Lucene search
K

10 matches found

CVE
CVE
added 2022/04/27 2:10 a.m.199 views

CVE-2021-41041

CVE-2021-41041 affects Eclipse OpenJ9 (Java VM) prior to 0.32.0. When bytecode verification is triggered by a MethodHandle invocation, the exception raised during verification may not be thrown, allowing unverified methods to be invoked via MethodHandles. This creates a potential for untrusted co...

5.3CVSS5.3AI score0.00985EPSS
CVE
CVE
added 2023/11/15 2:2 p.m.188 views

CVE-2023-5676

CVE-2023-5676 : In Eclipse OpenJ9, prior to 0.41.0, receiving a shutdown signal (SIGTERM, SIGINT, or SIGHUP) before JVM initialization can cause the JVM to enter an infinite busy-wait on a spinlock or crash with a segmentation fault. Affected component: OpenJ9 JVM; root cause: signal handler race...

5.9CVSS5.4AI score0.00406EPSS
CVE
CVE
added 2022/10/24 12:0 a.m.157 views

CVE-2022-3676

CVE-2022-3676 : Eclipse OpenJ9 before 0.35.0 allows inlining of interface calls without a runtime type check, enabling malicious bytecode to access or modify memory via an incompatible type. Primary impact is memory access/modify; CVSS indicates network access, no user interaction, low confidenti...

6.5CVSS6.2AI score0.00589EPSS
CVE
CVE
added 2019/04/19 1:43 p.m.150 views

CVE-2019-10245

CVE-2019-10245 affects Eclipse OpenJ9 where the Java bytecode verifier could allow a method to run past the end of a bytecode array, potentially crashing the JVM. The issue is fixed in OpenJ9 release 0.14.0 and later, which correctly rejects the problematic class load. Public references in the pr...

7.5CVSS7.6AI score0.02492EPSS
CVE
CVE
added 2023/05/22 12:0 a.m.149 views

CVE-2023-2597

CVE-2023-2597: OpenJ9 before 0.38.0 is affected; in the shared cache, string size is not checked against buffer size, enabling a buffer overflow. Affected: Eclipse OpenJ9; root cause: insufficient bound check in getCachedUTFString()/shared cache path. Impact: potential code execution or crash. Re...

9.1CVSS9AI score0.00422EPSS
CVE
CVE
added 2019/02/11 3:0 p.m.147 views

CVE-2018-12547

The CVE-2018-12547 issue affects Eclipse OpenJ9 where jio_snprintf() and jio_vsnprintf() fail to honor the input length, allowing buffer overflow. IBM advisories corroborate this vulnerability (CVE-2018-12547) within IBM Java SDK/JVM ecosystems and list affected IBM products (SAN Volume Controlle...

9.8CVSS7AI score0.02744EPSS
CVE
CVE
added 2021/10/25 3:5 p.m.142 views

CVE-2021-41035

CVE-2021-41035 affects Eclipse OpenJ9 prior to 0.29.0. The root cause is that the JVM does not throw IllegalAccessError for MethodHandles invoking inaccessible interface methods. This could allow a remote attacker to gain elevated privileges and execute arbitrary code on the system; exploitation ...

9.8CVSS9.4AI score0.01696EPSS
CVE
CVE
added 2019/07/17 8:17 p.m.124 views

CVE-2019-11772

CVE-2019-11772 affects OpenJ9 (prior to 0.15). The vulnerability is an out-of-bounds write in String.getBytes invoked by JIT, allowing a local attacker to write memory at arbitrary 32-bit addresses or beyond the end of a byte array when Java runs under a SecurityManager. IBM/IBM X-Force entries t...

9.8CVSS8.4AI score0.02098EPSS
CVE
CVE
added 2019/07/30 1:45 p.m.104 views

CVE-2019-11775

CVE-2019-11775 refers to a bug in Eclipse OpenJ9 prior to 0.15 where the loop versioner may fail to privatize a value pulled from a loop, potentially causing out-of-bounds access. IBM bulletin context ties this to IBM Cloud Transformation Advisor (and other IBM/JVM surfaces) with a targeted remed...

7.4CVSS8.2AI score0.01468EPSS
CVE
CVE
added 2019/07/17 8:17 p.m.89 views

CVE-2019-11771

CVE-2019-11771 details (NORMAL). Eclipse OpenJ9 in AIX builds prior to 0.15.0 contains unused RPATHs, enabling a local attacker to inject code and achieve privilege elevation. This risk is tied to IBM/OpenJ9/OpenJDK deployments on IBM products. Remediation is to upgrade to OpenJ9/IBM Java SDK 0.1...

7.8CVSS7.9AI score0.00394EPSS