EulerOS 2.0 SP8 : java-1.8.0-openjdk (EulerOS-SA-2022-1571)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported...

Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2022-1487)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1487 advisory. 1:1.8.0.332.b09-1 - Update to shenandoah-jdk8u332-b09 GA - Update release notes for 8u332-b09. - Switch to GA mode for final release. - This tarball is...

Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2022-1571)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 : java-1.8.0-openjdk (ELSA-2022-1491)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1491 advisory. 1:1.8.0.332.b09-1 - Update to shenandoah-jdk8u332-b09 GA - Update release notes for 8u332-b09. - Switch to GA mode for final release. - This tarball is...

Privilege Escalation

openjdk is vulnerable to privilege escalation. The vulnerability exists due to a lack of validation of authorization allowing an attacker to update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data...

Privilege Escalation

openjdk is vulnerable to privilege escalation. The vulnerability exists due to a lack of validation of authorization allowing an attacker to gain unauthorized access to critical data or complete access to all Oracle Java SE...

Privilege Escalation

openjdk is vulnerable to privilege escalation. The vulnerability exists due to a lack of validation of authorization allowing an attacker to gain unauthorized access to critical data or complete access to all Oracle Java SE...

Signature Verification Bypass

Oracle Java SE and Oracle GraalVM Enterprise Edition product of Oracle Java SE their component: Libraries are vulnerable to signature verification bypass. The vulnerability is possible due to a flawed implementation of ECDSA verification code rewritten from native C++ code, allowing an attacker t...

Oracle Java SE Input Validation Error Vulnerability (CNVD-2022-32662)

Oracle Java SE, an Oracle company, is used to develop and deploy Java applications on desktops, servers, and embedded devices and live environments.Oracle Java SE is vulnerable to an input validation error that could be exploited by an attacker to cause unauthorized creation, deletion, or...

The vulnerability of the ECDSA digital signature algorithm implementation in Oracle Java SE software and the Oracle GraalVM Enterprise Edition virtual machine allows a perpetrator to compromise the confidentiality, integrity, and accessibility of information.

The vulnerability of the ECDSA digital signature algorithm implementation in Oracle Java SE software and the Oracle GraalVM Enterprise Edition virtual machine is related to improper verification of the cryptographic signature. Exploiting this vulnerability could allow an attacker to compromise th...

Oracle Linux 8 : java-17-openjdk (ELSA-2022-1445)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1445 advisory. - JDK-8275082 should be listed as also resolving JDK-8278008 & CVE-2022-21476 Tenable has extracted the preceding description block directly from the...

Oracle Linux 8 : java-11-openjdk (ELSA-2022-1442)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1442 advisory. 1:11.0.15.0.9-2 - Add JDK-8284920 fix for XPath regression - Related: rhbz2073422 1:11.0.15.0.9-2 - Remove security items from release notes that were...

Oracle Linux 7 : java-11-openjdk (ELSA-2022-1440)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1440 advisory. 1:11.0.15.0.9-2.0.1 - link atomic for ix86 build 1:11.0.15.0.9-2 - Add JDK-8284920 fix for XPath regression - Related: rhbz2073422 1:11.0.15.0.9-2 -...

Security Bulletin: Vulnerability in Java SE libraries could allow unauthenticated attacker to cause denial of service (CVE-2020-2754, CVE-2020-2755)

Summary An unspecified vulnerability in Java SE related to the Java SE Libraries component used by Global Name Management could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. Vulnerability Details Refer to the...

Security Bulletin: Vulnerability in Java SE libraries could allow unauthenticated attacker to cause denial of service (CVE-2020-2654)

Summary An unspecified vulnerability in Java SE related to the Java SE Libraries component used in IBM InfoSphere Global Name Management could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. Vulnerability Details...

Security Bulletin: Vulnerabilities in IBM Java SE affect IBM InfoSphere Global Name Management (CVE-2020-14782)

Summary In the Java used in IBM InfoSphere Global Name Management 6.0, an unspecified vulnerability related to the Libraries component could allow an unauthenticated attacker to cause low integrity impact. This vulnerability has no confidentiality impact or availability impact. Vulnerability...

OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

OpenJDK: URI parsing inconsistencies (JNDI, 8278972)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...