Important: Red Hat Security Advisory: java-1.8.0-ibm security update

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : OpenJDK vulnerabilities (USN-6263-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6263-1 advisory. Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An...

Oracle Linux 9 : java-17-openjdk (ELSA-2023-4177)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-4177 advisory. - OpenJDK: ZIP file parsing infinite loop 8302483 CVE-2023-22036 - OpenJDK: weakness in AES implementation 8308682 CVE-2023-22041 - OpenJDK: improper...

Oracle Linux 8 : java-11-openjdk (ELSA-2023-4175)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-4175 advisory. 1:11.0.20.0.8-2.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:11.0.20.0.8-2 - Bump release number so we are newer than 9.0 - Related: rhbz2221106...

CentOS 7 : java-1.8.0-openjdk (RHSA-2023:1904)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1904 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affecte...

Security Bulletin: A vulnerability in IBM Java Runtime used by the IBM Installation Manager and IBM Packaging Utility

Summary There is a vulnerability in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVE and we recommend updating to the latest version to remediate...

K000135637: Java vulnerability CVE-2023-22049

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterpri...

K000135636: Java vulnerability CVE-2023-22041

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Editio...

K000135635: Java vulnerability CVE-2023-22044

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u371-perf, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 21.3.6...

K000135626: Oracle Java vulnerability CVE-2023-22036

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Utility. Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10,...

SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2023:2990-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2990-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE componen...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Java

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Java. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an...

Debian DSA-5458-1 : openjdk-17 - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5458 advisory. Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced...

Oracle Linux 9 : java-11-openjdk (ELSA-2023-4158)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-4158 advisory. 1:11.0.20.0.8-2.0.1 - Add Oracle vendor bug URL Orabug: 34340155 - Fix tzdata requirement copy-and-paste error that led to two BuildRequires and no...

Oracle Linux 8 : java-17-openjdk (ELSA-2023-4159)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-4159 advisory. - OpenJDK: ZIP file parsing infinite loop 8302483 CVE-2023-22036 - OpenJDK: weakness in AES implementation 8308682 CVE-2023-22041 - OpenJDK: improper...

F5 Networks BIG-IP : Java vulnerabilities (K000135555)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K000135555 advisory. CVE-2020-2756Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serializatio...

CVE-2023-22043

Vulnerability in Oracle Java SE component: JavaFX. The supported version that is affected is Oracle Java SE: 8u371. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability...

OpenJDK: weakness in AES implementation (8308682)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2;...

OpenJDK: array indexing integer overflow issue (8304468)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...