openEuler 22.03 LTS SP3 update for openjdk-latest



Risk High
Patch available YES
Number of vulnerabilities 43
CVE-ID CVE-2020-14556
CVE-2020-14562
CVE-2020-14573
CVE-2020-14577
CVE-2020-14578
CVE-2020-14581
CVE-2020-14593
CVE-2020-14621
CVE-2020-14664
CVE-2023-22025
CVE-2023-22081
CVE-2023-42950
CVE-2024-20918
CVE-2024-20919
CVE-2024-20921
CVE-2024-20922
CVE-2024-20923
CVE-2024-20925
CVE-2024-20926
CVE-2024-20932
CVE-2024-20945
CVE-2024-20952
CVE-2024-20955
CVE-2024-21002
CVE-2024-21003
CVE-2024-21004
CVE-2024-21005
CVE-2024-21011
CVE-2024-21012
CVE-2024-21068
CVE-2024-21085
CVE-2024-21094
CVE-2024-21131
CVE-2024-21138
CVE-2024-21140
CVE-2024-21144
CVE-2024-21145
CVE-2024-21147
CVE-2024-21208
CVE-2024-21210
CVE-2024-21211
CVE-2024-21217
CVE-2024-21235
CWE-ID CWE-20
CWE-416
Exploitation vector Network
Public exploit N/A
Vulnerable software
openEuler
Operating systems & Components / Operating system

java-latest-openjdk-src-slowdebug
Operating systems & Components / Operating system package or component

java-latest-openjdk-src
Operating systems & Components / Operating system package or component

java-latest-openjdk-slowdebug
Operating systems & Components / Operating system package or component

java-latest-openjdk-jmods-slowdebug
Operating systems & Components / Operating system package or component

java-latest-openjdk-jmods
Operating systems & Components / Operating system package or component

java-latest-openjdk-javadoc-zip
Operating systems & Components / Operating system package or component

java-latest-openjdk-javadoc
Operating systems & Components / Operating system package or component

java-latest-openjdk-headless-slowdebug
Operating systems & Components / Operating system package or component

java-latest-openjdk-headless
Operating systems & Components / Operating system package or component

java-latest-openjdk-devel-slowdebug
Operating systems & Components / Operating system package or component

java-latest-openjdk-devel
Operating systems & Components / Operating system package or component

java-latest-openjdk-demo-slowdebug
Operating systems & Components / Operating system package or component

java-latest-openjdk-demo
Operating systems & Components / Operating system package or component

java-latest-openjdk
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 43 vulnerabilities.

1) Improper input validation

EUVDB-ID: #VU30075

Risk: Medium

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14556

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the Libraries component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU30073

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14562

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the ImageIO component in Java SE. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU30076

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14573

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Hotspot component in Java SE. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper input validation

EUVDB-ID: #VU30080

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14577

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the JSSE component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

EUVDB-ID: #VU30078

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14578

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Libraries component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper input validation

EUVDB-ID: #VU30077

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14581

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the 2D component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper input validation

EUVDB-ID: #VU30072

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14593

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the 2D component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper input validation

EUVDB-ID: #VU30074

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14621

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the JAXP component in Java SE Embedded. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper input validation

EUVDB-ID: #VU30071

Risk: High

CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14664

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the JavaFX component in Java SE. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper input validation

EUVDB-ID: #VU82143

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22025

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM for JDK. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper input validation

EUVDB-ID: #VU82141

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22081

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the JSSE component in Oracle GraalVM for JDK. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU87765

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-42950

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper input validation

EUVDB-ID: #VU85468

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20918

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper input validation

EUVDB-ID: #VU85470

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20919

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper input validation

EUVDB-ID: #VU85471

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20921

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper input validation

EUVDB-ID: #VU85477

Risk: Low

CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20922

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the JavaFX component in Oracle GraalVM Enterprise Edition. A local non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper input validation

EUVDB-ID: #VU85475

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20923

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the JavaFX component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper input validation

EUVDB-ID: #VU85476

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20925

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the JavaFX component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper input validation

EUVDB-ID: #VU85472

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20926

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Scripting component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper input validation

EUVDB-ID: #VU85467

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20932

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Security component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper input validation

EUVDB-ID: #VU85473

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20945

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Security component in Oracle GraalVM Enterprise Edition. A local authenticated user can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper input validation

EUVDB-ID: #VU85469

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20952

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the Security component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper input validation

EUVDB-ID: #VU85474

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20955

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Compiler component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper input validation

EUVDB-ID: #VU88672

Risk: Low

CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21002

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the JavaFX component in Oracle GraalVM Enterprise Edition. A local non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper input validation

EUVDB-ID: #VU88670

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21003

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the JavaFX component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper input validation

EUVDB-ID: #VU88673

Risk: Low

CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21004

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the JavaFX component in Oracle GraalVM Enterprise Edition. A local non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper input validation

EUVDB-ID: #VU88671

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21005

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the JavaFX component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper input validation

EUVDB-ID: #VU88666

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21011

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper input validation

EUVDB-ID: #VU88669

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21012

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Networking component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper input validation

EUVDB-ID: #VU88667

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21068

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper input validation

EUVDB-ID: #VU88665

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21085

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Concurrency component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper input validation

EUVDB-ID: #VU88668

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21094

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Improper input validation

EUVDB-ID: #VU94559

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21131

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Improper input validation

EUVDB-ID: #VU94560

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21138

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper input validation

EUVDB-ID: #VU94557

Risk: Medium

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21140

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper input validation

EUVDB-ID: #VU94558

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21144

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Concurrency component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper input validation

EUVDB-ID: #VU94556

Risk: Medium

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21145

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the 2D component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper input validation

EUVDB-ID: #VU94555

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21147

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper input validation

EUVDB-ID: #VU98647

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21208

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Networking component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper input validation

EUVDB-ID: #VU98645

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21210

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle Java SE. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper input validation

EUVDB-ID: #VU98646

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21211

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Compiler component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper input validation

EUVDB-ID: #VU98648

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21217

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Serialization component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Improper input validation

EUVDB-ID: #VU98644

Risk: Medium

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21235

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP3

java-latest-openjdk-src-slowdebug: before 23.0.1.11-1

java-latest-openjdk-src: before 23.0.1.11-1

java-latest-openjdk-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods-slowdebug: before 23.0.1.11-1

java-latest-openjdk-jmods: before 23.0.1.11-1

java-latest-openjdk-javadoc-zip: before 23.0.1.11-1

java-latest-openjdk-javadoc: before 23.0.1.11-1

java-latest-openjdk-headless-slowdebug: before 23.0.1.11-1

java-latest-openjdk-headless: before 23.0.1.11-1

java-latest-openjdk-devel-slowdebug: before 23.0.1.11-1

java-latest-openjdk-devel: before 23.0.1.11-1

java-latest-openjdk-demo-slowdebug: before 23.0.1.11-1

java-latest-openjdk-demo: before 23.0.1.11-1

java-latest-openjdk: before 23.0.1.11-1

CPE2.3 External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2485


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###