164 matches found
OpenJDK: Pack200 increase loading time due to improper header validation (8322106)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Concurrency. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability...
Important: Red Hat Security Advisory: OpenJDK 11.0.24 Security Update for Windows Builds
An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...
OpenJDK: Pack200 increase loading time due to improper header validation (8322106)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Concurrency. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability...
Important: Red Hat Security Advisory: java-11-openjdk security update
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Security Bulletin: Apache Commons Compress vulnerability affect IBM Spectrum Control
Summary Apache Commons Compress is vulnerable to a denial of service. This vulnerability affect IBM Spectrum Control. CVE-2024-25710, CVE-2024-26308, CVE-2023-42503. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an...
SUSE-SU-2024:1498-2 Security update for java-11-openjdk
This update for java-11-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging JDK-8319851,bsc1222979 - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup JDK-8315708,bsc1222987 -...
USN-6811-1 openjdk-lts vulnerabilities
It was discovered that the Hotspot component of OpenJDK 11 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. CVE-2024-21011 It was discovered that OpenJDK 11 incorrectly performed reverse DNS query...
USN-6811-1: OpenJDK 11 vulnerabilities
It was discovered that the Hotspot component of OpenJDK 11 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. CVE-2024-21011 It was discovered that OpenJDK 11 incorrectly performed reverse DNS query...
USN-6810-1 openjdk-8 vulnerabilities
It was discovered that the Hotspot component of OpenJDK 8 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. CVE-2024-21011 Vladimir Kondratyev discovered that the Hotspot component of OpenJDK 8...
USN-6810-1: OpenJDK 8 vulnerabilities
It was discovered that the Hotspot component of OpenJDK 8 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. CVE-2024-21011 Vladimir Kondratyev discovered that the Hotspot component of OpenJDK 8...
commons-compress: OutOfMemoryError unpacking broken Pack200 file
An allocation of resources without limits or throttling vulnerability was found in Apache Commons Compress. This issue can lead to an out-of-memory error...
Moderate: Red Hat Security Advisory: Service Registry (container images) release and security update [2.5.11 GA]
An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Apache Commons Compress [CVE-2024-26308]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Apache Commons Compress, caused by an out of memory error CVE-2024-26308. Apache Commons Compress is used as part of our Speech runtimes. This vulnerabilitiy has been addressed. Please...
RHEL 8 / 9 : java-11-openjdk (RHSA-2024:1822)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1822 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security...
OpenJDK: Pack200 excessive memory allocation (8322114)
A flaw was found in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Concurrency. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition...
Moderate: Red Hat Security Advisory: java-11-openjdk security update
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.4 Advance...
OpenJDK: Pack200 excessive memory allocation (8322114)
A flaw was found in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Concurrency. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition...
(RHSA-2024:1948) Important: Red Hat Build of Apache Camel 3.18 for Quarkus 2.13 is now available (updates to RHBQ 2.13.9.SP2)
An update for Red Hat Build of Apache Camel 3.18 for Quarkus 2.13 is now available updates to RHBQ 2.13.9.SP2. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products: TRIAGE...
Security Bulletin: IBM i Access Client Solutions is vulnerable to an infinite loop or out of memory error due to vulnerabilities in Apache Commons Compress.
Summary IBM i Access Client Solutions is vulnerable to an infinite loop CVE-2024-25710 or an out of memory error CVE-2024-26308 in Apache Commons Compress. Apache Commons Compress is used by the Data Transfer feature of IBM i Access Client Solutions when transferring data from reading xls and xls...
OpenJDK: Pack200 excessive memory allocation (8322114)
A flaw was found in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Concurrency. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition...