java-17-openj9-17.0.19.0-2.1 on GA media (moderate)

java-17-openj9-17.0.19.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10789-1 Rating: moderate Cross-References: CVE-2026-1188 CVSS scores: CVE-2026-1188 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can...

java-11-openj9-11.0.31.0-2.1 on GA media (moderate)

java-11-openj9-11.0.31.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10788-1 Rating: moderate Cross-References: CVE-2026-1188 CVSS scores: CVE-2026-1188 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can...

java-1_8_0-openj9-1.8.0.492-2.1 on GA media (moderate)

java-180-openj9-1.8.0.492-2.1 on GA media Announcement ID: openSUSE-SU-2026:10790-1 Rating: moderate Cross-References: CVE-2026-1188 CVSS scores: CVE-2026-1188 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability ca...

java-21-openj9-21.0.11.0-2.1 on GA media (moderate)

java-21-openj9-21.0.11.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10791-1 Rating: moderate Cross-References: CVE-2026-1188 CVSS scores: CVE-2026-1188 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can...

OPENSUSE-SU-2026:10789-1 java-17-openj9-17.0.19.0-2.1 on GA media

These are all security issues fixed in the java-17-openj9-17.0.19.0-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10790-1 java-1_8_0-openj9-1.8.0.492-2.1 on GA media

These are all security issues fixed in the java-180-openj9-1.8.0.492-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10791-1 java-21-openj9-21.0.11.0-2.1 on GA media

These are all security issues fixed in the java-21-openj9-21.0.11.0-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10788-1 java-11-openj9-11.0.31.0-2.1 on GA media

These are all security issues fixed in the java-11-openj9-11.0.31.0-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10792-1 java-25-openj9-25.0.3.0-2.1 on GA media

These are all security issues fixed in the java-25-openj9-25.0.3.0-2.1 package on the GA media of openSUSE Tumbleweed...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

Summary Multiple Vulnerabilities were disclosed as part of the Oracle January 2026 Critical Patch Update. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to cau...

Security Bulletin: IBM Cognos Analytics is affected by multiple security vulnerabilities

Summary There are vulnerabilities in multiple Open-Source Software OSS components consumed by IBM Cognos Analytics. Please review the below vulnerabilities and take necessary remediation actions. This Security Bulletin relates only to the direct usage of third-party components by IBM Cognos...

Apache Camel: camel-jms: camel-sjms: camel-sjms2: camel-amqp: camel-activemq: camel-activemq6: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage

A flaw was found in Apache Camel. A remote attacker could exploit a deserialization vulnerability by sending a specially crafted Java Message Service JMS ObjectMessage to a Camel application acting as a JMS consumer. This vulnerability arises because the application deserializes the message paylo...

bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...

Apache Kafka Clients: Apache Kafka Clients: Information disclosure and data corruption due to race condition in producer buffer management

A flaw was found in the Apache Kafka Java producer client. A race condition in the client's buffer pool management can cause messages to be silently delivered to incorrect topics. This occurs when a message batch expires while its network request is still active, leading to premature buffer...

bouncycastle: BC-JAVA: unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpg. A specially crafted PGP AEAD Authenticated Encryption with Associated Data message with an unbounded chunk size can lead to an excessive consumption of memory. This issue allows an unauthenticated remote attacker to cause memory...

bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The LDAPStoreHelper implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying...

GHSA-RCGG-9C38-7XPX OpenTelemetry Java SDK has Unbounded Memory Allocation in W3C Baggage Propagation

Overview A vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators. Parsing oversized baggage causes unbounded memory allocation and CPU consumption. Because baggage is automatically re-injected into every outgoing request, t...

Security Bulletin: Security vulnerability in Java affects IBM Robotic Process Automation

Summary A security vulnerability in Java affects IBM Robotic Process Automation. Java is used by IBM Robotic Process Automation as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is...

ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +2938 more potentially affected by CVE-2026-45205 via org.apache.commons:commons-configuration2 (>=2.0 <=2.14.0)

org.apache.commons:commons-configuration2 MAVEN version =2.0, =0.31.0, =0.1.9, =0.1.9, =0.1.9, =3.30.1.1, =3.10.0.5, =3.10.0.7, =0.2.3.5, =0.1.9, =1.2.3, =1.2.3, =3.0.0-ALPHA1, =2.0.0, =2.4.1 and more Source cves: CVE-2026-45205 Source advisory: SNYK:JAVA-ORGAPACHECOMMONS-16690473...

offsec-skills

offsec-exploit-research Elite adaptive whitebox exploit resea...