Ubuntu 25.04 : CRaC JDK 17 vulnerabilities (USN-7672-1)

The remote Ubuntu 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7672-1 advisory. It was discovered that the 2D component of CRaC JDK 17 did not properly manage memory under certain circumstances. An attacker could possibly use this issue ...

USN-7672-1: CRaC JDK 17 vulnerabilities

It was discovered that the 2D component of CRaC JDK 17 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2025-30749, CVE-2025-50106 VMashroor Hasan Bhuiyan discovered that the JSSE...

USN-7533-1: CRaC JDK 17 vulnerabilities

Alicja Kario discovered that the JSSE component of CRaC JDK 17 incorrectly handled RSA padding. An attacker could possibly use this issue to obtain sensitive information. CVE-2025-21587 It was discovered that the Compiler component of CRaC JDK 17 incorrectly handled compiler transformations. An...

Ubuntu 24.10 / 25.04 : CRaC JDK 17 vulnerabilities (USN-7533-1)

The remote Ubuntu 24.10 / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7533-1 advisory. Alicja Kario discovered that the JSSE component of CRaC JDK 17 incorrectly handled RSA padding. An attacker could possibly use this issue to obtain...

USN-7338-1: CRaC JDK 17 vulnerabilities

Andy Boothe discovered that the Networking component of CRaC JDK 17 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. CVE-2024-21208 It was discovered that the Hotspot component of CRaC JDK 17 did no...

PT-2025-42963

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25 Oracle GraalVM for JDK versions 17.0.16 and 21.0.8 Oracle GraalVM Enterprise Edition version 21.3.15 Description An issue exists in the Oracle Java SE, Oracle GraalVM for...

Exploit for Improper Control of Dynamically-Managed Code Resources in Apache Solr

Apache-Solr-RCECVE-2023-50386POC Apache Solr Backup/Restor...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : OpenJDK 8 vulnerabilities (USN-6528-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6528-1 advisory. It was discovered that the HotSpot VM implementation in OpenJDK did not properly validate bytecode...

How to train your Ghidra

Getting started with Ghidra For about two decades, being a reverse engineer meant that you had to master the ultimate disassembly tool, IDA Pro. Over the years, many other tools were created to complement or directly replace it, but only a few succeeded. Then came the era of decompilation, adding...

An update on Java 17+ adoption

As a follow-up to my blog post from last years SpringOne, it is time for an update on our Java 17+ baseline efforts! We established the new baseline on our main branches, with a few milestones out already. The feedback has been very positive, not only in terms of framework improvements but also i...