Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redosRedosROS-20240424-01
HistoryApr 24, 2024 - 12:00 a.m.

ROS-20240424-01

2024-04-2400:00:00
redos.red-soft.ru
1
imageio
insufficient input validation
denial of service
libraries
unrestricted resource allocation
partial denial of service
serialization
in-memory recovery
jaxp
execution loop
hotspot
integer overflow
writing outside buffer boundaries
cross-boundary critical data deletion errors
oracle
graalvm
java se
virtual machine
unauthorized access
critical data deletion
information disclosure

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.003 Low

EPSS

Percentile

66.0%

JSON

A vulnerability in the ImageIO component of Oracle GraalVM Enterprise Edition virtual machine exists due to
insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
remotely to cause a denial of service

A vulnerability in the Libraries component of the Oracle Java SE software platform and Oracle GraalVM virtual machine.
Enterprise Edition is related to unrestricted resource allocation. Exploitation of the vulnerability could
Allow a remote attacker to cause a partial denial of service

Vulnerability in the Serialization component of the Oracle Java SE software platform and Oracle Virtual Machine
GraalVM Enterprise Edition is associated with in-memory recovery of invalid data. Exploitation
vulnerability could allow an attacker acting remotely to cause a denial of service

Vulnerability in the JAXP component of the Oracle Java SE software platform and Oracle GraalVM virtual machine.
Enterprise Edition is related to information disclosure. Exploitation of the vulnerability could allow an attacker,
acting remotely, to disclose protected information

A vulnerability in the Hotspot component of the Oracle Java SE software platform and Oracle GraalVM virtual machine.
Enterprise Edition is related to integer overflow. Exploitation of the vulnerability could allow
an attacker acting remotely to gain access to modify, add, or delete data

A vulnerability in the Hotspot component of the Oracle Java SE software platform and Oracle GraalVM Virtual Machine
Enterprise Edition is related to writing outside of buffer boundaries. Exploitation of the vulnerability could allow
an attacker acting remotely to gain access to modify, add, or delete data

A vulnerability in the JAXP component of the Oracle Java SE software platform and Oracle GraalVM Virtual Machine
Enterprise Edition is related to the execution of a loop with an inaccessible exit condition. Exploitation of the vulnerability
could allow an attacker acting remotely to cause a denial of service

A vulnerability in the Libraries component of the Oracle Java SE software platform and Oracle GraalVM virtual machine.
Enterprise Edition is related to insufficient input validation. Exploitation of the vulnerability could
Allow a remote attacker to cause a partial denial of service

Vulnerability in the JAXP component of the Oracle Java SE software platform and Oracle GraalVM virtual machine.
Enterprise Edition is associated with cross-boundary critical data deletion errors. Exploitation of the vulnerability
could allow an attacker acting remotely to disclose protected information

A vulnerability in the Libraries component of the Oracle Java SE software platform and Oracle GraalVM Virtual Machine
Enterprise Edition is associated with unrestricted resource allocation. Exploitation of the vulnerability could
Allow an attacker acting remotely to cause a denial of service

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64java-1.8.0-openjdk<= 1.8.0.402.b06-1UNKNOWN

Related

openvas 39
suse 7
nessus 67
oraclelinux 5
centos 2
osv 13
redhat 18
debian 5
rocky 4
altlinux 2
almalinux 3
rosalinux 1
fedora 8
gentoo 1
ibm 16
f5 1
ubuntu 1
mageia 1
amazon 2
kaspersky 2
aix 1
openvas
openvas
openSUSE: Security Advisory for java-1_8_0-openj9 (openSUSE-SU-2021:1455-1)
2021-11-07 00:00:00
openSUSE: Security Advisory for java-1_8_0-openj9 (openSUSE-SU-2021:3615-1)
2021-11-05 00:00:00
Debian: Security Advisory (DSA-5000-2)
2021-11-03 00:00:00
suse
suse
Security update for java-1_8_0-openj9 (important)
2021-11-06 00:00:00
Security update for java-1_8_0-openj9 (important)
2021-11-04 00:00:00
Security update for java-11-openjdk (important)
2021-11-16 00:00:00
nessus
nessus
openSUSE 15 Security Update : java-1_8_0-openj9 (openSUSE-SU-2021:3615-1)
2021-11-05 00:00:00
openSUSE 15 Security Update : java-1_8_0-openj9 (openSUSE-SU-2021:1455-1)
2021-11-07 00:00:00
RHEL 8 : java-11-openjdk (RHSA-2021:3887)
2021-10-21 00:00:00
oraclelinux
oraclelinux
java-11-openjdk security update
2021-10-20 00:00:00
java-11-openjdk security and bug fix update
2021-10-21 00:00:00
java-1.8.0-openjdk security and bug fix update
2021-10-20 00:00:00
centos
centos
java security update
2021-11-17 15:04:57
java security update
2021-11-17 15:06:26
osv
osv
openjdk-11 - security update
2021-12-22 00:00:00
Important: java-11-openjdk security update
2021-10-20 12:41:00
openjdk-11 - security update
2021-11-01 00:00:00
redhat
redhat
(RHSA-2021:3891) Important: java-11-openjdk security update
2021-10-20 12:41:00
(RHSA-2021:3887) Important: java-11-openjdk security update
2021-10-20 12:39:20
(RHSA-2021:3967) Important: OpenJDK 11.0.13 security update for Portable Linux Builds
2021-10-25 12:20:25
debian
debian
[SECURITY] [DSA 5000-2] openjdk-11 security update
2021-12-22 19:03:51
[SECURITY] [DSA 5000-1] openjdk-11 security update
2021-11-01 19:44:34
[SECURITY] [DLA 2814-1] openjdk-8 security update
2021-11-09 18:53:36
rocky
rocky
java-11-openjdk security update
2021-10-20 12:41:00
java-17-openjdk security update
2021-11-09 19:26:37
java-1.8.0-openjdk security and bug fix update
2021-10-20 12:38:15
altlinux
altlinux
Security fix for the ALT Linux 10 package java-11-openjdk version 0:11.0.13.8-alt1_1jpp11
2021-11-08 00:00:00
Security fix for the ALT Linux 10 package java-1.8.0-openjdk version 0:1.8.0.322.b06-alt2_1jpp8
2022-04-07 00:00:00
almalinux
almalinux
Important: java-11-openjdk security update
2021-10-20 12:41:00
Important: java-1.8.0-openjdk security and bug fix update
2021-10-20 12:38:15
Important: java-17-openjdk security update
2021-11-09 19:26:37
rosalinux
rosalinux
Advisory ROSA-SA-2023-2134
2023-03-21 12:45:26
fedora
fedora
[SECURITY] Fedora 34 Update: java-11-openjdk-11.0.13.0.8-1.fc34
2021-10-25 15:14:27
[SECURITY] Fedora 35 Update: java-11-openjdk-11.0.13.0.8-1.fc35
2021-10-29 23:29:26
[SECURITY] Fedora 33 Update: java-11-openjdk-11.0.13.0.8-1.fc33
2021-10-28 19:31:37
gentoo
gentoo
OpenJDK: Multiple Vulnerabilities
2022-09-07 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i
2022-01-21 22:22:58
Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime
2021-12-02 16:09:54
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2021 - Includes Oracle October 2021 CPU (minus CVE-2021-35550/35561/35603) plus CVE-2021-41035 affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time
2022-02-21 09:00:07
f5
f5
K63415246 : Multiple Java vulnerabilities CVE-2021-35560, CVE-2021-35561, CVE-2021-35564, CVE-2021-35567, CVE-2021-35586
2022-09-06 00:00:00
ubuntu
ubuntu
OpenJDK vulnerabilities
2021-12-17 00:00:00
mageia
mageia
Updated java openjdk packages fix security vulnerability
2021-12-08 23:04:18
amazon
amazon
Important: java-1.8.0-openjdk
2021-12-08 02:23:00
Important: java-1.8.0-openjdk
2022-01-18 20:14:00
kaspersky
kaspersky
KLA12426 Multiple vulnerabilities in Oracle Java and GraalVM
2022-01-18 00:00:00
KLA12331 Multiple vulnerabilities in Oracle Java SE
2021-09-28 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2022-02-23 08:12:23

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.003 Low

EPSS

Percentile

66.0%

JSON
Related for ROS-20240424-01
openvas39suse7nessus67oraclelinux5centos2osv13redhat18debian5rocky4altlinux2almalinux3rosalinux1fedora8gentoo1ibm16f51ubuntu1mageia1amazon2kaspersky2aix1