cassandra3 -- multiple vulnerabilities

Cassandra tema reports: This release contains 6 security fixes including CVE-2022-24823: When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory CVE-2020-7238: Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects Liberty for Java for IBM Cloud due to the October 2022 CPU plus CVE-2022-3676

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. The CVEs listed in this document might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition used by IBM Master Data Management

Summary Java SE issues disclosed in the Oracle July 2022 Critical Patch Update could affect IBM Master Data Management. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- InfoSphere Maste...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to multiple issues due to IBM® SDK, Java™ Technology Edition ( CVE-2022-21541, CVE-2022-21540 )

Summary IBM Sterling Partner Engagement Manager has addressed all applicable Java SE CVEs published by Oracle as part of their July 2022 Critical Patch Update. Vulnerability Details CVEID:CVE-2022-21541 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a...

OESA-2023-1011 openjdk-11 security update

The OpenJDK runtime environment. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily...

Security Bulletin: A vulnerability exists in the IBM® SDK Java™ Technology Edition affecting IBM Tivoli Network Manager (CVE-2022-21496, CVE-2022-21434, CVE-2022-21443).

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition v4.2, which was disclosed in the Oracle April 2022 Critical Patch Update. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An unspecified vulnerability in...

Security Bulletin: IBM Security Verify Governance is vulnerable to unauthenticated access resulting in various threats (CVE-2021-35550, CVE-2021-2163, CVE-2021-35603)

Summary IBM Security Verify Governance is vulnerable to sensitive information access, high integrity impact and no availability impact by an unauthenticated attacker due to a vulnerability in Java SE related to the JSSE and Libraries componentsCVE-2021-35550, CVE-2021-2163, CVE-2021-35603. The fi...

Security Bulletin: IBM Security Verify Governance is vulnerable to unauthenticated access resulting in various threats (CVE-2022-21496)

Summary IBM Security Verify Governance is vulnerable to sensitive information access, data manipulation and denial of service by an unauthenticated attacker due to a vulnerability in Java SE related to the JNDI component CVE-2022-21496. The fix includes upgrading Java SE and Liberty to patched...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring

Summary There are several vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. Vulnerability Details CVEID:CVE-2020-2590 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Security component could...

Security Bulletin: Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus. These were disclosed as part of the IBM Java SDK updates in April 2022 and July 2022. Vulnerability Details CVEID:CVE-2021-2163 DESCRIPTION: An unspecified...

Security Bulletin: Vulnerabilities in Java and WLP affects IBM Cloud Application Business Insights

Summary Vulnerabilities in Java and WLP affects IBM Cloud Application Business Insights Vulnerability Details CVEID:CVE-2021-20492 DESCRIPTION: IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection XXE attack when processing XML...

OESA-2022-2151 openjdk-11 security update

The OpenJDK runtime environment. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7,...

Fedora 36 : java-11-openjdk (2022-d989953883)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-d989953883 advisory. New in release OpenJDK 11.0.17 2022-10-18 Release announcement Full release notes Security Fixes - JDK-8282252: Improve BigInteger/Decimal validatio...

Security Bulletin: IBM Integration Designer is vulnerable to denial of service ( CVE-2022-21626)

Summary The fix includes a new version of the IBM Runtime Environment Java Version 8 that resolves the specified vulnerability. Vulnerability Details CVEID:CVE-2022-21626 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker...

Fedora 35 : java-17-openjdk (2022-5d494ab9ab)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-5d494ab9ab advisory. New in release OpenJDK 17.0.5 2022-10-18 Release announcement Full release notes Security Fixes - JDK-8282252: Improve BigInteger/Decimal validation...

Fedora 35 : java-1.8.0-openjdk (2022-b050ae8974)

"The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-b050ae8974 advisory. New in release OpenJDK 8u352 2022-10-18 Release announcement Full release notes Security Fixes JDK-8282252: Improve BigInteger/Decimal validation...

Fedora 35 : java-latest-openjdk (2022-ec7de69ceb)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-ec7de69ceb advisory. New in release OpenJDK 19.0.1 2022-10-18 Full release notes This update depends on FEDORA-2022-10bb6f119e CVEs Fixed - CVE-2022-21618 - CVE-2022-216...

Fedora 35 : java-11-openjdk (2022-1c07902a5e)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-1c07902a5e advisory. New in release OpenJDK 11.0.17 2022-10-18 Release announcement Full release notes Security Fixes - JDK-8282252: Improve BigInteger/Decimal validatio...

Fedora 36 : java-latest-openjdk (2022-e8698f2e5e)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-e8698f2e5e advisory. New in release OpenJDK 19.0.1 2022-10-18 Full release notes CVEs Fixed - CVE-2022-21618 - CVE-2022-21619 - CVE-2022-21624 - CVE-2022-21628 -...

Fedora 36 : java-1.8.0-openjdk (2022-361f34f2a9)

"The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-361f34f2a9 advisory. New in release OpenJDK 8u352 2022-10-18 Release announcement Full release notes Security Fixes JDK-8282252: Improve BigInteger/Decimal validation...