MiracleLinux 9 : java-11-openjdk-11.0.24.0.8-2.el9.ML.1 (AXSA:2024-8576:12)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8576:12 advisory. OpenJDK: RangeCheckElimination array index overflow 8323231 CVE-2024-21147 OpenJDK: potential UTF8 size overflow 8314794 CVE-2024-21131 OpenJDK:...

MiracleLinux 8 : java-11-openjdk-11.0.24.0.8-3.el8 (AXSA:2024-8581:14)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8581:14 advisory. OpenJDK: RangeCheckElimination array index overflow 8323231 CVE-2024-21147 OpenJDK: potential UTF8 size overflow 8314794 CVE-2024-21131 OpenJDK:...

MiracleLinux 9 : java-11-openjdk-11.0.23.0.9-3.el9.ML.1 (AXSA:2024-7717:10)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7717:10 advisory. OpenJDK: long Exception message leading to crash 8319851 CVE-2024-21011 OpenJDK: integer overflow in C1 compiler address generation 8322122...

MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.412.b08-1.el7 (AXSA:2024-7692:06)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7692:06 advisory. OpenJDK: long Exception message leading to crash 8319851 CVE-2024-21011 OpenJDK: integer overflow in C1 compiler address generation 8322122...

MiracleLinux 7 : java-11-openjdk-11.0.23.0.9-2.el7 (AXSA:2024-7701:06)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7701:06 advisory. OpenJDK: long Exception message leading to crash 8319851 CVE-2024-21011 OpenJDK: integer overflow in C1 compiler address generation 8322122...

EUVD-2009-2668

Malware in sbrugna...

Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file

...

commons-compress: OutOfMemoryError unpacking broken Pack200 file

An allocation of resources without limits or throttling vulnerability was found in Apache Commons Compress. This issue can lead to an out-of-memory error...

CLSA-2024-1732197150 Fix of 20 CVEs

Update to 8u432-ga fixing a number of CVEs - CVE-2024-20918: missing array range check in C1 compiler leads to out-of-bounds access - CVE-2024-20919: unverified bytecode execution because of the flaw in JVM class file verifier - CVE-2024-20921: optimization issue of loop range check in IfNode and...

USN-7096-1 openjdk-8 vulnerabilities

Andy Boothe discovered that the Networking component of OpenJDK 8 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. CVE-2024-21208 It was discovered that the Hotspot component of OpenJDK 8 did not...

Ubuntu: Security Advisory (USN-7096-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, & java-latest-openjdk packages fix security vulnerabilities

Potential UTF8 size overflow. CVE-2024-21131 Excessive symbol length can lead to infinite loop. CVE-2024-21138 Range Check Elimination RCE pre-loop limit overflow. CVE-2024-21140 Pack200 increase loading time due to improper header validation. CVE-2024-21144 Out-of-bounds access in 2D image...

SUSE-SU-2024:3183-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 8 Fix Pack 30 bsc1228346 - CVE-2024-21147: Fixed an array index overflow in RangeCheckElimination. bsc1228052 - CVE-2024-21145: Fixed an out-of-bounds access in 2D image handling. bsc1228051 -...

SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-ibm (SUSE-SU-2024:3162-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3162-1 advisory. - Update to Java 8.0 Service Refresh 8 Fix Pack 30 bsc1228346 - CVE-2024-21147: Fixed an array index overflow in...

SUSE-SU-2024:3162-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 8 Fix Pack 30 bsc1228346 - CVE-2024-21147: Fixed an array index overflow in RangeCheckElimination. bsc1228052 - CVE-2024-21145: Fixed an out-of-bounds access in 2D image handling. bsc1228051 -...

SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-openj9 (SUSE-SU-2024:3140-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3140-1 advisory. - Update to OpenJDK 8u422 build 05 with OpenJ9 0.46.0 virtual machine - CVE-2024-21147: Fixed an array index overflow in...

SUSE-SU-2024:3140-1 Security update for java-1_8_0-openj9

This update for java-180-openj9 fixes the following issues: - Update to OpenJDK 8u422 build 05 with OpenJ9 0.46.0 virtual machine - CVE-2024-21147: Fixed an array index overflow in RangeCheckElimination. bsc1228052 - CVE-2024-21145: Fixed an out-of-bounds access in 2D image handling. bsc1228051 -...

CLSA-2024-1724259268 java-1.8.0-openjdk: Fix of 6 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u422-b05. That fixes following CVEs: - CVE-2024-21131: UTF8 size overflow - CVE-2024-21138: Infinite loop vunlerability in SymbolTable - CVE-2024-21140: Int overflow/underflow in Range Check Elimination RCE - CVE-2024-21144: Invalid header...

openSUSE Security Advisory (SUSE-SU-2024:1498-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Content Navigator is vulnerable to Denial of Service (DoS) due to Apache Commons Compress (CVE-2024-26308, CVE-2024-25710)

Summary Apache Commons Compress is used by IBM Content Navigator to work with archive files. CVE-2024-26308, CVE-2024-25710 Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error. By persuading a victi...