Ubuntu 25.10 / 26.04 LTS : CRaC JDK 17 vulnerabilities (USN-8332-1)

The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8332-1 advisory. Thomas Beckers discovered that the JAXP component of CRaC JDK 17 did not correctly authenticate certain APIs. A remote unauthenticated attacker...

RockyLinux 8 : java-17-openjdk (RLSA-2026:9686)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:9686 advisory. JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK: Enhance Path Factories Redux CVE-2026-22016...

java-17-openjdk security update

An update is available for java-17-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The java-17-openjdk packages provide the OpenJDK 17 Java Runtime...

java-17-openj9-17.0.19.0-2.1 on GA media (moderate)

java-17-openj9-17.0.19.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10789-1 Rating: moderate Cross-References: CVE-2026-1188 CVSS scores: CVE-2026-1188 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can...

OPENSUSE-SU-2026:10789-1 java-17-openj9-17.0.19.0-2.1 on GA media

These are all security issues fixed in the java-17-openj9-17.0.19.0-2.1 package on the GA media of openSUSE Tumbleweed...

SUSE SLES15 Security Update : java-17-openjdk (SUSE-SU-2026:1732-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1732-1 advisory. Upgrade to upstream tag jdk-17.0.19+10 April 2026 CPU. Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker...

java-17-openj9-17.0.19.0-1.1 on GA media (moderate)

java-17-openj9-17.0.19.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10725-1 Rating: moderate Cross-References: CVE-2026-22007 CVE-2026-22016 CVE-2026-22021 CVE-2026-34268 CVSS scores: CVE-2026-22007 SUSE : 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2026-22007 SUSE : 2.1...

openSUSE 16 Security Update : java-17-openjdk (openSUSE-SU-2026:20680-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20680-1 advisory. Upgrade to upstream tag jdk-17.0.19+10 April 2026 CPU. Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker with logon to...

OPENSUSE-SU-2026:10725-1 java-17-openj9-17.0.19.0-1.1 on GA media

These are all security issues fixed in the java-17-openj9-17.0.19.0-1.1 package on the GA media of openSUSE Tumbleweed...

MiracleLinux 8 : java-17-openjdk-17.0.19.0.10-1.el8 (AXSA:2026-552:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-552:05 advisory. JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK: Enhance Path Factories Redux...

BIT-JAVA-MIN-2022-21549

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated...

BIT-JAVA-MIN-2021-35586

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

BIT-JAVA-2021-35561

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Utility. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

CLSA-2026-1777645704 java-17-openjdk: Fix of 2 CVEs

Update to jdk-17.0.19+10 RHSA-2026:9686 - Set fipsver to 62c0f885e30 - CVE-2026-22016: fix JAXP component vulnerability allowing unauthenticated remote attackers to gain unauthorized access to sensitive data in Java SE - CVE-2026-34282: fix Hotspot component vulnerability allowing unauthorized...

PT-2026-37927

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

PT-2026-37725

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

SUSE SLED15 / SLES15 Security Update : bouncycastle (SUSE-SU-2026:1639-1)

"The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1639-1 advisory. Update to version 1.84. Security issues fixed: - CVE-2025-14813: GOSTCTR implementation unable to process mor...

AlmaLinux 9 : java-17-openjdk (ALSA-2026:9686)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:9686 advisory. JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK: Enhance Path Factories Redux CVE-2026-22016...

SUSE-SU-2026:1639-1 Security update for bouncycastle

This update for bouncycastle fixes the following issues: Update to version 1.84. Security issues fixed: - CVE-2025-14813: GOSTCTR implementation unable to process more than 255 blocks correctly bsc1262225. - CVE-2026-0636: LDAP injection in LDAPStoreHelper.java leads to information disclosure...

RHSA-2026:9686 Red Hat Security Advisory: java-17-openjdk security update

Bulletin has no description...