AlmaLinux 9 : java-17-openjdk (ALSA-2022:6999)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:6999 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected a...

OpenJDK 7 <= 7u351 / 8 <= 8u342 / 11.0.0 <= 11.0.16 / 13.0.0 <= 13.0.12 / 15.0.0 <= 15.0.8 / 17.0.0 <= 17.0.4 / 19.0.0 <= 19.0.0 Multiple Vulnerabilities (2022-10-18

The version of OpenJDK installed on the remote host is prior to 7 = 7u351 / 8 = 8u342 / 11.0.0 = 11.0.16 / 13.0.0 = 13.0.12 / 15.0.0 = 15.0.8 / 17.0.0 = 17.0.4 / 19.0.0 = 19.0.0. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022-10-18 advisory. Please Note: Java CVE...

Oracle Linux 9 : java-11-openjdk (ELSA-2022-7013)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7013 advisory. 11.0.17.0.8-2.0.1 - Replace upstream references Orabug: 34340155 1:11.0.17.0.8-2 - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Upda...

Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2022-7002)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7002 advisory. 1:1.8.0.352.b08-2 - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Add test to ensure timezones can be translated - Related: rhbz21336...

Amazon Linux 2 : java-11-amazon-corretto (ALAS-2022-1867)

The version of java-11-amazon-corretto installed on the remote host is prior to 11.0.17+8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1867 advisory. Title: Wider MultiByte conversionsBuffer overflow is possible due to incorrect byte count should be...

Oracle Linux 9 : java-17-openjdk (ELSA-2022-6999)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6999 advisory. 1:17.0.5.0.8-2 - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Update CLDR data with Europe/Kyiv JDK-8293834 - Drop JDK-8292223 patch...

Amazon Linux 2 : java-17-amazon-corretto (ALAS-2022-1866)

The version of java-17-amazon-corretto installed on the remote host is prior to 17.0.5+8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1866 advisory. Title: Wider MultiByte conversionsBuffer overflow is possible due to incorrect byte count should be...

Oracle Linux 9 : java-1.8.0-openjdk (ELSA-2022-7007)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7007 advisory. 1.8.0.352.b08-2.0.1 - Replace upstream references Orabug: 34340145 1:1.8.0.352.b08-2 - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 -...

AlmaLinux 9 : java-11-openjdk (ALSA-2022:7013)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7013 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected a...

AlmaLinux 8 : java-11-openjdk (ALSA-2022:7012)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7012 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected a...

Security Bulletin: IBM Sterling Order Management Jave vulnerability

Summary Java SE related to the 2D component could allow a remote attacker Vulnerability Details CVEID:CVE-2014-0459 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the 2D component could allow a remote attacker to cause a denial of service. CVSS Base score: 4.3 CVSS Tempora...

OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated...

OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerabilit...

OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerabili...

OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to...

OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerabilit...

OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerabili...

OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated...

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerabilit...