Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:eclipse:openj9:0.22.0:milestone1:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-5676 |
In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing. Published: November 15, 2023; 9:15:07 AM -0500 |
V3.1: 5.9 MEDIUM V2.0:(not available) |
CVE-2023-2597 |
In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer. Published: May 22, 2023; 8:15:09 AM -0400 |
V3.1: 9.1 CRITICAL V2.0:(not available) |
CVE-2022-3676 |
In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type. Published: October 24, 2022; 10:15:51 AM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2021-41041 |
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. Published: April 26, 2022; 10:15:38 PM -0400 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2021-41035 |
In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. Published: October 25, 2021; 11:15:07 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2021-28167 |
In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a user to observe uninitialized values. Published: April 21, 2021; 2:15:08 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 6.4 MEDIUM |
CVE-2020-27221 |
In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. Published: January 21, 2021; 12:15:10 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |