Runtime
Summary This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their April 2024 Vulnerability Advisory, plus CVE-2024-3933. For more information please refer to OpenJDK's April 2024 Vulnerability Advisory and the X-Force database entries referenced below. Vulnerability...
SUSE CVE-2024-3933
In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, when running with JVM option -Xgc:concurrentScavenge, the sequence generated for System.arrayCopy on the IBM Z platform with hardware and software support for guarded storage 1, could allow access to a buffer with an incorrect...
CVE-2024-3933
In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, when running with JVM option -Xgc:concurrentScavenge, the sequence generated for System.arrayCopy on the IBM Z platform with hardware and software support for guarded storage 1, could allow access to a buffer with an incorrect...
CVE-2024-3933
In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, when running with JVM option -Xgc:concurrentScavenge, the sequence generated for System.arrayCopy on the IBM Z platform with hardware and software support for guarded storage 1, could allow access to a buffer with an incorrect...
PT-2024-28452
Name of the Vulnerable Software and Affected Versions Eclipse OpenJ9 versions 0.13.0 through 0.43.0 Description The issue occurs when running Eclipse OpenJ9 with the JVM option -Xgc:concurrentScavenge on the IBM Z platform, which has hardware and software support for guarded storage. This allows...
SUSE CVE-2019-17639
In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value...
PT-2020-14923 · Readytalk · Readytalk Avian
Name of the Vulnerable Software and Affected Versions: ReadyTalk Avian version 1.2.0 Description: An issue was discovered in the vm::arrayCopy method defined in classpath-common.h, which returns silently when a negative length is provided, instead of throwing an exception. This could result in da...
Avian JVM 1.2.0 Integer Overflow
Vulnerability title: Avian JVM vm::arrayCopy Multiple Integer Overflows Author: Pietro Oliva CVE: CVE-2020-17360 Vendor: ReadyTalk Product: Avian JVM Affected version: 1.2.0 Description: The issue is located in the vm::arrayCopy method defined in classpath-common.h, where multiple boundary checks...
JDK: Information disclosure via calls to System.arraycopy() with invalid length
In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value...
JDK: Information disclosure via calls to System.arraycopy() with invalid length
In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value...
OpenJDK: incomplete type checks of System.arraycopy arguments (Hotspot, 8160591)
It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions...
OpenJDK: System.arraycopy() element race condition (Hotspot, 8029858)
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...
OpenJDK: System.arraycopy() element race condition (Hotspot, 8029858)
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...
OpenJDK: System.arraycopy() element race condition (Hotspot, 8029858)
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...
OpenJDK: System.arraycopy() element race condition (Hotspot, 8029858)
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...
OpenJDK: System.arraycopy() element race condition (Hotspot, 8029858)
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...
CVE-2011-0990
Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service plugin crash or...
OpenJDK System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095...