GHSA-GVGC-RXMH-5HVW Apache Tomcat affected by infinite loop in Double.parseDouble method in Java Runtime Environment

The Double.parseDouble method in Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.229 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a...

Debian DLA-3006-1 : openjdk-8 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3006 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle...

GHSA-7J4H-8WPF-RQFH Missing XML Validation in Apache Xerces2

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment JRE in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlie...

Oracle Java SE Authentication Bypass (CVE-2022-21449)

An authentication bypass vulnerability exists in Oracle Java SE. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to an unspecified vulnerability in Java SE ( CVE-2022-21277)

Summary An unspecified vulnerability in Oracle Java SE - CVE-2022-21277 related to the ImageIO component has been identified that affects IBM Watson Assistant for IBM Cloud Pak for Data. Java SE is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its platform for developement of...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to an unspecified vulnerability in oracle Java SE ( CVE-2022-21283)

Summary An unspecified vulnerability in Oracle Java SE - CVE-2022-21283 related to the Libraries component has been identified that affects IBM Watson Assistant for IBM Cloud Pak for Data. Oracle Java SE is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its platform for...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to an unspecified vulnerability in Oracle Java SE ( CVE-2022-21296)

Summary An unspecified vulnerability in Oracle Java SE - CVE-2022-21296 related to the JAXP component has been identified that affects IBM Watson Assistant for IBM Cloud Pak for Data.Oracle Java SE is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its platform for developement...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to an unspecified vulnerability in Oracle Java SE ( CVE-2022-21366)

Summary An unspecified vulnerability in Oracle Java SE - CVE-2022-21366 related to the ImageIO component has been identified that affects IBM Watson Assistant for IBM Cloud Pak for Data. Oracle Java SE is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its platform for...

Debian DSA-5128-1 : openjdk-17 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5128 advisory. Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in information disclosure, incorrect validation of ECDSA signatures or...

Debian DSA-5131-1 : openjdk-11 - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5131 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are...

SUSE SLED15: java-11-openjdk / java-11-openjdk-accessibility / etc (SUSE-SU-2022:1513-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1513-1 advisory. - CVE-2022-21426: Fixed Oracle Java SE compromission via unauthenticated attacker with network...

SUSE-SU-2022:1513-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: - CVE-2022-21426: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols bsc1198672. - CVE-2022-21434: Fixed Oracle Java SE compromission via unauthenticated attacker with network acces...

Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2022-002)

The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0332.b08-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2022-002 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle...

SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2022:1474-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1474-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported...

SUSE-SU-2022:1474-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: - CVE-2022-21426: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols bsc1198672. - CVE-2022-21434: Fixed Oracle Java SE compromission via unauthenticated attacker with network acces...

IBM Java 6.0 < 6.0.16.41 / 6.1 < 6.1.8.41 / 7.0 < 7.0.10.1 / 7.1 < 7.1.4.1 / 8.0 < 8.0.4.1 Multiple Vulnerabilities

The version of IBM Java installed on the remote host is prior to 6.0 6.0.16.41 / 6.1 6.1.8.41 / 7.0 7.0.10.1 / 7.1 7.1.4.1 / 8.0 8.0.4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle January 17 2017 CPU advisory. - The DES and Triple DES ciphers, as used in t...

IBM Java 7.0 < 7.0.10.45 / 7.1 < 7.1.4.45 / 8.0 < 8.0.5.35 Multiple Vulnerabilities

The version of IBM Java installed on the remote host is prior to 7.0 7.0.10.45 / 7.1 7.1.4.45 / 8.0 8.0.5.35. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle April 16 2019 CPU advisory. - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE...

IBM Java 7.0 < 7.0.10.85 / 7.1 < 7.1.4.85 / 8.0 < 8.0.6.30 / 11.0 < 11.0.11.0 Multiple Vulnerabilities

The version of IBM Java installed on the remote host is prior to 7.0 7.0.10.85 / 7.1 7.1.4.85 / 8.0 8.0.6.30 / 11.0 11.0.11.0. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle April 20 2021 CPU advisory. - Vulnerability in the Java SE, Java SE Embedded, Oracle...

IBM Java 6.0 < 6.0.16.75 / 6.1 < 6.1.8.75 / 7.0 < 7.0.10.35 / 7.1 < 7.1.4.35 / 8.0 < 8.0.5.25 Multiple Vulnerabilities

The version of IBM Java installed on the remote host is prior to 6.0 6.0.16.75 / 6.1 6.1.8.75 / 7.0 7.0.10.35 / 7.1 7.1.4.35 / 8.0 8.0.5.25. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle October 16 2018 CPU advisory. - Vulnerability in the Java SE, Java SE...

IBM Java 6.0 < 6.0.16.70 / 6.1 < 6.1.8.70 / 7.0 < 7.0.10.30 / 7.1 < 7.1.4.30 / 8.0 < 8.0.5.20 Multiple Vulnerabilities (Jul 17, 2018)

The version of IBM Java installed on the remote host is prior to 6.0 6.0.16.70 / 6.1 6.1.8.70 / 7.0 7.0.10.30 / 7.1 7.1.4.30 / 8.0 8.0.5.20. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle July 17 2018 CPU advisory. - Vulnerability in the Java SE, Java SE Embedd...