CVE-2025-11165

A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility (CVE-2025-1470, CVE-2025-1471)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 11 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-1470 DESCRIPTION: In...

[SECURITY] Fedora 42 Update: java-latest-openjdk-26.0.0.0.32-0.0.1.ea.fc42

The OpenJDK 26 runtime environment...

[SECURITY] Fedora 42 Update: java-21-openjdk-21.0.10.0.7-2.fc42

The OpenJDK 21 runtime environment...

Important: Red Hat Security Advisory: OpenJDK 25.0.2 Security Update for Windows Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

[SECURITY] Fedora 43 Update: java-latest-openjdk-26.0.0.0.32-0.0.1.ea.fc43

The OpenJDK 26 runtime environment...

[SECURITY] Fedora 43 Update: java-21-openjdk-21.0.10.0.7-2.fc43

The OpenJDK 21 runtime environment...

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus have been addressed. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote...

Security Bulletin: Vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are vulnerabilities in IBM® SDK Java™ used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle October 2025 Critical Patch Update...

ALSA-2026:0932 Important: java-1.8.0-openjdk security update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: JDK: Improve JMX connections CVE-2026-21925 JDK: Improve HttpServer Request handling CVE-2026-21933 JDK: Enhance Certificate Checking CVE-2026-21945...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to multiple issues due to IBM Runtime Environment Java Technology Edition Version 8

Summary There are vulnerabilities in IBM Runtime Environment Java Technology Edition Version 8 used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An...

security-antipatterns-java

Security Anti-Patterns for Java AI coding agents write insecu...

MiracleLinux 9 : java-1.8.0-openjdk-1.8.0.362.b09-2.el9 (AXSA:2023-5054:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5054:05 advisory. OpenJDK: improper restrictions in CORBA deserialization Serialization, 8285021 CVE-2023-21830 OpenJDK: soundbank URL remote loading Sound, 8293742...

MiracleLinux 9 : java-17-openjdk-17.0.12.0.7-2.el9.ML.1 (AXSA:2024-8577:11)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8577:11 advisory. OpenJDK: RangeCheckElimination array index overflow 8323231 CVE-2024-21147 OpenJDK: potential UTF8 size overflow 8314794 CVE-2024-21131 OpenJDK:...

MiracleLinux 7 : java-1.7.0-openjdk-1.7.0.99-2.6.5.0.1.el7.AXS7 (AXSA:2016-197:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-197:01 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2016-0636 RESERVED This candidate has been reserved by an organization or...

MiracleLinux 3 : java-1.6.0-openjdk-1.6.0.0-1.41.1.11.11.90.0.1.AXS3 (AXSA:2013-553:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-553:03 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2013-1500 Unspecified vulnerability in the Java Runtime Environment JRE...

MiracleLinux 4 : java-1.6.0-openjdk-1.6.0.0-1.61.1.11.11.AXS4 (AXSA:2013-428:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-428:03 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2013-0401 The Java Runtime Environment JRE component in Oracle Java SE ...

MiracleLinux 4 : java-1.6.0-openjdk-1.6.0.37-1.13.9.4.AXS4 (AXSA:2015-565:05)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-565:05 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2015-4734 Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and...

MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.101-2.6.6.1.AXS4 (AXSA:2016-214:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-214:03 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2016-0686 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and...

MiracleLinux 7 : java-1.7.0-openjdk-1.7.0.141-2.6.10.0.0.1.el7.AXS7 (AXSA:2017-1653:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1653:02 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2017-3509 Vulnerability in the Java SE, Java SE Embedded component of...