PT-2026-7986

Name of the Vulnerable Software and Affected Versions Apache Avro Java SDK versions through 1.11.4 and version 1.12.0 Description An Improper Control of Generation of Code 'Code Injection' issue exists in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. The flaw...

Apache Avro Java SDK 安全漏洞

The Apache Avro Java SDK is a data processing toolkit developed by the Apache Foundation. Versions of the Apache Avro Java SDK prior to 1.11.4 and 1.12.0 have security vulnerabilities. These vulnerabilities stem from improper control over the generation of specific record schema code from the...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.3.1.4)

The version of AOS installed on the remote host is prior to 7.3.1.4. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.3.1.4 advisory. - Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged...

SAP NetWeaver AS Java CRLF Injection (3673213)

The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a CRLF injection vulnerability as disclosed in the SAP Security Patch Day February 2026: - SAP NetWeaver Application Server Java is affected by a CRLF injection vulnerability. An attacker could exploit...

Security Bulletin: IBM Integration Designer is vulnerable to improper access control (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925 )

Summary Vulnerability in the IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVEs. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility (CVE-2025-1470, CVE-2025-1471)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 11 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-1470 DESCRIPTION: In...

SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2026:0441-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0441-1 advisory. - CVE-2026-21925: Fixed a vulnerability in the Oracle Java SE component RMI. bsc1257034 - CVE-2026-21932: Fixed a vulnerability in the Oracle...

Security Bulletin: Multiple vulnerabilities in IBM Planning Analytics

Summary Multiple vulnerabilities were addressed in IBM Planning Analytics Local. Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause no confidentiality impact, high integrity impac...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM shipped with IBM Buinses Automation Workflow (Januar 2026 CPU and CVE-2026-1188)

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server in IBM Business Automtation Workflow traditional. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: CVE-2026-21925: Fixed a vulnerability in the Oracle Java SE component RMI. bsc1257034 CVE-2026-21932: Fixed a vulnerability in the Oracle Java SE component AWT and JavaFX. bsc1257036 CVE-2026-21933: Fixed a vulnerability in the Oracle...

CVE-2026-23686

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...

CVE-2026-23685

Due to a Deserialization vulnerability in SAP NetWeaver JMS service, an attacker authenticated as an administrator with local access could submit specially crafted content to the server. If processed by the application, this content could trigger unintended behavior during internal logic executio...

SUSE SLES15 / openSUSE 15 Security Update : java-11-openjdk (SUSE-SU-2026:0414-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0414-1 advisory. Upgrade to upstream tag jdk-11.0.30+7 January 2026 CPU Security fixes: - CVE-2026-21925: Fixed Oracle Java SE compone...

SUSE SLES15 / openSUSE 15 Security Update : java-17-openjdk (SUSE-SU-2026:0415-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0415-1 advisory. Upgrade to upstream tag jdk-17.0.18+8 January 2026 CPU Security fixes: - CVE-2026-21925: Fixed Oracle Java SE compone...

K000159956: Oracle Java SE vulnerability CVE-2018-2603

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability...

Security Bulletin: Vulnerability in IBM® Java SDK affects IBM WebSphere Application Server and WebSphere Application Server Liberty shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)

Summary WebSphere Application Server and WebSphere Liberty is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server and WebSphere Liberty has been published in a security bulletin. Vulnerability...

Security update for java-17-openjdk

This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.18+8 January 2026 CPU Security fixes: CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034. CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036. CVE-2026-21933: Fixed Oracle...

SUSE-SU-2026:0415-1 Security update for java-17-openjdk

This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.18+8 January 2026 CPU Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034. - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036. - CVE-2026-21933: Fixed...

Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.30+7 January 2026 CPU Security fixes: CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034. CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036. CVE-2026-21933: Fixed Oracle...

SUSE-SU-2026:0414-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.30+7 January 2026 CPU Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034. - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036. - CVE-2026-21933: Fixed...