AlmaLinux 9 : java-17-openjdk (ALSA-2025:18821)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:18821 advisory. JDK: Enhance Path Factories CVE-2025-53066 JDK: Enhance Certificate Handling CVE-2025-53057 Bug Fixes: Since the 8.8 release of AlmaLinuxand the 9.2...

AlmaLinux 10 : java-21-openjdk (ALSA-2025:18824)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:18824 advisory. JDK: Enhance Path Factories CVE-2025-53066 JDK: Enhance Certificate Handling CVE-2025-53057 JDK: Enhance String Handling CVE-2025-61748 Tenable has...

SUSE SLED15: java-21-openjdk / java-21-openjdk-demo / java-21-openjdk-devel / etc (SUSE-SU-2025:3859-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3859-1 advisory. Update to upstream tag jdk-21.0.9+10 October 2025 CPU: - CVE-2025-53057: Fixed unauthenticated...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to several issues due to the Java package (CVE-2025-30749, CVE-2025-30754, CVE-2025-50059, CVE-2025-50106)

Summary Java is used by DataStage on Cloud Pak for Data as part of overall processing functionality. Vulnerability Details CVEID:CVE-2025-30749 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D...

EUVD-2025-36648

Jenkins Eggplant Runner Plugin protection mechanism disabled...

Jenkins Eggplant Runner Plugin protection mechanism disabled

Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb8 and earlier sets the Java system property jdk.http.auth.tunneling.disabledSchemes to an empty value as part of applying a proxy configuration. This disables a protection mechanism of the Java runtime addressing CVE-2016-5597. As of publicatio...

GHSA-W5R3-GR8W-7FJ5 Jenkins Eggplant Runner Plugin protection mechanism disabled

Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb8 and earlier sets the Java system property jdk.http.auth.tunneling.disabledSchemes to an empty value as part of applying a proxy configuration. This disables a protection mechanism of the Java runtime addressing CVE-2016-5597. As of publicatio...

Security update for java-21-openjdk

This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.9+10 October 2025 CPU: CVE-2025-53057: Fixed unauthenticated attacker can achieve unauthorized creation, deletion or modification access to critical data bsc1252414. CVE-2025-53066: Fixed unauthenticated...

SUSE-SU-2025:3859-1 Security update for java-21-openjdk

This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.9+10 October 2025 CPU: - CVE-2025-53057: Fixed unauthenticated attacker can achieve unauthorized creation, deletion or modification access to critical data bsc1252414. - CVE-2025-53066: Fixed unauthenticat...

CVE-2025-64135

Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb8 and earlier sets the Java system property jdk.http.auth.tunneling.disabledSchemes to an empty value, disabling a protection mechanism of the Java runtime...

CVE-2025-64135

Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb8 and earlier sets the Java system property jdk.http.auth.tunneling.disabledSchemes to an empty value, disabling a protection mechanism of the Java runtime...

CVE-2025-64135

Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb8 and earlier sets the Java system property jdk.http.auth.tunneling.disabledSchemes to an empty value, disabling a protection mechanism of the Java runtime...

CVE-2025-64135

Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb8 and earlier sets the Java system property jdk.http.auth.tunneling.disabledSchemes to an empty value, disabling a protection mechanism of the Java runtime...

SUSE SLES12: java-11-openjdk / java-11-openjdk-demo / java-11-openjdk-devel / etc (SUSE-SU-2025:3835-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3835-1 advisory. Upgrade to upstream tag jdk-11.0.29+7 October 2025 CPU: - CVE-2025-53057: Fixed unauthenticated attacker can achieve unauthorized creation,...

SUSE SLES15: python3-rhnlib / spacewalk-backend / spacewalk-backend-app / etc (SUSE-SU-2025:3826-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3826-1 advisory. susemanager-build-keys: - Update SUSE GPG key and make it available for Salt bsc1250911 susemanager-sls: - Version 4.3.50-0 Fix OS Family grain...

CVE-2025-12305

A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in deserialization. The attack can be executed remotely. The exploit has be...

Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.29+7 October 2025 CPU: CVE-2025-53057: Fixed unauthenticated attacker can achieve unauthorized creation, deletion or modification access to critical data bsc1252414. CVE-2025-53066: Fixed unauthenticated...

SUSE-SU-2025:3835-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.29+7 October 2025 CPU: - CVE-2025-53057: Fixed unauthenticated attacker can achieve unauthorized creation, deletion or modification access to critical data bsc1252414. - CVE-2025-53066: Fixed...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional

Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in July 2025, App Connect Professional has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-50106...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...