Lucene search
Copyright (C) 2021 Greenbone AGOPENVAS:1361412562311220212335HistorySep 04, 2021 - 12:00 a.m.
Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2021-2335)
2021-09-0400:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
The remote host is missing an update for the Huawei EulerOS
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2021.2335");
script_cve_id("CVE-2019-2766", "CVE-2021-2161");
script_tag(name:"creation_date", value:"2021-09-04 02:25:52 +0000 (Sat, 04 Sep 2021)");
script_version("2024-02-05T14:36:56+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:56 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2021-05-04 09:03:48 +0000 (Tue, 04 May 2021)");
script_name("Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2021-2335)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP5");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2021-2335");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2021-2335");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'java-1.8.0-openjdk' package(s) announced via the EulerOS-SA-2021-2335 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16, Java SE Embedded: 8u281, Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component.(CVE-2021-2161)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1, Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2766)");
script_tag(name:"affected", value:"'java-1.8.0-openjdk' package(s) on Huawei EulerOS V2.0SP5.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP5") {
if(!isnull(res = isrpmvuln(pkg:"java-1.8.0-openjdk", rpm:"java-1.8.0-openjdk~1.8.0.191.b12~0.h20.eulerosv2r7", rls:"EULEROS-2.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1.8.0-openjdk-devel", rpm:"java-1.8.0-openjdk-devel~1.8.0.191.b12~0.h20.eulerosv2r7", rls:"EULEROS-2.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"java-1.8.0-openjdk-headless", rpm:"java-1.8.0-openjdk-headless~1.8.0.191.b12~0.h20.eulerosv2r7", rls:"EULEROS-2.0SP5"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
EulerOS 2.0 SP5 : java-1.8.0-openjdk (EulerOS-SA-2021-2335)
2021-09-07 00:00:00
EulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2021-2389)
2021-09-14 00:00:00
EulerOS 2.0 SP3 : java-1.8.0-openjdk (EulerOS-SA-2021-2587)
2021-10-25 00:00:00
cve
cve
CVE-2019-2766
2019-07-23 23:15:00
CVE-2021-2161
2021-04-22 22:15:00
openvas
openvas
Oracle OpenJDK Multiple Vulnerabilities (Apr 2021)
2021-05-31 00:00:00
ubuntucve
ubuntucve
CVE-2019-2766
2019-07-23 00:00:00
CVE-2021-2161
2021-04-22 00:00:00
redhatcve
redhatcve
CVE-2019-2766
2020-04-04 17:22:40
CVE-2021-2161
2021-04-20 20:45:01
alpinelinux
alpinelinux
CVE-2019-2766
2019-07-23 23:15:00
CVE-2021-2161
2021-04-22 22:15:00
debiancve
debiancve
CVE-2019-2766
2019-07-23 23:15:00
CVE-2021-2161
2021-04-22 22:15:00
ibm
ibm
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Java
2021-10-01 06:18:28
cnvd
cnvd
Oracle Java SE Embedded Input Validation Error Vulnerability
2021-02-03 00:00:00
prion
prion
Design/Logic Flaw
2019-07-23 23:15:00
Design/Logic Flaw
2021-04-22 22:15:00
veracode
veracode
Unauthorized Read
2020-08-11 03:25:59
Privilege Escalation
2021-07-16 12:12:36
f5
f5
debian
debian
[SECURITY] [DSA 4899-1] openjdk-11 security update
2021-04-23 20:09:03
[SECURITY] [DLA 2634-1] openjdk-8 security update
2021-04-23 11:31:36
fedora
fedora
[SECURITY] Fedora 33 Update: java-1.8.0-openjdk-1.8.0.292.b10-0.fc33
2021-04-29 19:05:32
[SECURITY] Fedora 32 Update: java-1.8.0-openjdk-1.8.0.292.b10-0.fc32
2021-04-30 01:07:06
[SECURITY] Fedora 34 Update: java-11-openjdk-11.0.11.0.9-0.fc34
2021-04-26 00:27:09
mageia
mageia
Updated java-openjdk packages fix security vulnerabilities
2021-06-29 01:51:23
suse
suse
Security update for java-1_8_0-openjdk (moderate)
2021-07-11 00:00:00
Security update for java-1_8_0-openj9 (moderate)
2021-07-11 00:00:00
Security update for java-11-openjdk (important)
2021-05-14 00:00:00
redhat
redhat
kaspersky
kaspersky
KLA12159 Multiple vulnerabilities in Oracle Java SE
2021-04-20 00:00:00
KLA11520 Multiple vulnerabilities in Oracle Java
2019-07-16 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2133
2023-03-21 12:31:42
amazon
amazon
Medium: java-11-amazon-corretto
2019-07-18 17:37:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2019-10-09 13:12:20
5.7 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
64.7%
Related for OPENVAS:1361412562311220212335