Lucene search

K
rosalinuxROSA LABROSA-SA-2023-2138
HistoryApr 04, 2023 - 3:18 p.m.

Advisory ROSA-SA-2023-2138

2023-04-0415:18:16
ROSA LAB
abf.rosalinux.ru
11

0.002 Low

EPSS

Percentile

53.0%

Software: java-11-openjdk 11.0.18.0.10-1
OS: rosa-server79

package_evr_string: 11.0.18.0.10-1

CVE-ID: CVE-2022-21434
BDU-ID: 2022-02839
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability exists in the Libraries component of the Libraries component of Oracle GraalVM Enterprise Edition virtual machine due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to modify, add, or delete data using network packets
CVE-STATUS: Resolved
CVE-REV: Run yum update java-11-openjdk to close.

CVE-ID: CVE-2022-21476
BDU-ID: 2022-02686
CVE-Crit: HIGH
CVE-DESC: A vulnerability in the Libraries component of Java SE software platforms, Oracle GraalVM Enterprise Edition virtual machine is related to insufficient protection of service data. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information
CVE-STATUS: Resolved
CVE-REV: Run yum update java-11-openjdk to close.

CVE-ID: CVE-2022-34169
BDU-ID: 2022-04788
CVE-Crit: HIGH
CVE-DESC: A vulnerability in the Apache Xalan Java XSLT library is related to an integer value conversion error when processing XSLT stylesheets. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: Run yum update java-11-openjdk to close.

CVE-ID: CVE-2022-21541
BDU-ID: 2022-05103
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the Hotspot component of the Java SE software platforms, Oracle GraalVM Enterprise Edition virtual machine is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to create, delete, or modify access to data
CVE-STATUS: Resolved
CVE-REV: Run yum update java-11-openjdk to close.

CVE-ID: CVE-2022-21540
BDU-ID: 2022-05104
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the Hotspot component of the Java SE software platforms, Oracle GraalVM Enterprise Edition virtual machine is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain read access to data using network packets
CVE-STATUS: Resolved
CVE-REV: Run yum update java-11-openjdk to close.

CVE-ID: CVE-2023-21835
BDU-ID: 2023-00510
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the JSSE component of the Oracle Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: Run the yum update java-11-openjdk command to close.