The vulnerability of the JavaFX component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows attackers to compromise the integrity of protected information.

The vulnerability of the JavaFX component of Oracle Java SE and the Oracle GraalVM Enterprise Edition platform exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to compromise the integrity of protected information...

Debian dsa-5604 : openjdk-11-dbg - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5604 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5604-1...

Oracle Linux 8 / 9 : java-11-openjdk (ELSA-2024-0266)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0266 advisory. 1:11.0.22.0.7-2.0.1 - Update to openjdk-11.0.22+7 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Important: java-1.8.0-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

The vulnerability of the Scripting component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Scripting component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized...

The vulnerability of the JavaFX virtual machine Oracle GraalVM Enterprise Edition and the Oracle Java SE software platform allows a perpetrator to gain access to read, modify, or delete data.

The vulnerability of the JavaFX virtual machine Oracle GraalVM Enterprise Edition and the Oracle Java SE software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to read, modify, or delete data...

Oracle Linux 8 / 9 : java-17-openjdk (ELSA-2024-0267)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0267 advisory. 1:17.0.10.0.7-2.0.1 - Rebase to 17.0.10.0.7 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

Important: java-1.8.0-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

Important: java-1.8.0-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

AlmaLinux 8 : java-21-openjdk (ALSA-2024:0248)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0248 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

AlmaLinux 9 : java-17-openjdk (ALSA-2024:0267)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0267 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

Oracle Linux 9 : java-21-openjdk (ELSA-2024-0249)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0249 advisory. 1:21.0.2.0.13-1.0.1 - Add Oracle vendor bug URL 1:21.0.2.0.13-1 - Rebase to 21.0.2.0.13 Tenable has extracted the preceding description block directly...

AlmaLinux 9 : java-11-openjdk (ALSA-2024:0266)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0266 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

AlmaLinux 9 : java-1.8.0-openjdk (ALSA-2024:0265)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0265 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

AlmaLinux 9 : java-21-openjdk (ALSA-2024:0249)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0249 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

Amazon Linux 2 : java-11-amazon-corretto (ALAS-2024-2414)

The version of java-11-amazon-corretto installed on the remote host is prior to 11.0.22+7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2414 advisory. A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even...

Amazon Linux 2023 : java-1.8.0-amazon-corretto, java-1.8.0-amazon-corretto-devel (ALAS2023-2024-482)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-482 advisory. 2024-05-03: The severity of this advisory has been changed from important to low. 2024-05-02: CVE-2024-20918 was removed from this advisory. 2024-05-02: CVE-2024-20919 was removed from this advisory...

Amazon Linux 2023 : java-17-amazon-corretto, java-17-amazon-corretto-devel, java-17-amazon-corretto-headless (ALAS2023-2024-483)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-483 advisory. A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option --no-java was set. CVE-2024-20918 With carefully crafted custom bytecode...

Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2024-009)

The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0402.b06-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2CORRETTO8-2024-009 advisory. 2024-05-03: The severity of this advisory has been changed from important to low. 2024-05-02:...