SB2020111023 - OpenSUSE Linux update for java-1_8_0-openj9
Published: November 10, 2020 Updated: March 20, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 16 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2020-14556)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Libraries component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
2) Improper input validation (CVE-ID: CVE-2020-14577)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the JSSE component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
3) Improper input validation (CVE-ID: CVE-2020-14578)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Libraries component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
4) Improper input validation (CVE-ID: CVE-2020-14579)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Libraries component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
5) Improper input validation (CVE-ID: CVE-2020-14581)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the 2D component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
6) Improper input validation (CVE-ID: CVE-2020-14583)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Java component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.
7) Improper input validation (CVE-ID: CVE-2020-14593)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the 2D component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
8) Improper input validation (CVE-ID: CVE-2020-14621)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the JAXP component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
9) Improper input validation (CVE-ID: CVE-2020-14779)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Serialization component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
10) Missing Encryption of Sensitive Data (CVE-ID: CVE-2020-14781)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the JNDI component in Java SE Embedded when processing encrypted LDAP requests. A remote non-authenticated attacker can downgrade the encrypted LDAP connection and gain access to sensitive information.
11) Improper input validation (CVE-ID: CVE-2020-14782)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to an error in CertPath implementation within the Libraries component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
12) Improper input validation (CVE-ID: CVE-2020-14792)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
13) Improper input validation (CVE-ID: CVE-2020-14796)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Libraries component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
14) Improper input validation (CVE-ID: CVE-2020-14797)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Libraries component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
15) Improper input validation (CVE-ID: CVE-2020-14798)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Libraries component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
16) Improper input validation (CVE-ID: CVE-2020-14803)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Libraries component in Java SE. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
Remediation
Install update from vendor's website.