Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to unspecified vulnerabilities in IBM Runtime Environment Java Technology Edition

Summary There are vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 7 and 8 applying to IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the issues. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: ...

Medium: java-1.8.0-amazon-corretto

Issue Overview: Vulnerability in Oracle Java SE component: JavaFX. The supported version that is affected is Oracle Java SE: 8u371. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of thi...

AlmaLinux 9 : java-1.8.0-openjdk (ALSA-2023:4178)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4178 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Hotspot. Supported...

AlmaLinux 9 : java-11-openjdk (ALSA-2023:4158)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4158 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Networking. Supporte...

Oracle Linux 7 : java-11-openjdk (ELSA-2023-4233)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-4233 advisory. 1:11.0.20.0.8-1.0.1 - link atomic for ix86 build 1:11.0.20.0.8-1 - Update to jdk-11.0.20.0+8 GA - Update release notes to 11.0.20.0+8 - Switch to GA mo...

Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2023-4166)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-4166 advisory. 1:1.8.0.382.b05-1 - Update to shenandoah-jdk8u372-b05 GA - Update release notes for shenandoah-8u372-b05. - This tarball is embargoed until 2023-07-18 ...

Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2023-007)

The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0382.b05-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2023-007 advisory. Vulnerability in Oracle Java SE component: JavaFX. The supported version that is affecte...

AlmaLinux 8 : java-11-openjdk (ALSA-2023:4175)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4175 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Networking. Supporte...

AlmaLinux 8 : java-1.8.0-openjdk (ALSA-2023:4176)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4176 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Hotspot. Supported...

AlmaLinux 8 : java-17-openjdk (ALSA-2023:4159)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4159 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Networking. Supporte...

OpenJDK: array indexing integer overflow issue (8304468)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

OpenJDK: ZIP file parsing infinite loop (8302483)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Utility. Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM...

OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

OpenJDK: weakness in AES implementation (8308682)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2;...

OpenJDK: HTTP client insufficient file name validation (8302475)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle...

OpenJDK: HTTP client insufficient file name validation (8302475)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle...

OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

OpenJDK: weakness in AES implementation (8308682)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2;...

OpenJDK: array indexing integer overflow issue (8304468)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

OpenJDK: ZIP file parsing infinite loop (8302483)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Utility. Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM...