6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.004 Low
EPSS
Percentile
74.8%
The updated packages fix several bugs and some security issues: Missing restrictions on use of custom SocketImpl (Networking, 8218573). (CVE-2019-2945) Improper handling of Kerberos proxy credentials (Kerberos, 8220302). (CVE-2019-2949) NULL pointer dereference in DrawGlyphList (2D, 8222690). (CVE-2019-2962) Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684). (CVE-2019-2964) Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505). (CVE-2019-2973) Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518). (CVE-2019-2975) Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892). (CVE-2019-2978) Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532). (CVE-2019-2981) Unexpected exception thrown during Font object deserialization (Serialization, 8224915). (CVE-2019-2983) Missing glyph bitmap image dimension check in FreetypeFontScaler (2D, 8225286). (CVE-2019-2987) Integer overflow in bounds check in SunGraphics2D (2D, 8225292). (CVE-2019-2988) Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298). (CVE-2019-2989) Excessive memory allocation in CMap when reading TrueType font (2D, 8225597). (CVE-2019-2992) Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765). (CVE-2019-2999)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 7 | noarch | java | < 1.8.0-openjdk-1.8.0.232-1.b09.2 | java-1.8.0-openjdk-1.8.0.232-1.b09.2.mga7 |
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.004 Low
EPSS
Percentile
74.8%