Eclipse OpenJ9 Competition Condition Issue Vulnerability

Eclipse OpenJ9 is a Java application engine from the Eclipse Foundation. It is primarily used to run Java applications. A security vulnerability exists in Eclipse OpenJ9 versions prior to 0.41.0, which stems from the fact that if a shutdown signal is received before the JVM completes...

Security Bulletin: Multiple vulnerabilities in the GSKit builds affect IBM Rational ClearQuest

Summary There are multiple vulnerabilities in the GSKit, which are used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-33850 DESCRIPTION: IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information,...

Oracle Database Server 安全漏洞

Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing and other functions. A security vulnerability exists in the Java VM component of Oracle Database Server, whi...

SUSE-SU-2023:2863-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Updated to Java 8.0 Service Refresh 8 Fix Pack 6 bsc1213000: - Fixed issue in Java Virtual Machine where outofmemory OOM killer terminates the jvm due to failure in control groups detection...

Zimbra Collaboration Suite 命令注入漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra in the United States. The product includes WebMail, Calendar, Address Book and more. A security vulnerability exists in Zimbra Collaboration Suite versions 9.0 and 8.8.15, which stems from a local elevation of...

CVE-2023-21934

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows low privileged attacker having User Account privilege with network access via TLS to compromise Java VM. Successful attacks of this...

PT-2023-2526 · Oracle · Oracle Database Server

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19c and 21c Description: The issue is related to insufficient input validation in the Java VM component of the Oracle Database Server. This can be exploited by a remote attacker to gain read, modify, add, or...

CVE-2022-43938

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports .prpt through the JVM script manager...

PT-2023-2845 · Zimbra · Zimbra Collaboration Suite

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite versions 8.8.15 through 9.0 Description: The issue in Zimbra Collaboration Suite is related to the use of certain JVM arguments in the mailbox manager, which can be exploited by an attacker with initial user access ...

SUSE CVE-2015-1914

IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine...

SUSE CVE-2015-2629

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0457...

SUSE CVE-2015-4794

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors...

SUSE CVE-2015-4796

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-4888...

SUSE CVE-2015-5041

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods...

SUSE CVE-2017-1376

A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID: 126873...

SUSE CVE-2018-1417

Under certain circumstances, a flaw in the J9 JVM IBM SDK, Java Technology Edition 7.1 and 8.0 allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823...

SUSE CVE-2021-35619

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Difficult to exploit vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM...

jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

Security Bulletin: A vulnerability in the IBM Java Runtime affects IBM Rational ClearCase (CVE-2022-21626)

Summary There are vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which is used by IBM Rational ClearCase. These issues were disclosed as part of the IBM Java SDK updates in Oct 2022 - Includes Oracle October 2022 CPU Vulnerability Details CVEID:CVE-2022-21626 DESCRIPTION:...

RLSA-2023:0194 Moderate: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: handshake DoS attack against DTLS connections JSSE, 8287411 CVE-2023-21835 OpenJDK: soundbank URL remote loading Sound, 8293742 CVE-2023-21843 Fo...