Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. Vulnerability Details CVEID: CVE-2022-21341...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (January 2022) affects IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2022. Vulnerability Details CVEID: CVE-2021-35603 DESCRIPTION: An unspecifie...

OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

OpenJDK: URI parsing inconsistencies (JNDI, 8278972)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

Moderate: Red Hat Security Advisory: java-1.8.0-ibm security update

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Utility. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

Security Bulletin: Multiple vulnerabilities in Java SE that could allow an unauthenticated attacker to obtain sensitive information affect IBM® Db2®. (CVE-2021-35603, CVE-2021-35550, CVE-2021-2341)

Summary Multiple vulnerabilites in Java SE that could allow an unauthenticated attacker to obtain sensitive information. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain...

Security Bulletin: Vulnerability in IBM Java SDK affects IMS™ Enterprise Suite: Explorer for Development (CVE-2017-10356).

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8.0.5.1 and earlier that is used by IMS™ Enterprise Suite: Explorer for Development. This issue was disclosed as part of the IBM Java SDK updates in October 2017. Vulnerability Details CVEID: CVE-2017-10356 DESCRIPTION...

Security Bulletin: Vulnerability in IBM Java SDK affects IMS™ Enterprise Suite: Explorer for Development (CVE-2016-2183, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549).

Summary There is vulnerability in IBM® SDK Java™ Technology Edition, Version 8.0.3.22 and earlier that is used by IMS™ Enterprise Suite: Explorer for Development. This issue was disclosed as part of the IBM Java SDK updates in January 2017. Vulnerability Details CVEID: CVE-2016-5548 DESCRIPTION: ...

Security Bulletin: Vulnerability in IBM Java SDK affects IMS™ Enterprise Suite: Explorer for Development (CVE-2018-2579, CVE-2018-2602, CVE-2018-2603, CVE-2018-2633 ).

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8.0.5.7 and earlier that is used by IMS™ Enterprise Suite: Explorer for Development. This issue was disclosed as part of the IBM Java SDK updates in January 2018. Vulnerability Details CVEID:CVE-2018-2579 DESCRIPTION: ...

Security Bulletin: CVE-2021-35561 may affect IBM® SDK, Java™ Technology Edition

Summary CVE-2021-35561 was disclosed as part of the Oracle October 2021 Critical Patch Update. Vulnerability Details CVEID: CVE-2021-35561 DESCRIPTION: An unspecified vulnerability in Java SE related to the Utility component could allow an unauthenticated attacker to cause a denial of service...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their April 2022 Critical Patch Update, except for CVE-2022-21426 which will be described in a future bulletin. For more information please refer to Oracle's April 2022 CPU Advisory and the X-Force database...

EulerOS 2.0 SP3 : java-1.7.0-openjdk (EulerOS-SA-2022-1732)

According to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported...

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to XStream, Apache Xerces2, Jackson, OpenSSL, and Java SE

Summary Vulnerabilities in XStream, Apache Xerces2, Jackson, OpenSSL, and Java SE such as execution of arbitrary code, denial of service, server-side request forgery, amd weaker than expected security may affect IBM Spectrum Control. Vulnerability Details CVEID: CVE-2021-4160 DESCRIPTION: OpenSSL...

EulerOS 2.0 SP3 : java-1.8.0-openjdk (EulerOS-SA-2022-1733)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported...

Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime

Summary This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their April 2022 Vulnerability Advisory. For more information please refer to OpenJDK's April 2022 Vulnerability Advisory and the X-Force database entries referenced below. Vulnerability Details CVEID:...

Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2022-1733)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...