EUVD-2023-42084

Malicious code in bioql PyPI...

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21145 DESCRIPTION: An unspecified vulnerability in Java SE related to the 2D component could allow a remote attacker to...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle July 2024 Critical Patch...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: A...

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management Core Framework.

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 Core Framework IF27 patch. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no...

SUSE-SU-2024:3183-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 8 Fix Pack 30 bsc1228346 - CVE-2024-21147: Fixed an array index overflow in RangeCheckElimination. bsc1228052 - CVE-2024-21145: Fixed an out-of-bounds access in 2D image handling. bsc1228051 -...

SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-ibm (SUSE-SU-2024:3162-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3162-1 advisory. - Update to Java 8.0 Service Refresh 8 Fix Pack 30 bsc1228346 - CVE-2024-21147: Fixed an array index overflow in...

SUSE-SU-2024:3162-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 8 Fix Pack 30 bsc1228346 - CVE-2024-21147: Fixed an array index overflow in RangeCheckElimination. bsc1228052 - CVE-2024-21145: Fixed an out-of-bounds access in 2D image handling. bsc1228051 -...

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: Eclipse Openj9 could allow a local authenticated attacker to bypass security restrictions, caused by the failure to restrict...

Moderate: Red Hat Security Advisory: java-1.8.0-ibm security update

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Multiple vulnerabilities in IBM Java SDK affect AIX

IBM SECURITY ADVISORY First Issued: Mon Jun 24 15:10:30 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/javajun2024advisory.asc Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a denial of service due to IBM Java SDK (CVE-2024-38264)

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a denial of service due to IBM Java SDK, Java Technology Edition. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-38264 DESCRIPTION: The IBM SDK, Jav...

Moderate: Red Hat Security Advisory: java-1.8.0-ibm security update

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RHEL 8 : java-1.8.0-ibm (RHSA-2024:3685)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3685 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to...

CVE-2023-38264

The IBM SDK, Java Technology Edition's Object Request Broker ORB 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: 260578...

CVE-2023-38264

The IBM SDK, Java Technology Edition's Object Request Broker ORB is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters...

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 2024 Critical Patch Update, plus CVE-2023-38264. For more information please refer to Oracle's April 2024 CPU Advisory and the X-Force database entries referenc...

JDK: unsafe deserialization flaw in the Object Request Broker (ORB)

A flaw was found in IBM SDK, Java Technology Edition, which could allow a remote attacker to execute arbitrary code on the system caused by an unsafe deserialization flaw. An attacker could exploit this vulnerability by sending specially-crafted data to execute arbitrary code on the system...

JDK: unsafe deserialization flaw in the Object Request Broker (ORB)

A flaw was found in IBM SDK, Java Technology Edition, which could allow a remote attacker to execute arbitrary code on the system caused by an unsafe deserialization flaw. An attacker could exploit this vulnerability by sending specially-crafted data to execute arbitrary code on the system...