Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2025:0066-1

Опубликовано: 18 фев. 2025
Источник: suse-cvrf

Описание

Security update for java-11-openj9

This update for java-11-openj9 fixes the following issues:

  • Update to OpenJDK 11.0.26 with OpenJ9 0.49.0 virtual machine

  • Including Oracle October 2024 and January 2025 CPU changes

  • Update to OpenJDK 11.0.24 with OpenJ9 0.46.0 virtual machine

  • Including Oracle July 2024 CPU changes

    • CVE-2024-21131 (boo#1228046), CVE-2024-21138 (boo#1228047), CVE-2024-21140 (boo#1228048), CVE-2024-21144 (boo#1228050), CVE-2024-21147 (boo#1228052), CVE-2024-21145 (boo#1228051)
    • OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.46/

  • Update to OpenJDK 11.0.23 with OpenJ9 0.44.0 virtual machine

  • Including Oracle April 2024 CPU changes

    • CVE-2024-21012 (boo#1222987), CVE-2024-21094 (boo#1222986), CVE-2024-21011 (boo#1222979), CVE-2024-21085 (boo#1222984), CVE-2024-21068 (boo#1222983)

  • Including OpenJ9/OMR specific fix:

  • Update to OpenJDK 11.0.22 with OpenJ9 0.43.0 virtual machine

  • Including Oracle January 2024 CPU changes

    • CVE-2024-20918 (boo#1218907), CVE-2024-20919 (boo#1218903), CVE-2024-20921 (boo#1218905), CVE-2024-20926 (boo#1218906), CVE-2024-20945 (boo#1218909), CVE-2024-20952 (boo#1218911)
    • OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.43/

  • Remove the possibility to put back removes JavaEE modules, since our Java stack does not need this hack any more

  • Update to OpenJDK 11.0.21 with OpenJ9 0.41.0 virtual machine

  • Including Oracle October 2023 CPU changes

    • CVE-2023-22081, boo#1216374

  • Including Openj9 0.41.0 fixes of CVE-2023-5676, boo#1217214

  • Update to OpenJDK 11.0.20.1 with OpenJ9 0.40.0 virtual machine

    • JDK-8313765: Invalid CEN header (invalid zip64 extra data field size)

  • Update to OpenJDK 11.0.20 with OpenJ9 0.40.0 virtual machine

  • Including Oracle April 2023 CPU changes

    • CVE-2023-22006 (boo#1213473), CVE-2023-22036 (boo#1213474), CVE-2023-22041 (boo#1213475), CVE-2023-22045 (boo#1213481), CVE-2023-22049 (boo#1213482), CVE-2023-25193 (boo#1207922)
    • OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.40

  • Update to OpenJDK 11.0.19 with OpenJ9 0.38.0 virtual machine

  • Including Oracle April 2023 CPU changes

    • CVE-2023-21930 (boo#1210628), CVE-2023-21937 (boo#1210631), CVE-2023-21938 (boo#1210632), CVE-2023-21939 (boo#1210634), CVE-2023-21954 (boo#1210635), CVE-2023-21967 (boo#1210636), CVE-2023-21968 (boo#1210637)
    • OpenJ9 specific vulnerability: CVE-2023-2597 (boo#1211615)
    • OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.38

  • Update to OpenJDK 11.0.18 with OpenJ9 0.36.1 virtual machine

  • Update to OpenJDK 11.0.17 with OpenJ9 0.35.0 virtual machine

    • Including Oracle October 2022 CPU changes CVE-2022-21618 (boo#1204468), CVE-2022-21619 (boo#1204473), CVE-2022-21626 (boo#1204471), CVE-2022-21624 (boo#1204475), CVE-2022-21628 (boo#1204472), CVE-2022-39399 (boo#1204480)
    • Fixes OpenJ9 vulnerability boo#1204703, CVE-2022-3676
    • OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.35

  • Update to OpenJDK 11.0.16 with OpenJ9 0.33.0 virtual machine

  • Update to OpenJDK 11.0.15 with OpenJ9 0.32.0 virtual machine

    • Fixes boo#1198935, CVE-2021-41041: unverified methods can be invoked using MethodHandles
    • Including Oracle April 2022 CPU fixes CVE-2022-21426 (boo#1198672), CVE-2022-21434 (boo#1198674), CVE-2022-21443 (boo#1198675), CVE-2022-21476 (boo#1198671), CVE-2022-21496 (boo#1198673)
    • OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.32

  • Update to OpenJDK 11.0.14.1 with OpenJ9 0.30.1 virtual machine

    • including Oracle January 2022 CPU changes (boo#1194925, boo#1194926, boo#1194927, boo#1194928, boo#1194929, boo#1194930, boo#1194931, boo#1194932, boo#1194933, boo#1194934, boo#1194935, boo#1194937, boo#1194939, boo#1194940, boo#1194941)
    • OpenJ9 changes see https://www.eclipse.org/openj9/docs/version0.30.1

  • Update to OpenJDK 11.0.13 with OpenJ9 0.29.0 virtual machine

    • including Oracle July 2021 and October 2021 CPU changes (boo#1188564, boo#1188565, boo#1188566, boo#1191901, boo#1191909, boo#1191910, boo#1191911, boo#1191912, boo#1191913, boo#1191903, boo#1191904, boo#1191914, boo#1191906)
    • OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.29

  • Update to OpenJDK 11.0.11 with OpenJ9 0.26.0 virtual machine

  • Update to OpenJDK 11.0.10 with OpenJ9 0.24.0 virtual machine

Список пакетов

SUSE Package Hub 15 SP6
java-11-openj9-11.0.26.0-bp156.4.3.1
java-11-openj9-demo-11.0.26.0-bp156.4.3.1
java-11-openj9-devel-11.0.26.0-bp156.4.3.1
java-11-openj9-headless-11.0.26.0-bp156.4.3.1
java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1
java-11-openj9-jmods-11.0.26.0-bp156.4.3.1
java-11-openj9-src-11.0.26.0-bp156.4.3.1
openSUSE Leap 15.6
java-11-openj9-11.0.26.0-bp156.4.3.1
java-11-openj9-demo-11.0.26.0-bp156.4.3.1
java-11-openj9-devel-11.0.26.0-bp156.4.3.1
java-11-openj9-headless-11.0.26.0-bp156.4.3.1
java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1
java-11-openj9-jmods-11.0.26.0-bp156.4.3.1
java-11-openj9-src-11.0.26.0-bp156.4.3.1

Ссылки

Описание

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles.

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type.

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, when running with JVM option -Xgc:concurrentScavenge, the sequence generated for System.arrayCopy on the IBM Z platform with hardware and software support for guarded storage [1], could allow access to a buffer with an incorrect length value when executing an arraycopy sequence while the Concurrent Scavenge Garbage Collection cycle is active and the source and destination memory regions for arraycopy overlap. This allows read and write to addresses beyond the end of the array range.

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and 21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Затронутые продукты
SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1
SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1
Ссылки
Уязвимость openSUSE-SU-2025:0066-1