Vulnerabilities (CVE)

Vendor filter

Eclipse Subscribe

Product filter

Openj9 Subscribe


6 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-11771 1 Eclipse 1 Openj9 2019-10-09 4.6
AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
CVE-2018-12548 1 Eclipse 1 Openj9 2019-10-09 7.5
In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code.
CVE-2018-12539 2 Eclipse, Oracle 2 Openj9, Enterprise Manager Base Platform 2019-10-09 4.6
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted...
CVE-2019-11772 1 Eclipse 1 Openj9 2019-09-02 7.5
In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], int) method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by the JIT. This allows arbitrary writes to any...
CVE-2019-11775 1 Eclipse 1 Openj9 2019-08-15 5.8
All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we...
CVE-2018-12549 2 Eclipse, Redhat 5 Openj9, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2019-05-16 7.5
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.