Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.26+4 January 2025 CPU Security fixes: CVE-2025-21502: Enhance array handling JDK-8330045, bsc1236278 Other changes: JDK-8224624: Inefficiencies in CodeStrings::addcomment cause - timeouts JDK-8225045:...

Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Updated to version 11.0.25+9 October 2024 CPU: CVE-2024-21208: Fixed partial DoS in component Networking bsc1231702 CVE-2024-21210: Fixed unauthorized read/write access to data in component Hotspot bsc1231711 CVE-2024-21217: Fixed partia...

ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE

A vulnerability in ActiveMQ's Jolokia integration, where an authenticated user can potentially execute arbitrary code on the server. The vulnerability stems from the ability to handle and manipulate JMX requests through Jolokia's HttpRequestHandler, allowing an attacker to exploit the...

SUSE-SU-2024:1452-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging JDK-8319851,bsc1222979 - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup JDK-8315708,bsc1222987 -...

Important: java-11-openjdk

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

Important: java-11-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

Oracle Java SE and Oracle GraalVM Security Vulnerabilities

Oracle Java SE and Oracle GraalVM are both products of Oracle Corporation.Oracle Java SE is a product for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments.Oracle GraalVM is a set of on-the-fly compilers written in the Java language...

Medium: java-11-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 20.0.2; Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Easily exploitable vulnerability...

Important: java-11-amazon-corretto

Issue Overview: An issue was discovered in function ciMethodBlocks::makeblockat in Oracle JDK HotSpot VM 11, 17 and OpenJDK HotSpot VM 8, 11, 17, allows attackers to cause a denial of service. CVE-2022-40433 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE...

OpenJDK: segmentation fault in ciMethodBlocks

A vulnerability was found in OpenJDK. This issue occurs in the ciMethodBlocks::makeblockat function in OpenJDK HotSpot VM 8 11 and 17 are fixed starting from 11.0.17 and 17.0.5 respectively, and may allow an attacker to cause a denial of service...

SUSE CVE-2018-3157

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Sound. The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

SUSE CVE-2020-2767

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

SUSE CVE-2020-2778

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

SUSE CVE-2020-2816

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability c...

CVE-2022-37022

Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. Any user wishing to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15. Use of 1.15 on Java 11 will...

CVE-2022-37021

Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Any user still on Java 8 who wishes to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15 and Java 11. ...

Apache Geode 代码问题漏洞

Apache Geode is the Apache Foundation's suite of management platforms for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. A security vulnerability exists in Apache Geode versions prior to 1.15.0 that stems from the vulnerabilit...

Apache Geode 代码问题漏洞

A remote code execution vulnerability exists in Apache Geode, the Apache Foundation's management platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures, which stems from a vulnerability to untrusted data deserialization wh...

java-11-openj9,java-1_8_0-openj9: unverified methods can be invoked using MethodHandles

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles...

java-11-openj9,java-1_8_0-openj9: unverified methods can be invoked using MethodHandles

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles...