Amazon Linux AMI update for java-1.8.0-openjdk

1) Improper input validation

EUVDB-ID: #VU75267

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-21937

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Networking component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Update the affected packages:

i686:
    java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-headless-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-demo-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-devel-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-src-1.8.0.382.b05-1.78.amzn1.i686

noarch:
    java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.78.amzn1.noarch
    java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.78.amzn1.noarch

src:
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.src

x86_64:
    java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-headless-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-devel-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-demo-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-src-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2023-1797.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU75265

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-21938

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Update the affected packages:

i686:
    java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-headless-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-demo-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-devel-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-src-1.8.0.382.b05-1.78.amzn1.i686

noarch:
    java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.78.amzn1.noarch
    java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.78.amzn1.noarch

src:
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.src

x86_64:
    java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-headless-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-devel-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-demo-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-src-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2023-1797.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU75264

Risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2023-21939

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Swing component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Update the affected packages:

i686:
    java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-headless-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-demo-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-devel-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-src-1.8.0.382.b05-1.78.amzn1.i686

noarch:
    java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.78.amzn1.noarch
    java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.78.amzn1.noarch

src:
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.src

x86_64:
    java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-headless-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-devel-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-demo-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-src-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2023-1797.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Improper input validation

EUVDB-ID: #VU75262

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-21954

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Mitigation

Update the affected packages:

i686:
    java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-headless-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-demo-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-devel-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-src-1.8.0.382.b05-1.78.amzn1.i686

noarch:
    java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.78.amzn1.noarch
    java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.78.amzn1.noarch

src:
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.src

x86_64:
    java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-headless-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-devel-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-demo-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-src-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2023-1797.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

EUVDB-ID: #VU75261

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-21967

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the JSSE component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Update the affected packages:

i686:
    java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-headless-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-demo-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-devel-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-src-1.8.0.382.b05-1.78.amzn1.i686

noarch:
    java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.78.amzn1.noarch
    java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.78.amzn1.noarch

src:
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.src

x86_64:
    java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-headless-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-devel-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-demo-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-src-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2023-1797.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper input validation

EUVDB-ID: #VU75266

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-21968

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Update the affected packages:

i686:
    java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-headless-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-demo-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-devel-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-src-1.8.0.382.b05-1.78.amzn1.i686

noarch:
    java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.78.amzn1.noarch
    java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.78.amzn1.noarch

src:
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.src

x86_64:
    java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-headless-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-devel-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-demo-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-src-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2023-1797.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper input validation

EUVDB-ID: #VU78409

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-22043

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the JavaFX component in Oracle Java SE. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Update the affected packages:

i686:
    java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-headless-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-demo-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-devel-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-src-1.8.0.382.b05-1.78.amzn1.i686

noarch:
    java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.78.amzn1.noarch
    java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.78.amzn1.noarch

src:
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.src

x86_64:
    java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-headless-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-devel-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-demo-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-src-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2023-1797.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper input validation

EUVDB-ID: #VU78413

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-22045

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM for JDK. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Mitigation

Update the affected packages:

i686:
    java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-headless-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-demo-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-devel-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-src-1.8.0.382.b05-1.78.amzn1.i686

noarch:
    java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.78.amzn1.noarch
    java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.78.amzn1.noarch

src:
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.src

x86_64:
    java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-headless-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-devel-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-demo-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-src-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2023-1797.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper input validation

EUVDB-ID: #VU78414

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-22049

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM for JDK. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Update the affected packages:

i686:
    java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-headless-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-demo-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-devel-1.8.0.382.b05-1.78.amzn1.i686
    java-1.8.0-openjdk-src-1.8.0.382.b05-1.78.amzn1.i686

noarch:
    java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-1.78.amzn1.noarch
    java-1.8.0-openjdk-javadoc-1.8.0.382.b05-1.78.amzn1.noarch

src:
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.src

x86_64:
    java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-headless-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-devel-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-demo-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-src-1.8.0.382.b05-1.78.amzn1.x86_64
    java-1.8.0-openjdk-1.8.0.382.b05-1.78.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2023-1797.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Risk	Medium
Patch available	YES
Number of vulnerabilities	9
CVE-ID	CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 CVE-2023-22043 CVE-2023-22045 CVE-2023-22049
CWE-ID	CWE-20
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #3 is available.
Vulnerable software	Amazon Linux AMI Operating systems & Components / Operating system
Vendor	Amazon Web Services