Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2021 Greenbone AGOPENVAS:13614125623114202106651
HistoryApr 19, 2021 - 12:00 a.m.

SUSE: Security Advisory (SUSE-SU-2021:0665-1)

2021-04-1900:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
1

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.3%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.4.2021.0665.1");
  script_cve_id("CVE-2020-14803");
  script_tag(name:"creation_date", value:"2021-04-19 00:00:00 +0000 (Mon, 19 Apr 2021)");
  script_version("2024-02-02T14:37:50+0000");
  script_tag(name:"last_modification", value:"2024-02-02 14:37:50 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2020-10-23 13:36:52 +0000 (Fri, 23 Oct 2020)");

  script_name("SUSE: Security Advisory (SUSE-SU-2021:0665-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2021 Greenbone AG");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES15\.0SP2|SLES15\.0SP3|SLES15\.0|SLES15\.0SP1)");

  script_xref(name:"Advisory-ID", value:"SUSE-SU-2021:0665-1");
  script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2021/suse-su-20210665-1/");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'java-1_8_0-openjdk' package(s) announced via the SUSE-SU-2021:0665-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This update for java-1_8_0-openjdk fixes the following issues:

Update to version jdk8u282 (icedtea 3.18.0)
 * January 2021 CPU (bsc#1181239)
 * Security fixes
 + JDK-8247619: Improve Direct Buffering of Characters (CVE-2020-14803)
 * Import of OpenJDK 8 u282 build 01
 + JDK-6962725: Regtest javax/swing/JFileChooser/6738668/
 /bug6738668.java fails under Linux
 + JDK-8025936: Windows .pdb and .map files does not have proper
 dependencies setup
 + JDK-8030350: Enable additional compiler warnings for GCC
 + JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/
 /DisposeFrameOnDragTest.java fails by Timeout on Windows
 + JDK-8036122: Fix warning 'format not a string literal'
 + JDK-8051853: new URI('x/').resolve('..').getSchemeSpecificPart()
 returns null!
 + JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/
 /DefaultNoDrop.java locks on Windows
 + JDK-8134632: Mark javax/sound/midi/Devices/ /InitializationHang.java
 as headful
 + JDK-8148854: Class names 'SomeClass' and 'LSomeClass,' treated by
 JVM as an equivalent
 + JDK-8148916: Mark bug6400879.java as intermittently failing
 + JDK-8148983: Fix extra comma in changes for JDK-8148916
 + JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails
 + JDK-8165808: Add release barriers when allocating objects with
 concurrent collection
 + JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with
 a maxDepth argument
 + JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows
 with VS2017
 + JDK-8207766: [testbug] Adapt tests for Aix.
 + JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT
 compilation
 + JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash
 + JDK-8215727: Restore JFR thread sampler loop to old / previous
 behavior
 + JDK-8220657: JFR.dump does not work when filename is set
 + JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing
 + JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails
 with access issues and OOM
 + JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be
 quicker for self thread
 + JDK-8231968: getCurrentThreadAllocatedBytes default implementation
 s/b getThreadAllocatedBytes
 + JDK-8232114: JVM crashed at imjpapi.dll in native code
 + JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers
 for Compiler area
 + JDK-8234339: replace JLI_StrTok in java_md_solinux.c
 + JDK-8238448: RSASSA-PSS signature verification fail when using
 certain odd key sizes
 + JDK-8242335: Additional Tests for RSASSA-PSS
 + JDK-8244225: stringop-overflow warning on strncpy call from
 compile_the_world_in
 + JDK-8245400: Upgrade to LittleCMS 2.11
 + JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing
 cache contention
 + JDK-8249176: Update GlobalSignR6CA test certificates
 + JDK-8250665: Wrong translation for the month name of May in
 ar_JO,LB,SY
 + JDK-8250928: JFR: Improve hash algorithm for stack ... [Please see the references for more information on the vulnerabilities]");

  script_tag(name:"affected", value:"'java-1_8_0-openjdk' package(s) on SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, SUSE Linux Enterprise Module for Legacy Software 15-SP2, SUSE Linux Enterprise Module for Legacy Software 15-SP3, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15-SP1, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 4.0.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "SLES15.0SP2") {

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk", rpm:"java-1_8_0-openjdk~1.8.0.282~3.48.1", rls:"SLES15.0SP2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-debuginfo", rpm:"java-1_8_0-openjdk-debuginfo~1.8.0.282~3.48.1", rls:"SLES15.0SP2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-debugsource", rpm:"java-1_8_0-openjdk-debugsource~1.8.0.282~3.48.1", rls:"SLES15.0SP2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-demo", rpm:"java-1_8_0-openjdk-demo~1.8.0.282~3.48.1", rls:"SLES15.0SP2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-demo-debuginfo", rpm:"java-1_8_0-openjdk-demo-debuginfo~1.8.0.282~3.48.1", rls:"SLES15.0SP2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-devel", rpm:"java-1_8_0-openjdk-devel~1.8.0.282~3.48.1", rls:"SLES15.0SP2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-devel-debuginfo", rpm:"java-1_8_0-openjdk-devel-debuginfo~1.8.0.282~3.48.1", rls:"SLES15.0SP2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-headless", rpm:"java-1_8_0-openjdk-headless~1.8.0.282~3.48.1", rls:"SLES15.0SP2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-headless-debuginfo", rpm:"java-1_8_0-openjdk-headless-debuginfo~1.8.0.282~3.48.1", rls:"SLES15.0SP2"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "SLES15.0SP3") {

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk", rpm:"java-1_8_0-openjdk~1.8.0.282~3.48.1", rls:"SLES15.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-debuginfo", rpm:"java-1_8_0-openjdk-debuginfo~1.8.0.282~3.48.1", rls:"SLES15.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-debugsource", rpm:"java-1_8_0-openjdk-debugsource~1.8.0.282~3.48.1", rls:"SLES15.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-demo", rpm:"java-1_8_0-openjdk-demo~1.8.0.282~3.48.1", rls:"SLES15.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-demo-debuginfo", rpm:"java-1_8_0-openjdk-demo-debuginfo~1.8.0.282~3.48.1", rls:"SLES15.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-devel", rpm:"java-1_8_0-openjdk-devel~1.8.0.282~3.48.1", rls:"SLES15.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-devel-debuginfo", rpm:"java-1_8_0-openjdk-devel-debuginfo~1.8.0.282~3.48.1", rls:"SLES15.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-headless", rpm:"java-1_8_0-openjdk-headless~1.8.0.282~3.48.1", rls:"SLES15.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-headless-debuginfo", rpm:"java-1_8_0-openjdk-headless-debuginfo~1.8.0.282~3.48.1", rls:"SLES15.0SP3"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "SLES15.0") {

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk", rpm:"java-1_8_0-openjdk~1.8.0.282~3.48.1", rls:"SLES15.0"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-debuginfo", rpm:"java-1_8_0-openjdk-debuginfo~1.8.0.282~3.48.1", rls:"SLES15.0"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-debugsource", rpm:"java-1_8_0-openjdk-debugsource~1.8.0.282~3.48.1", rls:"SLES15.0"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-demo", rpm:"java-1_8_0-openjdk-demo~1.8.0.282~3.48.1", rls:"SLES15.0"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-demo-debuginfo", rpm:"java-1_8_0-openjdk-demo-debuginfo~1.8.0.282~3.48.1", rls:"SLES15.0"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-devel", rpm:"java-1_8_0-openjdk-devel~1.8.0.282~3.48.1", rls:"SLES15.0"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-devel-debuginfo", rpm:"java-1_8_0-openjdk-devel-debuginfo~1.8.0.282~3.48.1", rls:"SLES15.0"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-headless", rpm:"java-1_8_0-openjdk-headless~1.8.0.282~3.48.1", rls:"SLES15.0"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-headless-debuginfo", rpm:"java-1_8_0-openjdk-headless-debuginfo~1.8.0.282~3.48.1", rls:"SLES15.0"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "SLES15.0SP1") {

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk", rpm:"java-1_8_0-openjdk~1.8.0.282~3.48.1", rls:"SLES15.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-debuginfo", rpm:"java-1_8_0-openjdk-debuginfo~1.8.0.282~3.48.1", rls:"SLES15.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-debugsource", rpm:"java-1_8_0-openjdk-debugsource~1.8.0.282~3.48.1", rls:"SLES15.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-demo", rpm:"java-1_8_0-openjdk-demo~1.8.0.282~3.48.1", rls:"SLES15.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-demo-debuginfo", rpm:"java-1_8_0-openjdk-demo-debuginfo~1.8.0.282~3.48.1", rls:"SLES15.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-devel", rpm:"java-1_8_0-openjdk-devel~1.8.0.282~3.48.1", rls:"SLES15.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-devel-debuginfo", rpm:"java-1_8_0-openjdk-devel-debuginfo~1.8.0.282~3.48.1", rls:"SLES15.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-headless", rpm:"java-1_8_0-openjdk-headless~1.8.0.282~3.48.1", rls:"SLES15.0SP1"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_8_0-openjdk-headless-debuginfo", rpm:"java-1_8_0-openjdk-headless-debuginfo~1.8.0.282~3.48.1", rls:"SLES15.0SP1"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

cve 1
nessus 64
prion 1
veracode 1
openvas 30
cvelist 1
suse 3
redhatcve 1
debiancve 1
alpinelinux 1
nvd 1
osv 5
ubuntucve 1
ibm 51
redhat 12
f5 1
rosalinux 1
centos 3
mageia 1
oraclelinux 5
amazon 3
debian 2
fedora 6
ubuntu 2
kaspersky 1
cve
cve
CVE-2020-14803
2020-10-21 15:15:20
nessus
nessus
Oracle Java SE 1.7.0_291 / 1.8.0_281 / 1.11.0_10 / 1.15.0_2 Information Disclosure (Windows Jan 2021 CPU)
2021-01-20 00:00:00
IBM Java 7.0 < 7.0.10.80 / 7.1 < 7.1.4.80 / 8.0 < 8.0.6.25
2022-04-29 00:00:00
SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2021:0533-1)
2021-02-22 00:00:00
prion
prion
Design/Logic Flaw
2020-10-21 15:15:00
veracode
veracode
Information Disclosure
2020-10-23 08:58:36
openvas
openvas
openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2021:0374-1)
2021-04-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:0533-1)
2021-04-19 00:00:00
Oracle Java SE Security Update (cpuoct2020 - 02) - Linux
2020-10-21 00:00:00
cvelist
cvelist
CVE-2020-14803
2020-10-21 14:04:26
suse
suse
Security update for java-1_8_0-openjdk (moderate)
2021-03-03 00:00:00
Security update for java-11-openjdk (moderate)
2020-11-21 00:00:00
Security update for java-11-openjdk (moderate)
2020-11-21 00:00:00
redhatcve
redhatcve
CVE-2020-14803
2020-10-20 21:17:14
debiancve
debiancve
CVE-2020-14803
2020-10-21 15:15:20
alpinelinux
alpinelinux
CVE-2020-14803
2020-10-21 15:15:20
nvd
nvd
CVE-2020-14803
2020-10-21 15:15:20
osv
osv
CVE-2020-14803
2020-10-21 15:15:20
openjdk-8 - security update
2020-10-23 00:00:00
openjdk-8, openjdk-lts regressions
2020-11-12 21:58:30
ubuntucve
ubuntucve
CVE-2020-14803
2020-10-21 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium
2021-11-04 16:24:37
Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE (CVE-2020-14803, CVE-2020-27221)
2021-05-18 20:55:40
Security Bulletin: Vulnerability in Java SE and Eclipse OpenJ9 affect DB2 Recovery Expert for Linux, Unix and Windows
2021-04-24 04:07:24
redhat
redhat
(RHSA-2021:0733) Critical: java-1.7.1-ibm security update
2021-03-04 15:12:34
(RHSA-2021:0717) Critical: java-1.8.0-ibm security update
2021-03-03 20:42:35
(RHSA-2021:0736) Critical: java-1.8.0-ibm security update
2021-03-04 17:36:10
f5
f5
K45012029 : OpenJDK vulnerability CVE-2020-14796, CVE-2020-14798, CVE-2020-14803
2022-10-25 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2315
2023-12-19 12:25:07
centos
centos
java security update
2020-11-06 21:58:30
java security update
2020-11-06 21:59:28
java security update
2020-11-09 13:12:26
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2020-11-14 00:20:36
oraclelinux
oraclelinux
java-1.8.0-openjdk security and bug fix update
2020-10-27 00:00:00
java-1.8.0-openjdk security update
2020-10-27 00:00:00
java-11-openjdk security update
2020-10-23 00:00:00
amazon
amazon
Medium: java-1.8.0-openjdk
2020-12-16 20:31:00
Medium: java-1.8.0-openjdk
2021-01-05 23:34:00
Medium: java-1.8.0-openjdk
2021-01-12 22:51:00
debian
debian
[SECURITY] [DSA 4779-1] openjdk-11 security update
2020-10-25 10:14:25
[SECURITY] [DLA 2412-1] openjdk-8 security update
2020-10-30 09:23:09
fedora
fedora
[SECURITY] Fedora 33 Update: java-11-openjdk-11.0.9.11-0.fc33
2020-10-26 01:07:11
[SECURITY] Fedora 31 Update: java-1.8.0-openjdk-1.8.0.272.b10-0.fc31
2020-10-31 02:02:16
[SECURITY] Fedora 32 Update: java-11-openjdk-11.0.9.11-0.fc32
2020-10-31 02:02:10
ubuntu
ubuntu
OpenJDK regressions
2020-11-12 00:00:00
OpenJDK vulnerabilities
2020-10-27 00:00:00
kaspersky
kaspersky
KLA11985 Multiple vulnerabilities in Oracle Java SE
2020-10-20 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.3%

JSON
Related for OPENVAS:13614125623114202106651
cve1nessus64prion1veracode1openvas30cvelist1suse3redhatcve1debiancve1alpinelinux1nvd1osv5ubuntucve1ibm51redhat12f51rosalinux1centos3mageia1oraclelinux5amazon3debian2fedora6ubuntu2kaspersky1