Vulnerabilities > Eclipse > Openj9 > 0.28.0

DATE CVE VULNERABILITY TITLE RISK
2023-11-15 CVE-2023-5676 Race Condition vulnerability in Eclipse Openj9
In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.
network
high complexity
eclipse CWE-362
5.9
2023-05-22 CVE-2023-2597 Out-of-bounds Read vulnerability in Eclipse Openj9
In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.
network
low complexity
eclipse CWE-125
critical
9.1
2022-10-24 CVE-2022-3676 Type Confusion vulnerability in Eclipse Openj9
In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check.
network
low complexity
eclipse CWE-843
6.5
2022-04-27 CVE-2021-41041 Unchecked Return Value vulnerability in multiple products
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles.
network
low complexity
eclipse oracle CWE-252
5.0
2021-10-25 CVE-2021-41035 Unspecified vulnerability in Eclipse Openj9
In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.
network
low complexity
eclipse
7.5