CentOS 7 : java-1.8.0-openjdk (RHSA-2024:0223)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0223 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supporte...

CentOS 7 : java-11-openjdk (RHSA-2024:0232)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0232 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supporte...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition ((CVE-2015-0410, CVE-2014-6593, CVE-2015-0383, CVE-2015-0138))

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 5 and 7, that is used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factorin...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 & 8 used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in Oct 2017. Vulnerability Details If you run your own Java code using the IBM Java Runtime...

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2023-22081, CVE-2023-22067, CVE-2023-4807 & CVE-2023-5676)

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Version 11 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified...

Security Bulletin: IBM Security Directory Integrator affected by multiple vulnerabilities affecting IBM Java SDK

Summary Security Vulnerabilities found in IBM Java SDK shipped with IBM Security Directory Integrator have been addressed with this update. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE...

OESA-2024-1099 openjdk-11 security update

The OpenJDK runtime environment. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle...

SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2024:0203-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0203-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE componen...

The vulnerability of the Hotspot component of Oracle Java SE and Oracle GraalVM for JDK/Oracle GraalVM Enterprise Edition software allows attackers to access confidential information.

The vulnerability of the Hotspot component in Oracle Java SE and Oracle GraalVM for JDK/Oracle GraalVM Enterprise Edition virtual machines is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidential...

The vulnerability of the Security component of the Oracle Java SE software platform, as well as the Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, allows attackers to gain access to modify, add, or delete data.

The vulnerability of the Security component of Oracle Java SE software, as well as of Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to compromise the...

Oracle Linux 8 / 9 : java-1.8.0-openjdk (ELSA-2024-0265)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0265 advisory. 1:1.8.0.402.b06-0.2.0.1 - Update to shenandoah-jdk8u402-b06 GA - Update release notes for shenandoah-8u402-b06. - Add Oracle vendor bug URL Orabug:...

Important: java-1.8.0-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

Debian dsa-5604 : openjdk-11-dbg - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5604 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5604-1...

Oracle Linux 8 / 9 : java-11-openjdk (ELSA-2024-0266)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0266 advisory. 1:11.0.22.0.7-2.0.1 - Update to openjdk-11.0.22+7 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Amazon Linux 2023 : java-1.8.0-amazon-corretto, java-1.8.0-amazon-corretto-devel (ALAS2023-2024-486)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-486 advisory. A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option --no-java was set. CVE-2024-20918 With carefully crafted custom bytecode...

Important: java-1.8.0-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

Important: java-1.8.0-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

The vulnerability of the JavaFX virtual machine Oracle GraalVM Enterprise Edition and the Oracle Java SE software platform allows a perpetrator to gain access to read, modify, or delete data.

The vulnerability of the JavaFX virtual machine Oracle GraalVM Enterprise Edition and the Oracle Java SE software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to read, modify, or delete data...

The vulnerability of the Scripting component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Scripting component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized...

Oracle Linux 8 / 9 : java-17-openjdk (ELSA-2024-0267)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0267 advisory. 1:17.0.10.0.7-2.0.1 - Rebase to 17.0.10.0.7 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...