SUSE-SU-2022:4602-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: IBM Security Update November 2022: bsc1205302, bsc1204703 - CVE-2022-3676: A security vulnerability was fixed in version 8.0.7.20, adding the reference here...

SUSE-SU-2022:4452-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Update to version jdk8u352 icedtea-3.25.0: - CVE-2022-21619,CVE-2022-21624: Fixed difficult to exploit vulnerability allows unauthenticated attacker with network access and can cause unauthorized update, insert or delete access via...

SUSE-SU-2022:4373-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Update to version jdk8u352 icedtea-3.25.0: - CVE-2022-21619,CVE-2022-21624: Fixed difficult to exploit vulnerability allows unauthenticated attacker with network access and can cause unauthorized update, insert or delete access via...

SUSE-SU-2022:4166-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition bsc1204471. - CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can...

SUSE-SU-2022:4079-1 Security update for java-17-openjdk

This update for java-17-openjdk fixes the following issues: - Update to jdk-17.0.5+8 October 2022 CPU - CVE-2022-39399: Improve HTTP/2 client usagebsc1204480 - CVE-2022-21628: Better HttpServer service bsc1204472 - CVE-2022-21624: Enhance icon presentations bsc1204475 - CVE-2022-21619: Improve NT...

CVE-2022-41917

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a...

Information disclosure

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a...

CVE-2022-41917

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a...

PT-2022-26147 · Unknown · Opensearch

Name of the Vulnerable Software and Affected Versions: OpenSearch versions prior to 1.3.7 OpenSearch versions prior to 2.4.0 Description: An issue in OpenSearch allows certain specially crafted queries to return a response containing the first line of text from arbitrary files. The list of...

CVE-2022-41917 Incorrect Error Handling Allowed Partial File Reads Over REST API in OpenSearch

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a...

[SECURITY] [DLA 3159-1] libbluray bugfix update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3159-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 25, 2022 https://wiki.debian.org/LTS -...

Jadx-gui vulnerable to swing HTML Denial of Service (DoS) attack

Impact Using jadx-gui to open a special zip file with entry containing HTML sequence like will cause interface to get stuck and throw exceptions like: java.lang.RuntimeException: Can't build aframeset, BranchElementframeset 1,3 :no ROWS or COLS defined. at...

OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated...

OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerabili...

OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to...

OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated...

OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated...

SUSE-SU-2022:3152-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Note: the issues listed below were NOT fixed with the previous update 8.0-7.11. - Update to Java 8.0 Service Refresh 7 Fix Pack 15 bsc1202427: - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred...

SUSE-SU-2022:3092-1 Security update for java-1_8_0-openj9

This update for java-180-openj9 fixes the following issues: - Updated to OpenJDK 8u345 build 01 with OpenJ9 0.33.0 virtual machine: - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets bsc1201684. - CVE-2022-21541:...

SUSE-SU-2022:2899-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 7 Fix Pack 11 bsc1202427: - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets bsc1201684. - CVE-2022-21549: Fixed an iss...