GHSA-5269-8F5R-Q5C5 vulnerabilities

Vulnerabilities for packages: openjdk-17-openj9, openjdk-21-openj9, openjdk-11-openj9, openjdk-25-openj9, openjdk-26-openj9, openjdk-8-openj9...

GHSA-8G4V-8WP4-4XF6 vulnerabilities

Vulnerabilities for packages: openjdk-17-openj9, openjdk-21-openj9, openjdk-11-openj9, openjdk-25-openj9, openjdk-26-openj9, openjdk-8-openj9...

GHSA-XVGR-78MP-2MG2 vulnerabilities

Vulnerabilities for packages: openjdk-17-openj9, openjdk-21-openj9, openjdk-11-openj9, openjdk-25-openj9, openjdk-26-openj9, openjdk-8-openj9...

OpenJDK 8 <= 8u432 / 11.0.0 <= 11.0.25 / 17.0.0 <= 17.0.13 / 21.0.0 <= 21.0.5 / 23.0.0 <= 23.0.1 Vulnerability (2025-01-21)

The version of OpenJDK installed on the remote host is 8 prior to 8u432 / 11.0.0 prior to 11.0.25 / 17.0.0 prior to 17.0.13 / 21.0.0 prior to 21.0.5 / 23.0.0 prior to 23.0.1. It is, therefore, affected by a vulnerability as referenced in the 2025-01-21 advisory. Please Note: Java CVEs do not alwa...

Azul Zulu Java Vulnerability (2025-01-21)

The version of Azul Zulu installed on the remote host is 11 prior to 11.77.14 / 17 prior to 17.55.14 / 21 prior to 21.39.14 / 23 prior to 23.32.12. It is, therefore, affected by a vulnerability as referenced in the 2025-01-21 advisory. Note that Nessus has not tested for this issue but has instea...

Oracle OpenJDK 8.x - 11.x Vulnerability (Jul 2024)

Oracle OpenJDK is prone to a vulnerability in the core-libs/java.util component. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SUSE CVE-2013-0432

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE...

SUSE CVE-2013-1475

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors relat...

PT-2021-13863 · Oracle · Openjdk

Name of the Vulnerable Software and Affected Versions: openjdk versions 1.8 through 11 Description: An insecure modification flaw in the /etc/passwd file allows an attacker with access to the container to modify the /etc/passwd and escalate their privileges. The highest threat from this issue is ...

OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997)

Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java...

OpenJDK: MBeanInstantiator insufficient class access checks (JMX, 8006435)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous...

OpenJDK: JDBC driver manager improper toString calls (CanSecWest 2013, Libraries, 8009814)

The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James...

OpenJDK JRE AWT setDifflCM stack overflow (6872357)

Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit AWT in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote...