EUVD-2025-206910

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

CVE-2025-33042 Apache Avro Java SDK: Code injection on Java generated code

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

CVE-2025-33042

CVE-2025-33042 : Improper control of generation of code (Code Injection) in the Apache Avro Java SDK. Affects all versions up to 1.11.4 and 1.12.0; upgrading to 1.12.1 or 1.11.5 fixes the issue. CVSS v3.1 base score 7.3 (HIGH). Connected IBM advisories confirm the same vulnerability and the recom...

java-25-openjdk security update

An update is available for java-25-openjdk. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The OpenJDK 25 packages provide the OpenJDK 25 Java Runtime Environme...

RLSA-2026:0933 Important: java-25-openjdk security update

The OpenJDK 25 packages provide the OpenJDK 25 Java Runtime Environment and the OpenJDK 25 Java Software Development Kit. Security Fixes: JDK: Improve JMX connections CVE-2026-21925 JDK: Improve HttpServer Request handling CVE-2026-21933 JDK: Enhance Certificate Checking CVE-2026-21945 libpng:...

Apache Avro Java SDK 安全漏洞

The Apache Avro Java SDK is a data processing toolkit developed by the Apache Foundation. Versions of the Apache Avro Java SDK prior to 1.11.4 and 1.12.0 have security vulnerabilities. These vulnerabilities stem from improper control over the generation of specific record schema code from the...

SAP NetWeaver AS Java CRLF Injection (3673213)

The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a CRLF injection vulnerability as disclosed in the SAP Security Patch Day February 2026: - SAP NetWeaver Application Server Java is affected by a CRLF injection vulnerability. An attacker could exploit...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.3.1.4)

The version of AOS installed on the remote host is prior to 7.3.1.4. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.3.1.4 advisory. - Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged...

PT-2026-7986

Name of the Vulnerable Software and Affected Versions Apache Avro Java SDK versions through 1.11.4 and version 1.12.0 Description An Improper Control of Generation of Code 'Code Injection' issue exists in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. The flaw...

Security Bulletin: IBM Integration Designer is vulnerable to improper access control (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925 )

Summary Vulnerability in the IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVEs. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility (CVE-2025-1470, CVE-2025-1471)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 11 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-1470 DESCRIPTION: In...

SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2026:0441-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0441-1 advisory. - CVE-2026-21925: Fixed a vulnerability in the Oracle Java SE component RMI. bsc1257034 - CVE-2026-21932: Fixed a vulnerability in the Oracle...

Security Bulletin: Multiple vulnerabilities in IBM Planning Analytics

Summary Multiple vulnerabilities were addressed in IBM Planning Analytics Local. Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause no confidentiality impact, high integrity impac...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM shipped with IBM Buinses Automation Workflow (Januar 2026 CPU and CVE-2026-1188)

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server in IBM Business Automtation Workflow traditional. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: CVE-2026-21925: Fixed a vulnerability in the Oracle Java SE component RMI. bsc1257034 CVE-2026-21932: Fixed a vulnerability in the Oracle Java SE component AWT and JavaFX. bsc1257036 CVE-2026-21933: Fixed a vulnerability in the Oracle...

CVE-2026-23686

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...

CVE-2026-23685

Due to a Deserialization vulnerability in SAP NetWeaver JMS service, an attacker authenticated as an administrator with local access could submit specially crafted content to the server. If processed by the application, this content could trigger unintended behavior during internal logic executio...

SUSE SLES15 / openSUSE 15 Security Update : java-17-openjdk (SUSE-SU-2026:0415-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0415-1 advisory. Upgrade to upstream tag jdk-17.0.18+8 January 2026 CPU Security fixes: - CVE-2026-21925: Fixed Oracle Java SE compone...

SUSE SLES15 / openSUSE 15 Security Update : java-11-openjdk (SUSE-SU-2026:0414-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0414-1 advisory. Upgrade to upstream tag jdk-11.0.30+7 January 2026 CPU Security fixes: - CVE-2026-21925: Fixed Oracle Java SE compone...

K000159956: Oracle Java SE vulnerability CVE-2018-2603

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability...