Risk | High |
Patch available | YES |
Number of vulnerabilities | 43 |
CVE-ID | CVE-2020-14556 CVE-2020-14562 CVE-2020-14573 CVE-2020-14577 CVE-2020-14578 CVE-2020-14581 CVE-2020-14593 CVE-2020-14621 CVE-2020-14664 CVE-2023-22025 CVE-2023-22081 CVE-2023-42950 CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 CVE-2024-20922 CVE-2024-20923 CVE-2024-20925 CVE-2024-20926 CVE-2024-20932 CVE-2024-20945 CVE-2024-20952 CVE-2024-20955 CVE-2024-21002 CVE-2024-21003 CVE-2024-21004 CVE-2024-21005 CVE-2024-21011 CVE-2024-21012 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094 CVE-2024-21131 CVE-2024-21138 CVE-2024-21140 CVE-2024-21144 CVE-2024-21145 CVE-2024-21147 CVE-2024-21208 CVE-2024-21210 CVE-2024-21211 CVE-2024-21217 CVE-2024-21235 |
CWE-ID | CWE-20 CWE-416 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
openEuler Operating systems & Components / Operating system java-latest-openjdk-src-slowdebug Operating systems & Components / Operating system package or component java-latest-openjdk-src Operating systems & Components / Operating system package or component java-latest-openjdk-slowdebug Operating systems & Components / Operating system package or component java-latest-openjdk-jmods-slowdebug Operating systems & Components / Operating system package or component java-latest-openjdk-jmods Operating systems & Components / Operating system package or component java-latest-openjdk-javadoc-zip Operating systems & Components / Operating system package or component java-latest-openjdk-javadoc Operating systems & Components / Operating system package or component java-latest-openjdk-headless-slowdebug Operating systems & Components / Operating system package or component java-latest-openjdk-headless Operating systems & Components / Operating system package or component java-latest-openjdk-devel-slowdebug Operating systems & Components / Operating system package or component java-latest-openjdk-devel Operating systems & Components / Operating system package or component java-latest-openjdk-demo-slowdebug Operating systems & Components / Operating system package or component java-latest-openjdk-demo Operating systems & Components / Operating system package or component java-latest-openjdk Operating systems & Components / Operating system package or component |
Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 43 vulnerabilities.
EUVDB-ID: #VU30075
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14556
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Libraries component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU30073
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14562
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the ImageIO component in Java SE. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU30076
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14573
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Java SE. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU30080
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14577
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the JSSE component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU30078
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14578
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Libraries component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU30077
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14581
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the 2D component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU30072
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14593
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the 2D component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU30074
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14621
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the JAXP component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU30071
Risk: High
CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14664
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the JavaFX component in Java SE. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU82143
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-22025
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM for JDK. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU82141
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-22081
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the JSSE component in Oracle GraalVM for JDK. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87765
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42950
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85468
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20918
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85470
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20919
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85471
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20921
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85477
Risk: Low
CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20922
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the JavaFX component in Oracle GraalVM Enterprise Edition. A local non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85475
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20923
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the JavaFX component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85476
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20925
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the JavaFX component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85472
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20926
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Scripting component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85467
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20932
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Security component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85473
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20945
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Security component in Oracle GraalVM Enterprise Edition. A local authenticated user can exploit this vulnerability to gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85469
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20952
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Security component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85474
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20955
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Compiler component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88672
Risk: Low
CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21002
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the JavaFX component in Oracle GraalVM Enterprise Edition. A local non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88670
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21003
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the JavaFX component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88673
Risk: Low
CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21004
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the JavaFX component in Oracle GraalVM Enterprise Edition. A local non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88671
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21005
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the JavaFX component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88666
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21011
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88669
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21012
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Networking component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88667
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21068
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88665
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21085
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Concurrency component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88668
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21094
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94559
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21131
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94560
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21138
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94557
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21140
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94558
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21144
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Concurrency component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94556
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21145
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the 2D component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94555
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21147
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98647
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21208
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Networking component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98645
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21210
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle Java SE. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98646
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21211
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Compiler component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98648
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21217
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Serialization component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98644
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21235
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
java-latest-openjdk-src-slowdebug: before 23.0.1.11-1
java-latest-openjdk-src: before 23.0.1.11-1
java-latest-openjdk-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1
java-latest-openjdk-jmods: before 23.0.1.11-1
java-latest-openjdk-javadoc-zip: before 23.0.1.11-1
java-latest-openjdk-javadoc: before 23.0.1.11-1
java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1
java-latest-openjdk-headless: before 23.0.1.11-1
java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1
java-latest-openjdk-devel: before 23.0.1.11-1
java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1
java-latest-openjdk-demo: before 23.0.1.11-1
java-latest-openjdk: before 23.0.1.11-1
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2486
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.