ALT-PU-2022-7656-1
Package java-1.8.0-openjdk updated to version 1.8.0.332.b09-alt0_0.1.eajpp8 for branch sisyphus in task 298974.
Closed vulnerabilities
BDU:2022-02686
Уязвимость компонента Libraries программных платформ Java SE, виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2022-02839
Уязвимость компонента Libraries виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю модифицировать данные
BDU:2022-03794
Уязвимость компонента JNDI программной платформы Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных
BDU:2023-05186
Уязвимость компонента JAXP программной платформы Oracle Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-05187
Уязвимость компонента Libraries программной платформы Oracle Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-21426
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
- [debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update
- [debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update
- https://security.netapp.com/advisory/ntap-20220429-0006/
- https://security.netapp.com/advisory/ntap-20220429-0006/
- DSA-5128
- DSA-5128
- DSA-5131
- DSA-5131
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
Modified: 2024-11-21
CVE-2022-21434
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
- [debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update
- [debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update
- https://security.netapp.com/advisory/ntap-20220429-0006/
- https://security.netapp.com/advisory/ntap-20220429-0006/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- DSA-5128
- DSA-5128
- DSA-5131
- DSA-5131
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
Modified: 2024-11-21
CVE-2022-21443
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
- [debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update
- [debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update
- https://security.netapp.com/advisory/ntap-20220429-0006/
- https://security.netapp.com/advisory/ntap-20220429-0006/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- DSA-5128
- DSA-5128
- DSA-5131
- DSA-5131
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
Modified: 2024-11-21
CVE-2022-21476
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
- [debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update
- [debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update
- https://security.netapp.com/advisory/ntap-20220429-0006/
- https://security.netapp.com/advisory/ntap-20220429-0006/
- DSA-5128
- DSA-5128
- DSA-5131
- DSA-5131
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
Modified: 2024-11-21
CVE-2022-21496
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
- [debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update
- [debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update
- https://security.netapp.com/advisory/ntap-20220429-0006/
- https://security.netapp.com/advisory/ntap-20220429-0006/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- DSA-5128
- DSA-5128
- DSA-5131
- DSA-5131
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html