Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redosRedosROS-20240521-05
HistoryMay 21, 2024 - 12:00 a.m.

ROS-20240521-05

2024-05-2100:00:00
redos.red-soft.ru
4
oracle java se
graalvm
hotspot component
jsse component
javafx
swing component
serialization component
input validation
data integrity
resource consumption
remote attacker
denial of service
sensitive information
message integrity
uncontrolled resource consumption
in-memory recovery

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.3%

JSON

A vulnerability in the Hotspot component of the Oracle Java SE software platform and Oracle GraalVM Virtual Machine
Enterprise Edition exists due to insufficient input validation. Exploitation of the vulnerability could
Allow a remote attacker to disclose protected information

A vulnerability in the JSSE component of the Oracle Java SE software platform and Oracle GraalVM virtual machine.
Enterprise Edition is related to insufficient input validation. Exploitation of the vulnerability could
Allow a remote attacker to cause a denial of service

Vulnerability in the JSSE component of the Oracle Java SE software platform and Oracle GraalVM virtual machine.
Enterprise Edition is related to a lack of message integrity checking. Exploitation of the vulnerability could
allow an attacker acting remotely to disclose protected information or create, delete, or
modify access to data

Vulnerability in the Hotspot component of the Java SE software platform and Oracle GraalVM Virtual Machines
Enterprise Edition and Oracle GraalVM for JDK is related to errors in input data processing.
Exploitation of the vulnerability could allow an attacker to gain access to sensitive information

Vulnerability of JavaFX component of Oracle Java SE software platforms is related to errors in input data processing.
input data. Exploitation of the vulnerability could allow a remote attacker to cause
impact data integrity

A vulnerability in the JSSE component of the Oracle Java SE software platform and Oracle GraalVM virtual machine.
Enterprise Edition is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow
an attacker acting remotely to cause a denial of service

A vulnerability in the Swing component of the Oracle Java SE software platform and Oracle GraalVM virtual machine.
Enterprise Edition exists due to insufficient input validation. Exploitation of the vulnerability could
Allow a remote attacker to manipulate data

A vulnerability in the Serialization component of the Oracle Java SE software platform and Oracle Virtual Machine
GraalVM Enterprise Edition is associated with in-memory recovery of invalid data. Exploitation
of the vulnerability could allow an attacker acting remotely to gain access to modify, add
or delete data

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64java-1.8.0-openjdk<= 1.8.0.402.b06-1UNKNOWN

Related

redhat 25
nessus 70
almalinux 5
altlinux 1
openvas 33
redos 1
oraclelinux 10
suse 4
amazon 4
osv 11
rocky 3
cloudlinux 1
centos 2
debian 2
fedora 7
kaspersky 2
rosalinux 2
ibm 16
redhat
redhat
(RHSA-2022:5687) Important: java-11-openjdk security, bug fix, and enhancement update
2022-07-21 13:49:31
(RHSA-2022:5755) Important: OpenJDK 11.0.16 Security Update for Portable Linux Builds
2022-07-28 15:36:15
(RHSA-2022:5756) Important: OpenJDK 11.0.16 security update for Windows Builds
2022-07-28 15:36:18
nessus
nessus
RHEL 8 : java-1.8.0-openjdk (RHSA-2022:5701)
2022-07-25 00:00:00
RHEL 9 : java-1.8.0-openjdk (RHSA-2022:5709)
2022-07-26 00:00:00
Oracle Linux 9 : java-1.8.0-openjdk (ELSA-2022-5709)
2022-07-27 00:00:00
almalinux
almalinux
Important: java-1.8.0-openjdk security, bug fix, and enhancement update
2022-07-25 00:00:00
Important: java-11-openjdk security, bug fix, and enhancement update
2022-07-25 00:00:00
Important: java-1.8.0-openjdk security, bug fix, and enhancement update
2022-07-25 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package java-11-openjdk version 0:11.0.16.0.8-alt1_1jpp11
2022-08-05 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:2610-1)
2022-08-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2856-1)
2022-08-22 00:00:00
Fedora: Security Advisory for java-latest-openjdk (FEDORA-2022-e573851f56)
2022-08-04 00:00:00
redos
redos
ROS-20240522-05
2024-05-22 00:00:00
oraclelinux
oraclelinux
java-1.8.0-openjdk security, bug fix, and enhancement update
2022-07-25 00:00:00
java-1.8.0-openjdk security, bug fix, and enhancement update
2022-07-26 00:00:00
java-11-openjdk security, bug fix, and enhancement update
2022-07-26 00:00:00
suse
suse
Security update for java-11-openjdk (important)
2022-08-09 00:00:00
Security update for java-1_8_0-openjdk (important)
2022-08-19 00:00:00
Security update for java-1_8_0-ibm (important)
2022-08-31 00:00:00
amazon
amazon
Important: java-11-amazon-corretto
2022-07-19 01:18:00
Important: java-1.8.0-openjdk
2022-09-01 21:09:00
Important: java-11-amazon-corretto
2022-07-19 00:38:00
osv
osv
openjdk-11 - security update
2022-07-22 00:00:00
Important: java-11-openjdk security, bug fix, and enhancement update
2022-07-25 00:00:00
Important: java-1.8.0-openjdk security, bug fix, and enhancement update
2022-07-25 00:00:00
rocky
rocky
java-11-openjdk security, bug fix, and enhancement update
2022-07-21 13:41:28
java-1.8.0-openjdk security, bug fix, and enhancement update
2022-07-25 13:45:21
java-17-openjdk security, bug fix, and enhancement update
2022-07-26 17:15:53
cloudlinux
cloudlinux
Fixed CVEs in java-1.8.0-openjdk: CVE-2022-21541, CVE-2022-34169, CVE-2022-21540
2022-08-04 18:46:36
centos
centos
java security update
2022-08-02 19:14:32
java security update
2022-08-02 19:13:38
debian
debian
[SECURITY] [DSA 5188-1] openjdk-11 security update
2022-07-22 20:58:41
[SECURITY] [DSA 5192-1] openjdk-17 security update
2022-07-26 20:13:06
fedora
fedora
[SECURITY] Fedora 36 Update: java-latest-openjdk-18.0.2.0.9-1.rolling.fc36
2022-08-03 01:27:35
[SECURITY] Fedora 35 Update: java-latest-openjdk-18.0.2.0.9-1.rolling.fc35
2022-08-03 01:49:31
[SECURITY] Fedora 36 Update: java-17-openjdk-17.0.4.0.8-1.fc36
2022-07-28 01:28:22
kaspersky
kaspersky
KLA12588 Multiple vulnerabilities in Oracle Java SE and GraalVM
2022-07-19 00:00:00
KLA48970 Multiple vulnerabilities in Oracle Java SE and GraalVM
2023-04-18 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2138
2023-04-04 15:18:16
Advisory ROSA-SA-2023-2213
2023-08-08 08:57:46
ibm
ibm
Security Bulletin: Vulnerabilities in Oracle Java and the IBM Java SDK (CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968 and CVE-2023-21937 ) affect Power HMC
2023-08-22 16:46:25
Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud due to July 2022 CPU
2022-10-07 16:09:39
Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition.
2023-12-14 19:01:59

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.3%

JSON
Related for ROS-20240521-05
redhat25nessus70almalinux5altlinux1openvas33redos1oraclelinux10suse4amazon4osv11rocky3cloudlinux1centos2debian2fedora7kaspersky2rosalinux2ibm16