Amazon Linux AMI update for java-1.8.0-openjdk
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 21 |
| CVE-ID | CVE-2022-21248 CVE-2022-21282 CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #21 is available. |
| Vulnerable software Subscribe |
Amazon Linux AMI Operating systems & Components / Operating system |
| Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains information about 21 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU59734
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21248
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Serialization component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.i686
noarch:
java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.68.amzn1.noarch
java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.68.amzn1.noarch
src:
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.src
x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External links
http://alas.aws.amazon.com/ALAS-2022-1631.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Improper input validation
EUVDB-ID: #VU59725
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21282
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the JAXP component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.i686
noarch:
java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.68.amzn1.noarch
java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.68.amzn1.noarch
src:
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.src
x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External links
http://alas.aws.amazon.com/ALAS-2022-1631.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
3) Improper input validation
EUVDB-ID: #VU59729
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21283
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.i686
noarch:
java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.68.amzn1.noarch
java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.68.amzn1.noarch
src:
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.src
x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External links
http://alas.aws.amazon.com/ALAS-2022-1631.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
4) Improper input validation
EUVDB-ID: #VU59730
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21293
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.i686
noarch:
java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.68.amzn1.noarch
java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.68.amzn1.noarch
src:
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.src
x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External links
http://alas.aws.amazon.com/ALAS-2022-1631.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
5) Improper input validation
EUVDB-ID: #VU59731
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21294
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.i686
noarch:
java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.68.amzn1.noarch
java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.68.amzn1.noarch
src:
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.src
x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External links
http://alas.aws.amazon.com/ALAS-2022-1631.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
6) Improper input validation
EUVDB-ID: #VU59726
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21296
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the JAXP component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.i686
noarch:
java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.68.amzn1.noarch
java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.68.amzn1.noarch
src:
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.src
x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External links
http://alas.aws.amazon.com/ALAS-2022-1631.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
7) Improper input validation
EUVDB-ID: #VU59727
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21299
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the JAXP component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.i686
noarch:
java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.68.amzn1.noarch
java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.68.amzn1.noarch
src:
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.src
x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External links
http://alas.aws.amazon.com/ALAS-2022-1631.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
8) Improper input validation
EUVDB-ID: #VU59720
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21305
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.i686
noarch:
java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.68.amzn1.noarch
java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.68.amzn1.noarch
src:
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.src
x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External links
http://alas.aws.amazon.com/ALAS-2022-1631.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
9) Improper input validation
EUVDB-ID: #VU59732
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21340
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.i686
noarch:
java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.68.amzn1.noarch
java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.68.amzn1.noarch
src:
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.src
x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External links
http://alas.aws.amazon.com/ALAS-2022-1631.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
10) Improper input validation
EUVDB-ID: #VU59733
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21341
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Serialization component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.i686
noarch:
java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.68.amzn1.noarch
java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.68.amzn1.noarch
src:
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.src
x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External links
http://alas.aws.amazon.com/ALAS-2022-1631.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
11) Improper input validation
EUVDB-ID: #VU59718
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21349
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the 2D component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.i686
noarch:
java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.68.amzn1.noarch
java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.68.amzn1.noarch
src:
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.src
x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External links
http://alas.aws.amazon.com/ALAS-2022-1631.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
12) Improper input validation
EUVDB-ID: #VU59722
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21360
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the ImageIO component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.i686
noarch:
java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.68.amzn1.noarch
java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.68.amzn1.noarch
src:
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.src
x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External links
http://alas.aws.amazon.com/ALAS-2022-1631.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
13) Improper input validation
EUVDB-ID: #VU59723
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21365
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the ImageIO component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.i686
noarch:
java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.68.amzn1.noarch
java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.68.amzn1.noarch
src:
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.src
x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External links
http://alas.aws.amazon.com/ALAS-2022-1631.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
14) Improper input validation
EUVDB-ID: #VU62399
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21426
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the JAXP component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.i686
noarch:
java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.68.amzn1.noarch
java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.68.amzn1.noarch
src:
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.src
x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External links
http://alas.aws.amazon.com/ALAS-2022-1631.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
15) Improper input validation
EUVDB-ID: #VU62401
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21434
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.i686
noarch:
java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.68.amzn1.noarch
java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.68.amzn1.noarch
src:
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.src
x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External links
http://alas.aws.amazon.com/ALAS-2022-1631.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
16) Improper input validation
EUVDB-ID: #VU62402
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21443
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.i686
noarch:
java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.68.amzn1.noarch
java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.68.amzn1.noarch
src:
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.src
x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External links
http://alas.aws.amazon.com/ALAS-2022-1631.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
17) Improper input validation
EUVDB-ID: #VU62398
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21476
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.i686
noarch:
java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.68.amzn1.noarch
java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.68.amzn1.noarch
src:
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.src
x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External links
http://alas.aws.amazon.com/ALAS-2022-1631.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
18) Improper input validation
EUVDB-ID: #VU62400
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21496
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the JNDI component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.i686
noarch:
java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.68.amzn1.noarch
java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.68.amzn1.noarch
src:
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.src
x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External links
http://alas.aws.amazon.com/ALAS-2022-1631.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
19) Improper input validation
EUVDB-ID: #VU65497
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21540
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.i686
noarch:
java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.68.amzn1.noarch
java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.68.amzn1.noarch
src:
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.src
x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External links
http://alas.aws.amazon.com/ALAS-2022-1631.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
20) Improper input validation
EUVDB-ID: #VU65496
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21541
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.i686
noarch:
java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.68.amzn1.noarch
java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.68.amzn1.noarch
src:
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.src
x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External links
http://alas.aws.amazon.com/ALAS-2022-1631.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
21) Improper input validation
EUVDB-ID: #VU65495
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-34169
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to compromise the affected system.
The vulnerability exists due to an integer truncation issue when processing malicious XSLT stylesheets. A remote non-authenticated attacker can pass specially crafted data to the application to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode.
Update the affected packages:
i686:Vulnerable software versions
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.i686
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.i686
noarch:
java-1.8.0-openjdk-javadoc-1.8.0.342.b07-0.68.amzn1.noarch
java-1.8.0-openjdk-javadoc-zip-1.8.0.342.b07-0.68.amzn1.noarch
src:
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.src
x86_64:
java-1.8.0-openjdk-debuginfo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-src-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-demo-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-devel-1.8.0.342.b07-0.68.amzn1.x86_64
java-1.8.0-openjdk-headless-1.8.0.342.b07-0.68.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External links
http://alas.aws.amazon.com/ALAS-2022-1631.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
