CVE-2026-6918

CVE-2026-6918 affects Eclipse OpenJ9/JITServer. Versions 0.21–0.58 are vulnerable to a pre-auth remote crash triggered by a 32-byte crafted TCP message. The description does not provide exploit details or remediation. No further concrete impact or patch information is available in the connected d...

EUVD-2019-7949

Malware in sbrugna...

EUVD-2023-34071

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-41041

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a...

CVE-2022-3676

In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type...

CVE-2025-4447

CVE-2025-4447 concerns Eclipse OpenJ9: when used with OpenJDK 8, OpenJ9 versions up to 0.51 may experience a stack-based buffer overflow caused by modifying a file on disk that is read at JVM startup. The IBM/Cloud Pak security notes in the connected documents corroborate that this CVE is referen...

Security Bulletin: IBM Sterling Connect:Direct for Unix is vulnerable to denial of service and arbitrary code execution attacks due to IBM Runtime Environment Java Technology Edition Version 17

Summary IBM Java 17 is used by IBM Sterling Connect:Direct for Unix in product configuration and management. IBM Sterling Connect:Direct for Unix is impacted by denial of service and arbitrary code execution attacks due to IBM Java 17. IBM Sterling Connect:Direct for Unix has upgraded IBM Java 17...

Security Bulletin: Security Vulnerabilities have been identified in IBM Java Runtime as shipped with Tivoli Federated Identity Manager

Summary IBM Java Runtime as shipped with Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IBM Java Runtime have been published in a security bulletin. Vulnerability Details CVEID:CVE-2019-2766 DESCRIPTION: Vulnerability in the Java SE, Java SE Embedded...

PT-2024-28452

Name of the Vulnerable Software and Affected Versions Eclipse OpenJ9 versions 0.13.0 through 0.43.0 Description The issue occurs when running Eclipse OpenJ9 with the JVM option -Xgc:concurrentScavenge on the IBM Z platform, which has hardware and software support for guarded storage. This allows...

Eclipse OpenJ9 Competition Condition Issue Vulnerability

Eclipse OpenJ9 is a Java application engine from the Eclipse Foundation. It is primarily used to run Java applications. A security vulnerability exists in Eclipse OpenJ9 versions prior to 0.41.0, which stems from the fact that if a shutdown signal is received before the JVM completes...

Security Bulletin: IBM Workload Scheduler potentially affected by vulnerability in Eclipse Openj9 (CVE-2021-41041)

Summary Eclipse Openj9 is vulnerable to attacks bypassing security restrictions that can potentially affect IBM Workload Scheduler 9.5 and IBM Workload Scheduler 10.1 Vulnerability Details CVEID:CVE-2021-41041 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security...

Unspecified Vulnerability in Eclipse OpenJ9

Eclipse OpenJ9 is a Java application engine from the Eclipse Foundation. The product is primarily used to run Java applications. A security vulnerability exists in Eclipse Openj9 version 0.25, which stems from the fact that the jdk.internal.reflect.ConstantPool API causes the JVM to pre-parse...

Security Bulletin: A vulnerability in IBM Java affects IBM ILOG CPLEX Optimization Studio (CVE-2020-27221)

Summary There is a vulnerability in IBM® Java™ versions 7 & 8 used by IBM CPLEX Optimization Studio. IBM CPLEX Optimization Studio has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-27221 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. Vulnerability Details CVEID: CVE-2020-14621...

The vulnerability of the String.getBytes(int, int, byte[], int) method in the Eclipse OpenJ9 virtual machine allows a attacker to execute arbitrary code.

The vulnerability of the String.getBytesint, int, byte, int method in the Eclipse OpenJ9 virtual machine is related to writing data beyond the buffer boundaries. Exploiting this vulnerability may allow a malicious actor to execute arbitrary code remotely...

JDK: Out-of-bounds access in the String.getBytes method

In Eclipse OpenJ9 prior to 0.15, the String.getBytesint, int, byte, int method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by the JIT. This allows arbitrary writes to any 32-bit address or beyond the end of a byte array within Ja...