Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-20952 (GCVE-0-2024-20952)
Vulnerability from cvelistv5 – Published: 2024-01-16 21:41 – Updated: 2025-11-03 21:52
VLAI
EPSS
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.
- CWE-416 - Use After Free
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Affected:
Oracle Java SE:8u391
Affected: Oracle Java SE:8u391-perf Affected: Oracle Java SE:11.0.21 Affected: Oracle Java SE:17.0.9 Affected: Oracle Java SE:21.0.1 Affected: Oracle GraalVM for JDK:17.0.9 Affected: Oracle GraalVM for JDK:21.0.1 Affected: Oracle GraalVM Enterprise Edition:20.3.12 Affected: Oracle GraalVM Enterprise Edition:21.3.8 Affected: Oracle GraalVM Enterprise Edition:22.3.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:52:42.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2024.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240201-0002/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241108-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-25T05:01:04.858571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T15:29:52.965Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Java SE JDK and JRE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:8u391"
},
{
"status": "affected",
"version": "Oracle Java SE:8u391-perf"
},
{
"status": "affected",
"version": "Oracle Java SE:11.0.21"
},
{
"status": "affected",
"version": "Oracle Java SE:17.0.9"
},
{
"status": "affected",
"version": "Oracle Java SE:21.0.1"
},
{
"status": "affected",
"version": "Oracle GraalVM for JDK:17.0.9"
},
{
"status": "affected",
"version": "Oracle GraalVM for JDK:21.0.1"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.12"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.8"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:22.3.4"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-01T17:06:51.113Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2024.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240201-0002/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2024-20952",
"datePublished": "2024-01-16T21:41:20.593Z",
"dateReserved": "2023-12-07T22:28:10.627Z",
"dateUpdated": "2025-11-03T21:52:42.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-20952",
"date": "2026-06-12",
"epss": "0.00319",
"percentile": "0.55542"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:graalvm:20.3.12:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"D17D1EA4-A45F-4D8D-BA3E-4898EC6D48B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"CF534BA8-A2A5-4768-A480-CFB885308AF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:graalvm:22.3.4:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"876A5640-82A8-4BDC-8E0A-4D6340F5417D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C5055FD-0E19-4C42-9B1F-CBE222855156\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04738DE7-2BFE-4C06-ABE0-FCA099B5FFEC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:-:*:*:*\", \"matchCriteriaId\": \"D667746E-7E7C-4326-9B70-3587C2B41BAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*\", \"matchCriteriaId\": \"F3EF33DE-2E3F-4D5A-BF06-AC3C75108089\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdk:11.0.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FFC5C12-7FF4-48E6-BC5A-F50EBC956BBE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdk:17.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF6AA431-8965-4B53-AF0F-DB3AB7A9A3F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdk:21.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"50C5781C-4153-431D-991E-637E253EDC87\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:-:*:*:*\", \"matchCriteriaId\": \"CA31F3A1-07E1-4685-8A24-7C7830EF7600\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*\", \"matchCriteriaId\": \"DB7CD545-5B56-47FC-803F-8F150C810534\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jre:11.0.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"568F994E-135F-486D-B57C-0245A1BC253B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jre:17.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF274813-F650-447C-A1A6-61D5F8FF71BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jre:21.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F76A51BB-6DAE-4506-B737-7A5854543F18\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCAA4004-9319-478C-9D55-0E8307F872F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B199052-5732-4726-B06B-A12C70DFB891\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Seguridad). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM para JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 y 22.3.4. Una vulnerabilidad dif\\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\\u00e9s de m\\u00faltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a la creaci\\u00f3n, eliminaci\\u00f3n o modificaci\\u00f3n de datos cr\\u00edticos o a todos los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition, as\\u00ed como acceso no autorizado a datos cr\\u00edticos o acceso completo a todo Oracle Java. SE, Oracle GraalVM para JDK, datos accesibles de Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o subprogramas de Java en sandbox, que cargan y ejecutan c\\u00f3digo que no es de confianza (por ejemplo, c\\u00f3digo que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan s\\u00f3lo c\\u00f3digo confiable (por ejemplo, c\\u00f3digo instalado por un administrador). CVSS 3.1 Puntaje base 7.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).\"}]",
"id": "CVE-2024-20952",
"lastModified": "2024-11-21T08:53:29.903",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"secalert_us@oracle.com\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.2}]}",
"published": "2024-01-16T22:15:42.477",
"references": "[{\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240201-0002/\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2024.html\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240201-0002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2024.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}, {\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-20952\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2024-01-16T22:15:42.477\",\"lastModified\":\"2025-11-03T22:16:41.507\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Seguridad). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM para JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 y 22.3.4. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n de datos cr\u00edticos o a todos los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition, as\u00ed como acceso no autorizado a datos cr\u00edticos o acceso completo a todo Oracle Java. SE, Oracle GraalVM para JDK, datos accesibles de Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o subprogramas de Java en sandbox, que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan s\u00f3lo c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.1 Puntaje base 7.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert_us@oracle.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"},{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11\",\"versionEndExcluding\":\"11.0.24\",\"matchCriteriaId\":\"BE2E2756-6ECC-4205-BED6-1A7DAB6D1C45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17\",\"versionEndExcluding\":\"17.0.10\",\"matchCriteriaId\":\"1BD9DA0F-9664-4C81-882F-68DBBC323F5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"21\",\"versionEndExcluding\":\"21.0.2\",\"matchCriteriaId\":\"231952D6-6C9A-4C31-A338-1AA8C3D4F433\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"70892D06-6E75-4425-BBF0-4B684EC62A1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7417B2BB-9AC2-4AF4-A828-C89A0735AD92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A0A57B5-6F88-4288-9CDE-F6613FE068D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*\",\"matchCriteriaId\":\"67ED8559-C348-4932-B7CE-CB96976A30EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*\",\"matchCriteriaId\":\"40AC3D91-263F-4345-9FAA-0E573EA64590\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD92AFA9-81F8-48D4-B79A-E7F066F69A99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C4B2F24-A730-4818-90C8-A2D90C081F03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*\",\"matchCriteriaId\":\"464087F2-C285-4574-957E-CE0663F07DE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E9BB880-A4F6-4887-8BB9-47AA298753D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*\",\"matchCriteriaId\":\"18DCFF53-B298-4534-AB5C-8A5EF59C616F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*\",\"matchCriteriaId\":\"083419F8-FDDF-4E36-88F8-857DB317C1D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7A74F65-57E8-4C9A-BA96-5EF401504F13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D0B90FC-57B6-4315-9B29-3C36E58B2CF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*\",\"matchCriteriaId\":\"07812576-3C35-404C-A7D7-9BE9E3D76E00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*\",\"matchCriteriaId\":\"00C52B1C-5447-4282-9667-9EBE0720B423\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*\",\"matchCriteriaId\":\"92BB9EB0-0C12-4E77-89EE-FB77097841B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABC0E7BB-F8B7-4369-9910-71240E4073A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*\",\"matchCriteriaId\":\"551B2640-8CEC-4C24-AF8B-7A7CEF864D9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AE30779-48FB-451E-8CE1-F469F93B8772\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*\",\"matchCriteriaId\":\"60590FDE-7156-4314-A012-AA38BD2ADDC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE51AD3A-8331-4E8F-9DB1-7A0051731DFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*\",\"matchCriteriaId\":\"F24F6122-2256-41B6-9033-794C6424ED99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EAFA79E-8C7A-48CF-8868-11378FE4B26F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1D6F19F-59B5-4BB6-AD35-013384025970\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7BA97BC-3ADA-465A-835B-6C3C5F416B56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*\",\"matchCriteriaId\":\"B71F77A4-B7EB-47A1-AAFD-431A7D040B86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*\",\"matchCriteriaId\":\"91D6BEA9-5943-44A4-946D-CEAA9BA99376\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*\",\"matchCriteriaId\":\"C079A3E0-44EB-4B9C-B4FC-B7621D165C3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CB74086-14B8-4237-8357-E0C6B5BB8313\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*\",\"matchCriteriaId\":\"3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*\",\"matchCriteriaId\":\"00C2B9C9-1177-4DA6-96CE-55F37F383F99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*\",\"matchCriteriaId\":\"435CF189-0BD8-40DF-A0DC-99862CDEAF8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*\",\"matchCriteriaId\":\"12A3F367-33AD-47C3-BFDC-871A17E72C94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*\",\"matchCriteriaId\":\"A18F994F-72CA-4AF5-A7D1-9F5AEA286D85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*\",\"matchCriteriaId\":\"78261932-7373-4F16-91E0-1A72ADBEBC3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BD90D3D-9B3A-4101-9A8A-5090F0A9719F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*\",\"matchCriteriaId\":\"B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5A40B8A-D428-4008-9F21-AF21394C51D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEC5B777-01E1-45EE-AF95-C3BD1F098B2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B504718-5DCE-43B4-B19A-C6B6E7444BD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*\",\"matchCriteriaId\":\"3102AA10-99A8-49A9-867E-7EEC56865680\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*\",\"matchCriteriaId\":\"15BA8A26-2CDA-442B-A549-6BE92DCCD205\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*\",\"matchCriteriaId\":\"56F2883B-6A1B-4081-8877-07AF3A73F6CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*\",\"matchCriteriaId\":\"98C0742E-ACDD-4DB4-8A4C-B96702C8976C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8483034-DD5A-445D-892F-CDE90A7D58EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*\",\"matchCriteriaId\":\"1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update342:*:*:*:*:*:*\",\"matchCriteriaId\":\"383F0B07-59BF-4744-87F2-04C98BC183B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update352:*:*:*:*:*:*\",\"matchCriteriaId\":\"494C17C6-54A3-4BE6-A4FF-2D54DF2B38D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update362:*:*:*:*:*:*\",\"matchCriteriaId\":\"1058ABDC-D652-4E2D-964D-C9C98FD404F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update372:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC62A8BB-6230-4D5A-B91C-DD1B222F9E5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update382:*:*:*:*:*:*\",\"matchCriteriaId\":\"333F58FD-5F4F-4F11-B1F8-8815C99AC61A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update392:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CB4456E-18B0-4C5B-822E-2BFE7DE019D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*\",\"matchCriteriaId\":\"8279718F-878F-4868-8859-1728D13CD0D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update402-b00:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FCE7DD4-EF50-4F46-B5E1-F5F0B31C2A69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update402-b01:*:*:*:*:*:*\",\"matchCriteriaId\":\"60538D83-D9A2-4A8E-ADCA-25ACDE789D11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update402-b02:*:*:*:*:*:*\",\"matchCriteriaId\":\"823D1593-CCB9-4172-85FE-3F7EC57E966A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update402-b03:*:*:*:*:*:*\",\"matchCriteriaId\":\"3723D31F-21F3-4040-A59D-6F4FE4D38033\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update402-b04:*:*:*:*:*:*\",\"matchCriteriaId\":\"60C2BD46-0BF0-4960-9070-41EF8BD86606\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update402-b05:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B43831A-21CF-4A2D-AF1E-C909954E4713\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C024E1A-FD2C-42E8-B227-C2AFD3040436\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F24389D-DDD0-4204-AA24-31C920A4F47E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*\",\"matchCriteriaId\":\"966979BE-1F21-4729-B6B8-610F74648344\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8534265-33BF-460D-BF74-5F55FDE50F29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*\",\"matchCriteriaId\":\"F77AFC25-1466-4E56-9D5F-6988F3288E16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*\",\"matchCriteriaId\":\"A650BEB8-E56F-4E42-9361-8D2DB083F0F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*\",\"matchCriteriaId\":\"799FFECD-E80A-44B3-953D-CDB5E195F3AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7047507-7CAF-4A14-AA9A-5CEF806EDE98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFC7B179-95D3-4F94-84F6-73F1034A1AF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FB28526-9385-44CA-AF08-1899E6C3AE4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*\",\"matchCriteriaId\":\"E26B69E4-0B43-415F-A82B-52FDCB262B3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*\",\"matchCriteriaId\":\"27BC4150-70EC-462B-8FC5-20B3442CBB31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*\",\"matchCriteriaId\":\"02646989-ECD9-40AE-A83E-EFF4080C69B9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:20.3.12:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"D17D1EA4-A45F-4D8D-BA3E-4898EC6D48B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"CF534BA8-A2A5-4768-A480-CFB885308AF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:22.3.4:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"876A5640-82A8-4BDC-8E0A-4D6340F5417D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C5055FD-0E19-4C42-9B1F-CBE222855156\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04738DE7-2BFE-4C06-ABE0-FCA099B5FFEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:-:*:*:*\",\"matchCriteriaId\":\"D667746E-7E7C-4326-9B70-3587C2B41BAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*\",\"matchCriteriaId\":\"F3EF33DE-2E3F-4D5A-BF06-AC3C75108089\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:11.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FFC5C12-7FF4-48E6-BC5A-F50EBC956BBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:17.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF6AA431-8965-4B53-AF0F-DB3AB7A9A3F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:21.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50C5781C-4153-431D-991E-637E253EDC87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:-:*:*:*\",\"matchCriteriaId\":\"CA31F3A1-07E1-4685-8A24-7C7830EF7600\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*\",\"matchCriteriaId\":\"DB7CD545-5B56-47FC-803F-8F150C810534\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:11.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"568F994E-135F-486D-B57C-0245A1BC253B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:17.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF274813-F650-447C-A1A6-61D5F8FF71BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:21.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F76A51BB-6DAE-4506-B737-7A5854543F18\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCAA4004-9319-478C-9D55-0E8307F872F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B199052-5732-4726-B06B-A12C70DFB891\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240201-0002/\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2024.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240201-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20241108-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpujan2024.html\", \"name\": \"Oracle Advisory\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240201-0002/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20241108-0002/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:52:42.325Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-20952\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-01-25T05:01:04.858571Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284 Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-30T15:29:37.336Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Oracle Corporation\", \"product\": \"Java SE JDK and JRE\", \"versions\": [{\"status\": \"affected\", \"version\": \"Oracle Java SE:8u391\"}, {\"status\": \"affected\", \"version\": \"Oracle Java SE:8u391-perf\"}, {\"status\": \"affected\", \"version\": \"Oracle Java SE:11.0.21\"}, {\"status\": \"affected\", \"version\": \"Oracle Java SE:17.0.9\"}, {\"status\": \"affected\", \"version\": \"Oracle Java SE:21.0.1\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM for JDK:17.0.9\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM for JDK:21.0.1\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM Enterprise Edition:20.3.12\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM Enterprise Edition:21.3.8\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM Enterprise Edition:22.3.4\"}]}], \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpujan2024.html\", \"name\": \"Oracle Advisory\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240201-0002/\"}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"description\": \"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2024-02-01T17:06:51.113Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-20952\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T21:52:42.325Z\", \"dateReserved\": \"2023-12-07T22:28:10.627Z\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2024-01-16T21:41:20.593Z\", \"assignerShortName\": \"oracle\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2025-AVI-1137
Vulnerability from certfr_avis - Published: 2025-12-26 - Updated: 2025-12-26
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Security QRadar Network Threat | Security QRadar Network Threat Analytics versions postérieures ou égales à 1.3.1 et antérieures à 1.4.2 | ||
| IBM | QRadar SIEM | Security QRadar Analyst Workflow versions postérieures à 2.32.0 et antérieures à 3.0.1 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct File Agent pour Solaris SPARC versions 1.4.x antérieures à 1.4.0.5_iFix002 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct File Agent pour AIX, Linux x64, Linux PPC et Windows versions postérieures à 1.4.0.2 et antérieures à 1.4.0.5_iFix001 | ||
| IBM | WebSphere | WebSphere Service Registry and Repository Studio versions 8.5.x antérieures à V8.5.6.3_IJ56659 | ||
| IBM | Db2 | Db2 Big SQL versions postérieures à 7.2.x sur Cloud Pack for Data 4.x versions antérieures à 7.7.3 sur Cloud Pack for Data 5.0.3 | ||
| IBM | WebSphere | WebSphere Service Registry and Repository sans les derniers correctifs de sécurité | ||
| IBM | Security QRadar SIEM | QRadar User Behavior Analytics versions postérieurs à 4.1.15 et antérieures à 5.0.3 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Security QRadar Network Threat Analytics versions post\u00e9rieures ou \u00e9gales \u00e0 1.3.1 et ant\u00e9rieures \u00e0 1.4.2",
"product": {
"name": "Security QRadar Network Threat",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar Analyst Workflow versions post\u00e9rieures \u00e0 2.32.0 et ant\u00e9rieures \u00e0 3.0.1",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct File Agent pour Solaris SPARC versions 1.4.x ant\u00e9rieures \u00e0 1.4.0.5_iFix002 ",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct File Agent pour AIX, Linux x64, Linux PPC et Windows versions post\u00e9rieures \u00e0 1.4.0.2 et ant\u00e9rieures \u00e0 1.4.0.5_iFix001",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository Studio versions 8.5.x ant\u00e9rieures \u00e0 V8.5.6.3_IJ56659",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": " Db2 Big SQL versions post\u00e9rieures \u00e0 7.2.x sur Cloud Pack for Data 4.x versions ant\u00e9rieures \u00e0 7.7.3 sur Cloud Pack for Data 5.0.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar User Behavior Analytics versions post\u00e9rieurs \u00e0 4.1.15 et ant\u00e9rieures \u00e0 5.0.3",
"product": {
"name": "Security QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2015-8383",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2023-46167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46167"
},
{
"name": "CVE-2025-47279",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47279"
},
{
"name": "CVE-2023-45178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
},
{
"name": "CVE-2021-23440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23440"
},
{
"name": "CVE-2023-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47701"
},
{
"name": "CVE-2023-40687",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40687"
},
{
"name": "CVE-2015-8381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
},
{
"name": "CVE-2015-8392",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2015-8395",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
},
{
"name": "CVE-2025-54798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54798"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2015-8393",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8393"
},
{
"name": "CVE-2024-33883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33883"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2025-57822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57822"
},
{
"name": "CVE-2025-67779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67779"
},
{
"name": "CVE-2025-55183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55183"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2025-55173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55173"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-55182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55182"
},
{
"name": "CVE-2025-57752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57752"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2023-40692",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40692"
},
{
"name": "CVE-2023-38003",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38003"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2015-8384",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8384"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2023-38727",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38727"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2023-29258",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29258"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2002-0059",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0059"
},
{
"name": "CVE-2023-43020",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43020"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2023-32731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32731"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-55184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55184"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
}
],
"initial_release_date": "2025-12-26T00:00:00",
"last_revision_date": "2025-12-26T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1137",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-12-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255497",
"url": "https://www.ibm.com/support/pages/node/7255497"
},
{
"published_at": "2025-12-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255727",
"url": "https://www.ibm.com/support/pages/node/7255727"
},
{
"published_at": "2025-12-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255495",
"url": "https://www.ibm.com/support/pages/node/7255495"
},
{
"published_at": "2025-12-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255496",
"url": "https://www.ibm.com/support/pages/node/7255496"
},
{
"published_at": "2025-12-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255723",
"url": "https://www.ibm.com/support/pages/node/7255723"
},
{
"published_at": "2025-12-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255557",
"url": "https://www.ibm.com/support/pages/node/7255557"
},
{
"published_at": "2025-12-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255410",
"url": "https://www.ibm.com/support/pages/node/7255410"
},
{
"published_at": "2025-12-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255729",
"url": "https://www.ibm.com/support/pages/node/7255729"
},
{
"published_at": "2025-12-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255556",
"url": "https://www.ibm.com/support/pages/node/7255556"
},
{
"published_at": "2025-12-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255731",
"url": "https://www.ibm.com/support/pages/node/7255731"
}
]
}
CERTFR-2026-AVI-0131
Vulnerability from certfr_avis - Published: 2026-02-06 - Updated: 2026-02-06
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cloud Pak System | Cloud Pak System versions 2.3.4.x et postérieures, antérieures à 2.3.6.1 | ||
| IBM | Cognos Analytics | Cognos Command Center versions 10.2.4.x et 10.2.5.x antérieures à 10.2.5 FP1 IF2 | ||
| IBM | Db2 | DB2 sans le correctif de sécurité 11.5.9 Special Build 62071 | ||
| IBM | Db2 | DB2 Data Management Console antérieures à 3.1.13.1 | ||
| IBM | Db2 | DB2 Data Management Console on CPD versions antérieurs à 4.8 | ||
| IBM | Db2 | DB2 Recovery Expert for LUW version 5.5 IF2 sans le correctif de sécurité v5.5.0.1 Interim Fix 8 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cloud Pak System versions 2.3.4.x et post\u00e9rieures, ant\u00e9rieures \u00e0 2.3.6.1",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Command Center versions 10.2.4.x et 10.2.5.x ant\u00e9rieures \u00e0 10.2.5 FP1 IF2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 sans le correctif de s\u00e9curit\u00e9 11.5.9 Special Build 62071",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console ant\u00e9rieures \u00e0 3.1.13.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console on CPD versions ant\u00e9rieurs \u00e0 4.8",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Recovery Expert for LUW version 5.5 IF2 sans le correctif de s\u00e9curit\u00e9 v5.5.0.1 Interim Fix 8",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-51473",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51473"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-33092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33092"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2025-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27903"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2025-33143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33143"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2026-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
},
{
"name": "CVE-2023-25173",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2025-1948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2023-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2024-49828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49828"
},
{
"name": "CVE-2015-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3627"
},
{
"name": "CVE-2025-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27904"
},
{
"name": "CVE-2025-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27533"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2025-36071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36071"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-27900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27900"
},
{
"name": "CVE-2022-23471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
},
{
"name": "CVE-2025-27899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27899"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2025-27901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27901"
},
{
"name": "CVE-2024-52894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52894"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2025-27898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27898"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
}
],
"initial_release_date": "2026-02-06T00:00:00",
"last_revision_date": "2026-02-06T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0131",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7259447",
"url": "https://www.ibm.com/support/pages/node/7259447"
},
{
"published_at": "2026-01-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253572",
"url": "https://www.ibm.com/support/pages/node/7253572"
},
{
"published_at": "2026-02-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257780",
"url": "https://www.ibm.com/support/pages/node/7257780"
},
{
"published_at": "2026-02-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7259901",
"url": "https://www.ibm.com/support/pages/node/7259901"
},
{
"published_at": "2026-02-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7259526",
"url": "https://www.ibm.com/support/pages/node/7259526"
}
]
}
CERTFR-2026-AVI-0199
Vulnerability from certfr_avis - Published: 2026-02-24 - Updated: 2026-02-24
De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Telco Cloud Platform | Telco Cloud Platform versions 4.x et 5.x sans le correctif de sécurité KB428241 | ||
| VMware | Tanzu Data Services | Tanzu Data Flow versions antérieures à 2.0.2 sur Tanzu Platform | ||
| VMware | Azure Spring Enterprise | Harbor Registry versions antérieures à 2.14.2 | ||
| VMware | Tanzu Data Intelligence | Tanzu pour MySQL versions 2.0.0 sur Kubernetes | ||
| VMware | Cloud Foundation | Cloud Foundation versions 9.x antérieures à 9.0.2.0 | ||
| VMware | Tanzu Kubernetes Runtime | App Metrics versions antérieures à2.3.3 | ||
| VMware | Tanzu Data Intelligence | Tanzu GemFire versions antérieures à 2.6.1 sur Kubernetes | ||
| VMware | Tanzu Kubernetes Runtime | CredHub Secrets Management pour Tanzu Platform versions antérieures à 1.6.8 | ||
| VMware | Tanzu Data Intelligence | Tanzu pour Valkey version 3.3.1 sur Kubernetes | ||
| VMware | Tanzu Operations Manager | Foundation Core pour Tanzu Platform versions antérieures à 3.2.4 | ||
| VMware | Aria Operations | Aria Operations versions 8.x antérieures à 8.18.6 | ||
| VMware | Tanzu Kubernetes Runtime | cf-mgmt pour Tanzu Platform versions antérieures à 1.0.108 | ||
| VMware | Tanzu Data Intelligence | Tanzu pour Valkey version 9.0.1 | ||
| VMware | Tanzu Kubernetes Runtime | Extended App Support pour Tanzu Platform versions antérieures à 1.0.15 | ||
| VMware | Tanzu Data Intelligence | Tanzu GemFire Management versions antérieures à 1.4.3 | ||
| VMware | Tanzu Kubernetes Runtime | NodeJS Buildpack versions antérieures à 1.8.77 | ||
| VMware | Tanzu Kubernetes Runtime | Cloud Native Buildpacks pour Tanzu Platform versions antérieures à 0.6.5 | ||
| VMware | Cloud Foundation | Cloud Foundation versions 4.x et 5.x sans le correctif de sécurité KB92148 | ||
| VMware | Tanzu Kubernetes Runtime | AI Services pour Tanzu Platform versions antérieures à 10.3.4 | ||
| VMware | Tanzu Kubernetes Runtime | Java Buildpack versions antérieures à 4.89.0 | ||
| VMware | Telco Cloud Infrastructure | Telco Cloud Infrastructure versions 2.x et 3.x sans le correctif de sécurité KB428241 | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime pour Tanzu Platform versions antérieures à 6.0.25+LTS-T, 10.2.8+LTS-T et 10.3.5 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Telco Cloud Platform versions 4.x et 5.x sans le correctif de s\u00e9curit\u00e9 KB428241",
"product": {
"name": "Telco Cloud Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Data Flow versions ant\u00e9rieures \u00e0 2.0.2 sur Tanzu Platform",
"product": {
"name": "Tanzu Data Services",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Harbor Registry versions ant\u00e9rieures \u00e0 2.14.2",
"product": {
"name": "Azure Spring Enterprise",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour MySQL versions 2.0.0 sur Kubernetes",
"product": {
"name": "Tanzu Data Intelligence",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 9.x ant\u00e9rieures \u00e0 9.0.2.0",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "App Metrics versions ant\u00e9rieures \u00e02.3.3",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire versions ant\u00e9rieures \u00e0 2.6.1 sur Kubernetes",
"product": {
"name": "Tanzu Data Intelligence",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "CredHub Secrets Management pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.6.8",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Valkey version 3.3.1 sur Kubernetes",
"product": {
"name": "Tanzu Data Intelligence",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Foundation Core pour Tanzu Platform versions ant\u00e9rieures \u00e0 3.2.4",
"product": {
"name": "Tanzu Operations Manager",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Aria Operations versions 8.x ant\u00e9rieures \u00e0 8.18.6",
"product": {
"name": "Aria Operations",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "cf-mgmt pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.0.108",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Valkey version 9.0.1",
"product": {
"name": "Tanzu Data Intelligence",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Extended App Support pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.0.15",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire Management versions ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "Tanzu Data Intelligence",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "NodeJS Buildpack versions ant\u00e9rieures \u00e0 1.8.77",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Native Buildpacks pour Tanzu Platform versions ant\u00e9rieures \u00e0 0.6.5",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 4.x et 5.x sans le correctif de s\u00e9curit\u00e9 KB92148",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "AI Services pour Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.4",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Java Buildpack versions ant\u00e9rieures \u00e0 4.89.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telco Cloud Infrastructure versions 2.x et 3.x sans le correctif de s\u00e9curit\u00e9 KB428241",
"product": {
"name": "Telco Cloud Infrastructure",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.25+LTS-T, 10.2.8+LTS-T et 10.3.5",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2025-47219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47219"
},
{
"name": "CVE-2021-22898",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22898"
},
{
"name": "CVE-2021-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3996"
},
{
"name": "CVE-2021-42384",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42384"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2017-16544",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16544"
},
{
"name": "CVE-2025-39987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39987"
},
{
"name": "CVE-2021-42378",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42378"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2025-21861",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21861"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2022-24450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24450"
},
{
"name": "CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"name": "CVE-2025-15282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15282"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2021-37600",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37600"
},
{
"name": "CVE-2021-42382",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42382"
},
{
"name": "CVE-2020-10750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10750"
},
{
"name": "CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2025-40055",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40055"
},
{
"name": "CVE-2021-42376",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42376"
},
{
"name": "CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"name": "CVE-2026-22801",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22801"
},
{
"name": "CVE-2025-39876",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39876"
},
{
"name": "CVE-2025-40029",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40029"
},
{
"name": "CVE-2025-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38561"
},
{
"name": "CVE-2025-10148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
},
{
"name": "CVE-2023-28841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28841"
},
{
"name": "CVE-2023-28840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28840"
},
{
"name": "CVE-2025-40048",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40048"
},
{
"name": "CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"name": "CVE-2025-40219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40219"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2025-40043",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40043"
},
{
"name": "CVE-2020-8169",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8169"
},
{
"name": "CVE-2021-41091",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41091"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2025-8556",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8556"
},
{
"name": "CVE-2026-21936",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21936"
},
{
"name": "CVE-2025-59775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59775"
},
{
"name": "CVE-2026-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21937"
},
{
"name": "CVE-2025-39973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39973"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"name": "CVE-2025-66614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
},
{
"name": "CVE-2018-1000517",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000517"
},
{
"name": "CVE-2025-15469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15469"
},
{
"name": "CVE-2025-39943",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39943"
},
{
"name": "CVE-2025-39945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39945"
},
{
"name": "CVE-2025-39883",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39883"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2022-0563",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0563"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-40019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40019"
},
{
"name": "CVE-2025-40240",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40240"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2025-40081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40081"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2024-58011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58011"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2025-40026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40026"
},
{
"name": "CVE-2025-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40153"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2023-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
},
{
"name": "CVE-2025-40121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40121"
},
{
"name": "CVE-2026-1642",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1642"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2025-55753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55753"
},
{
"name": "CVE-2025-11468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11468"
},
{
"name": "CVE-2025-40204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40204"
},
{
"name": "CVE-2025-40171",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40171"
},
{
"name": "CVE-2021-43816",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43816"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2025-39911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39911"
},
{
"name": "CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"name": "CVE-2025-6052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6052"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2025-10543",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10543"
},
{
"name": "CVE-2025-40125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40125"
},
{
"name": "CVE-2025-40349",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40349"
},
{
"name": "CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"name": "CVE-2019-5481",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5481"
},
{
"name": "CVE-2025-26646",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26646"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2022-29222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29222"
},
{
"name": "CVE-2025-40187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40187"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2024-21012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21012"
},
{
"name": "CVE-2025-39913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39913"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2025-40092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40092"
},
{
"name": "CVE-2022-41722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
},
{
"name": "CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2025-39967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39967"
},
{
"name": "CVE-2025-40115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40115"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2021-42386",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42386"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2025-13837",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13837"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"name": "CVE-2023-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
},
{
"name": "CVE-2025-39949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39949"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2022-29190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29190"
},
{
"name": "CVE-2025-40173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40173"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2022-28948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28948"
},
{
"name": "CVE-2025-58767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
},
{
"name": "CVE-2024-56538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56538"
},
{
"name": "CVE-2025-39923",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39923"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2025-15367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15367"
},
{
"name": "CVE-2022-31030",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31030"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2018-20679",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20679"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2025-39953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39953"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2023-2253",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2253"
},
{
"name": "CVE-2024-58251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58251"
},
{
"name": "CVE-2026-2006",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2006"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2025-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40167"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2021-38297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
},
{
"name": "CVE-2025-39969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39969"
},
{
"name": "CVE-2025-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"name": "CVE-2025-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27144"
},
{
"name": "CVE-2017-15873",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15873"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2025-40194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40194"
},
{
"name": "CVE-2025-40245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40245"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2024-24557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24557"
},
{
"name": "CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2025-40001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40001"
},
{
"name": "CVE-2026-1485",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1485"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"name": "CVE-2025-40035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40035"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2025-39988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39988"
},
{
"name": "CVE-2026-22719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22719"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2026-2005",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2005"
},
{
"name": "CVE-2020-8177",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8177"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2022-39399",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39399"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2025-38584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38584"
},
{
"name": "CVE-2021-42374",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42374"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-40233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40233"
},
{
"name": "CVE-2025-40020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40020"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2025-40188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40188"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2023-22041",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22041"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2025-66200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66200"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"name": "CVE-2023-34231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34231"
},
{
"name": "CVE-2026-0988",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0988"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-65637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65637"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2026-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0861"
},
{
"name": "CVE-2023-47090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47090"
},
{
"name": "CVE-2025-40049",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40049"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2025-40070",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40070"
},
{
"name": "CVE-2022-29946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29946"
},
{
"name": "CVE-2025-40106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40106"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2021-3995",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3995"
},
{
"name": "CVE-2021-22947",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
},
{
"name": "CVE-2025-40205",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40205"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2025-10966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10966"
},
{
"name": "CVE-2021-22922",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22922"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2021-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2024-29018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29018"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2025-40027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
},
{
"name": "CVE-2025-39885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39885"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"name": "CVE-2020-8284",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8284"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2025-30215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30215"
},
{
"name": "CVE-2016-9843",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2024-40635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40635"
},
{
"name": "CVE-2022-41720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
},
{
"name": "CVE-2026-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21948"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2025-39970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39970"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2025-39994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39994"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2024-56433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-40088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40088"
},
{
"name": "CVE-2025-40220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40220"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2023-22036",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22036"
},
{
"name": "CVE-2025-13151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13151"
},
{
"name": "CVE-2025-22058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22058"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2022-28391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28391"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2025-40109",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40109"
},
{
"name": "CVE-2025-40006",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40006"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2023-28842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28842"
},
{
"name": "CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"name": "CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"name": "CVE-2022-26652",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26652"
},
{
"name": "CVE-2025-40011",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40011"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2025-40085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40085"
},
{
"name": "CVE-2023-42365",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42365"
},
{
"name": "CVE-2025-40231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40231"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"name": "CVE-2021-42379",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42379"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2025-23143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23143"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2025-65082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65082"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2023-25173",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
},
{
"name": "CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2026-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21964"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"name": "CVE-2025-46394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
},
{
"name": "CVE-2022-36109",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36109"
},
{
"name": "CVE-2025-68146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68146"
},
{
"name": "CVE-2025-40183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40183"
},
{
"name": "CVE-2021-42381",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42381"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2025-39998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39998"
},
{
"name": "CVE-2025-13836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2025-43857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43857"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2025-40134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40134"
},
{
"name": "CVE-2017-15874",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15874"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2026-25210",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25210"
},
{
"name": "CVE-2025-39968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39968"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2022-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2022-29458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-39986",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39986"
},
{
"name": "CVE-2025-39955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39955"
},
{
"name": "CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"name": "CVE-2022-24769",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24769"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2025-12818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12818"
},
{
"name": "CVE-2025-58098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58098"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2021-22897",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22897"
},
{
"name": "CVE-2025-40078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40078"
},
{
"name": "CVE-2025-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15366"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2025-40116",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40116"
},
{
"name": "CVE-2025-68249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68249"
},
{
"name": "CVE-2026-0990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0990"
},
{
"name": "CVE-2025-39934",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39934"
},
{
"name": "CVE-2026-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0865"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2025-40179",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40179"
},
{
"name": "CVE-2025-40127",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40127"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-39996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39996"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2026-22721",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22721"
},
{
"name": "CVE-2025-40053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40053"
},
{
"name": "CVE-2026-24515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24515"
},
{
"name": "CVE-2025-39951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39951"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2025-40120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40120"
},
{
"name": "CVE-2024-28085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2022-48174",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48174"
},
{
"name": "CVE-2025-61594",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61594"
},
{
"name": "CVE-2023-21835",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21835"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2025-5025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5025"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2025-40243",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40243"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2021-41089",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41089"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2025-14104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14104"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2026-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21968"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2023-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"name": "CVE-2023-42364",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42364"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2025-40118",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40118"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2025-40021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40021"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2019-5747",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5747"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2025-40044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40044"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2025-40105",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40105"
},
{
"name": "CVE-2018-1000500",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000500"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2026-26014",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26014"
},
{
"name": "CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"name": "CVE-2025-40112",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40112"
},
{
"name": "CVE-2024-27289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27289"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2025-39971",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39971"
},
{
"name": "CVE-2025-40154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40154"
},
{
"name": "CVE-2025-13601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"name": "CVE-2025-12817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12817"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2026-23949",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23949"
},
{
"name": "CVE-2021-42385",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42385"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2024-24787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
},
{
"name": "CVE-2026-0915",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0915"
},
{
"name": "CVE-2025-15281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15281"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2022-30634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
},
{
"name": "CVE-2025-40126",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40126"
},
{
"name": "CVE-2025-39972",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39972"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2021-42836",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42836"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"name": "CVE-2025-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58058"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-40200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40200"
},
{
"name": "CVE-2022-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
},
{
"name": "CVE-2025-38236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38236"
},
{
"name": "CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"name": "CVE-2025-40124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40124"
},
{
"name": "CVE-2025-39880",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39880"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"name": "CVE-2025-40094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40094"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2024-8096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2026-21941",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21941"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-40215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40215"
},
{
"name": "CVE-2025-40111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40111"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2025-40068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40068"
},
{
"name": "CVE-2025-40042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40042"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2026-22695",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22695"
},
{
"name": "CVE-2026-23490",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23490"
},
{
"name": "CVE-2026-24733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24733"
},
{
"name": "CVE-2026-0992",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0992"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2026-21947",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21947"
},
{
"name": "CVE-2025-66564",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66564"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2019-5482",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5482"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"name": "CVE-2021-22926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"name": "CVE-2025-39937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39937"
},
{
"name": "CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-40060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40060"
},
{
"name": "CVE-2026-2003",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2003"
},
{
"name": "CVE-2019-5443",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5443"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2022-23471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
},
{
"name": "CVE-2020-1967",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1967"
},
{
"name": "CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"name": "CVE-2025-60876",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60876"
},
{
"name": "CVE-2023-24531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24531"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"name": "CVE-2025-11065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11065"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2026-1484",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1484"
},
{
"name": "CVE-2025-4947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4947"
},
{
"name": "CVE-2025-40178",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40178"
},
{
"name": "CVE-2022-29804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
},
{
"name": "CVE-2025-39869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39869"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-39985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39985"
},
{
"name": "CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2021-22923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22923"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2025-59464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59464"
},
{
"name": "CVE-2023-22006",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22006"
},
{
"name": "CVE-2019-5435",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5435"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2025-8058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
},
{
"name": "CVE-2026-1489",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1489"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2026-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2004"
},
{
"name": "CVE-2026-0672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0672"
},
{
"name": "CVE-2025-8732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8732"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2021-43565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2022-23648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23648"
},
{
"name": "CVE-2021-23841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2026-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22720"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-42363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42363"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2025-39980",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39980"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2019-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
},
{
"name": "CVE-2025-40346",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40346"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-40030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40030"
},
{
"name": "CVE-2025-40244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40244"
},
{
"name": "CVE-2025-39995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39995"
},
{
"name": "CVE-2025-68119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68119"
},
{
"name": "CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-22873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22873"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"name": "CVE-2022-27780",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
},
{
"name": "CVE-2025-39907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39907"
},
{
"name": "CVE-2023-42366",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42366"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2026-25547",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25547"
},
{
"name": "CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2025-40140",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40140"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2025-40223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40223"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2024-53114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53114"
},
{
"name": "CVE-2024-27304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27304"
},
{
"name": "CVE-2026-22703",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22703"
},
{
"name": "CVE-2026-0989",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0989"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2025-39873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39873"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"name": "CVE-2022-29189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29189"
},
{
"name": "CVE-2025-38248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38248"
},
{
"name": "CVE-2025-40351",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40351"
},
{
"name": "CVE-2025-40087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40087"
},
{
"name": "CVE-2026-25646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25646"
}
],
"initial_release_date": "2026-02-24T00:00:00",
"last_revision_date": "2026-02-24T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0199",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37012",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37012"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37001",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37001"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37013",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37013"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37003",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37003"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37023",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37023"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37017",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37017"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37006",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37006"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37024",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37024"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36997",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36997"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37004",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37004"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36947",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37018",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37018"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37005",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37005"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37008",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37008"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37007",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37007"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37020",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37020"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36998",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36998"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37002",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37002"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37021",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37021"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37022",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37022"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37016",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37016"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37019",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37019"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37010",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37010"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37009",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37009"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37000",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37000"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37011",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37011"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37015",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37015"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37014",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37014"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36999",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36999"
}
]
}
CERTFR-2026-AVI-0249
Vulnerability from certfr_avis - Published: 2026-03-06 - Updated: 2026-03-06
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | QRadar Data Synchronization App versions antérieures à 3.3.0 | ||
| IBM | Db2 | DB2 Data Management Console versions antérieures à 3.1.13 | ||
| IBM | Tivoli | Tivoli Netcool/OMNIbus_GUI sans le dernier correctif de sécurité | ||
| IBM | Db2 | DB2 Recovery Expert versions antérieures à 5.5.0.1 Interim Fix 8 | ||
| IBM | Db2 | Db2 Warehouse on Cloud Pak for Data versions antérieures à 5.3.1 | ||
| IBM | Db2 | Db2 on Cloud Pak for Data versions antérieures à 5.3.1 | ||
| IBM | QRadar | QRadar Pre-Validation App versions antérieures à 2.0.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar Data Synchronization App versions ant\u00e9rieures \u00e0 3.3.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions ant\u00e9rieures \u00e0 3.1.13",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Netcool/OMNIbus_GUI sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Recovery Expert versions ant\u00e9rieures \u00e0 5.5.0.1 Interim Fix 8",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Pre-Validation App versions ant\u00e9rieures \u00e0 2.0.2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"name": "CVE-2021-33036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33036"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2025-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
},
{
"name": "CVE-2025-36353",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36353"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"name": "CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"name": "CVE-2024-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2016-0703",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0703"
},
{
"name": "CVE-2025-5222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2025-13867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13867"
},
{
"name": "CVE-2025-2668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2668"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-36427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36427"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2025-32386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"name": "CVE-2025-32421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32421"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2024-3154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3154"
},
{
"name": "CVE-2024-57980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57980"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-36384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36384"
},
{
"name": "CVE-2025-36098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36098"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2025-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36184"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2016-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0800"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2025-22121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22121"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-49128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
},
{
"name": "CVE-2025-22091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22091"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2025-36247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36247"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2025-36009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36009"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2024-51479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2025-36070",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36070"
},
{
"name": "CVE-2022-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2025-36428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36428"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2025-36424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36424"
},
{
"name": "CVE-2025-36387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36387"
},
{
"name": "CVE-2019-19921",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19921"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2025-64329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64329"
},
{
"name": "CVE-2025-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27903"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-37958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37958"
},
{
"name": "CVE-2023-22041",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22041"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2016-4472",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4472"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2024-9042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9042"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-31141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31141"
},
{
"name": "CVE-2025-30691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30691"
},
{
"name": "CVE-2025-57822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57822"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2025-67779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67779"
},
{
"name": "CVE-2022-32743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32743"
},
{
"name": "CVE-2025-55183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55183"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2024-12085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12085"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2023-22043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22043"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2024-36621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36621"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2025-55173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55173"
},
{
"name": "CVE-2024-40635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40635"
},
{
"name": "CVE-2024-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48910"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-38086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2018-5764",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5764"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2025-57752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57752"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2025-38110",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38110"
},
{
"name": "CVE-2020-15115",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15115"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-22113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22113"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-5187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5187"
},
{
"name": "CVE-2026-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
},
{
"name": "CVE-2025-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
},
{
"name": "CVE-2012-2098",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2098"
},
{
"name": "CVE-2024-41909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41909"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-35887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35887"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2024-56332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56332"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2026-25765",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25765"
},
{
"name": "CVE-2025-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7039"
},
{
"name": "CVE-2022-29458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2025-38089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38089"
},
{
"name": "CVE-2023-2727",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2727"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2025-36425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36425"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2021-37404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
},
{
"name": "CVE-2025-58457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58457"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2025-22085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22085"
},
{
"name": "CVE-2025-50537",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50537"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21626"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2016-0704",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0704"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2022-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29154"
},
{
"name": "CVE-2025-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1767"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-36001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36001"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"name": "CVE-2025-36365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36365"
},
{
"name": "CVE-2023-42503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
},
{
"name": "CVE-2025-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27904"
},
{
"name": "CVE-2025-32387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
},
{
"name": "CVE-2025-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58058"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-36442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36442"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21905"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-14689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14689"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2024-47072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2025-36366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36366"
},
{
"name": "CVE-2025-36123",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36123"
},
{
"name": "CVE-2025-27900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27900"
},
{
"name": "CVE-2025-0426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0426"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-27899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27899"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2023-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22044"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2025-27901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27901"
},
{
"name": "CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"name": "CVE-2021-22570",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22570"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2025-27898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27898"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2023-2728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2728"
},
{
"name": "CVE-2024-7143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7143"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-36407",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36407"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2025-55184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55184"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
},
{
"name": "CVE-2024-36623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36623"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2024-36620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36620"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2021-20251",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20251"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
}
],
"initial_release_date": "2026-03-06T00:00:00",
"last_revision_date": "2026-03-06T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0249",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-03-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262753",
"url": "https://www.ibm.com/support/pages/node/7262753"
},
{
"published_at": "2026-03-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262754",
"url": "https://www.ibm.com/support/pages/node/7262754"
},
{
"published_at": "2026-03-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262324",
"url": "https://www.ibm.com/support/pages/node/7262324"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262669",
"url": "https://www.ibm.com/support/pages/node/7262669"
},
{
"published_at": "2026-03-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262494",
"url": "https://www.ibm.com/support/pages/node/7262494"
},
{
"published_at": "2026-03-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262548",
"url": "https://www.ibm.com/support/pages/node/7262548"
},
{
"published_at": "2026-03-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262325",
"url": "https://www.ibm.com/support/pages/node/7262325"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7259901",
"url": "https://www.ibm.com/support/pages/node/7259901"
}
]
}
FKIE_CVE-2024-20952
Vulnerability from fkie_nvd - Published: 2024-01-16 22:15 - Updated: 2025-11-03 22:16
Severity
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
References
| URL | Tags | ||
|---|---|---|---|
| secalert_us@oracle.com | https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html | Mailing List, Third Party Advisory | |
| secalert_us@oracle.com | https://security.netapp.com/advisory/ntap-20240201-0002/ | Third Party Advisory | |
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpujan2024.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240201-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20241108-0002/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2024.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | openjdk | * | |
| oracle | openjdk | * | |
| oracle | openjdk | * | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | openjdk | 8 | |
| oracle | graalvm | 20.3.12 | |
| oracle | graalvm | 21.3.8 | |
| oracle | graalvm | 22.3.4 | |
| oracle | graalvm_for_jdk | 17.0.9 | |
| oracle | graalvm_for_jdk | 21.0.1 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 11.0.21 | |
| oracle | jdk | 17.0.9 | |
| oracle | jdk | 21.0.1 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 11.0.21 | |
| oracle | jre | 17.0.9 | |
| oracle | jre | 21.0.1 | |
| netapp | cloud_insights_acquisition_unit | - | |
| netapp | cloud_insights_storage_workload_security_agent | - | |
| netapp | oncommand_insight | - | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2E2756-6ECC-4205-BED6-1A7DAB6D1C45",
"versionEndExcluding": "11.0.24",
"versionStartIncluding": "11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD9DA0F-9664-4C81-882F-68DBBC323F5E",
"versionEndExcluding": "17.0.10",
"versionStartIncluding": "17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "231952D6-6C9A-4C31-A338-1AA8C3D4F433",
"versionEndExcluding": "21.0.2",
"versionStartIncluding": "21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
"matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
"matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
"matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
"matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
"matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
"matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
"matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
"matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
"matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
"matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
"matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
"matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
"matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
"matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
"matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
"matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
"matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
"matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
"matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
"matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
"matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
"matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
"matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
"matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
"matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
"matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
"matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
"matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
"matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
"matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
"matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
"matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
"matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
"matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
"matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
"matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
"matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
"matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
"matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
"matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
"matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
"matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
"matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
"matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
"matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
"matchCriteriaId": "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*",
"matchCriteriaId": "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update342:*:*:*:*:*:*",
"matchCriteriaId": "383F0B07-59BF-4744-87F2-04C98BC183B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update352:*:*:*:*:*:*",
"matchCriteriaId": "494C17C6-54A3-4BE6-A4FF-2D54DF2B38D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update362:*:*:*:*:*:*",
"matchCriteriaId": "1058ABDC-D652-4E2D-964D-C9C98FD404F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update372:*:*:*:*:*:*",
"matchCriteriaId": "DC62A8BB-6230-4D5A-B91C-DD1B222F9E5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update382:*:*:*:*:*:*",
"matchCriteriaId": "333F58FD-5F4F-4F11-B1F8-8815C99AC61A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update392:*:*:*:*:*:*",
"matchCriteriaId": "1CB4456E-18B0-4C5B-822E-2BFE7DE019D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
"matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update402-b00:*:*:*:*:*:*",
"matchCriteriaId": "3FCE7DD4-EF50-4F46-B5E1-F5F0B31C2A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update402-b01:*:*:*:*:*:*",
"matchCriteriaId": "60538D83-D9A2-4A8E-ADCA-25ACDE789D11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update402-b02:*:*:*:*:*:*",
"matchCriteriaId": "823D1593-CCB9-4172-85FE-3F7EC57E966A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update402-b03:*:*:*:*:*:*",
"matchCriteriaId": "3723D31F-21F3-4040-A59D-6F4FE4D38033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update402-b04:*:*:*:*:*:*",
"matchCriteriaId": "60C2BD46-0BF0-4960-9070-41EF8BD86606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update402-b05:*:*:*:*:*:*",
"matchCriteriaId": "4B43831A-21CF-4A2D-AF1E-C909954E4713",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
"matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
"matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
"matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
"matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
"matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
"matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
"matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
"matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
"matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
"matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
"matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
"matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
"matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.12:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "D17D1EA4-A45F-4D8D-BA3E-4898EC6D48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "CF534BA8-A2A5-4768-A480-CFB885308AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:22.3.4:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "876A5640-82A8-4BDC-8E0A-4D6340F5417D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5055FD-0E19-4C42-9B1F-CBE222855156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04738DE7-2BFE-4C06-ABE0-FCA099B5FFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:-:*:*:*",
"matchCriteriaId": "D667746E-7E7C-4326-9B70-3587C2B41BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*",
"matchCriteriaId": "F3EF33DE-2E3F-4D5A-BF06-AC3C75108089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:11.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFC5C12-7FF4-48E6-BC5A-F50EBC956BBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:17.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF6AA431-8965-4B53-AF0F-DB3AB7A9A3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:21.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50C5781C-4153-431D-991E-637E253EDC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:-:*:*:*",
"matchCriteriaId": "CA31F3A1-07E1-4685-8A24-7C7830EF7600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*",
"matchCriteriaId": "DB7CD545-5B56-47FC-803F-8F150C810534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:11.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "568F994E-135F-486D-B57C-0245A1BC253B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:17.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BF274813-F650-447C-A1A6-61D5F8FF71BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:21.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F76A51BB-6DAE-4506-B737-7A5854543F18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Seguridad). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM para JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 y 22.3.4. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n de datos cr\u00edticos o a todos los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition, as\u00ed como acceso no autorizado a datos cr\u00edticos o acceso completo a todo Oracle Java. SE, Oracle GraalVM para JDK, datos accesibles de Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o subprogramas de Java en sandbox, que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan s\u00f3lo c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.1 Puntaje base 7.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)."
}
],
"id": "CVE-2024-20952",
"lastModified": "2025-11-03T22:16:41.507",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
]
},
"published": "2024-01-16T22:15:42.477",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240201-0002/"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240201-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20241108-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2024.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
},
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-343V-9CCV-7535
Vulnerability from github – Published: 2024-01-17 00:30 – Updated: 2025-11-04 00:30
VLAI
Details
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
Severity
7.4 (High)
{
"affected": [],
"aliases": [
"CVE-2024-20952"
],
"database_specific": {
"cwe_ids": [
"CWE-284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-16T22:15:42Z",
"severity": "HIGH"
},
"details": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",
"id": "GHSA-343v-9ccv-7535",
"modified": "2025-11-04T00:30:43Z",
"published": "2024-01-17T00:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20952"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240201-0002"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20241108-0002"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2024.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2024-20952
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2024-20952",
"id": "GSD-2024-20952"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-20952"
],
"details": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",
"id": "GSD-2024-20952",
"modified": "2023-12-13T01:21:42.838802Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2024-20952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java SE JDK and JRE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Oracle Java SE:8u391"
},
{
"version_affected": "=",
"version_value": "Oracle Java SE:8u391-perf"
},
{
"version_affected": "=",
"version_value": "Oracle Java SE:11.0.21"
},
{
"version_affected": "=",
"version_value": "Oracle Java SE:17.0.9"
},
{
"version_affected": "=",
"version_value": "Oracle Java SE:21.0.1"
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM for JDK:17.0.9"
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM for JDK:21.0.1"
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM Enterprise Edition:20.3.12"
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM Enterprise Edition:21.3.8"
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM Enterprise Edition:22.3.4"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujan2024.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2024.html"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20240201-0002/",
"refsource": "MISC",
"url": "https://security.netapp.com/advisory/ntap-20240201-0002/"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.12:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "D17D1EA4-A45F-4D8D-BA3E-4898EC6D48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "CF534BA8-A2A5-4768-A480-CFB885308AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:22.3.4:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "876A5640-82A8-4BDC-8E0A-4D6340F5417D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5055FD-0E19-4C42-9B1F-CBE222855156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04738DE7-2BFE-4C06-ABE0-FCA099B5FFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:-:*:*:*",
"matchCriteriaId": "D667746E-7E7C-4326-9B70-3587C2B41BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*",
"matchCriteriaId": "F3EF33DE-2E3F-4D5A-BF06-AC3C75108089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:11.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8FFC5C12-7FF4-48E6-BC5A-F50EBC956BBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:17.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF6AA431-8965-4B53-AF0F-DB3AB7A9A3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:21.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50C5781C-4153-431D-991E-637E253EDC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:-:*:*:*",
"matchCriteriaId": "CA31F3A1-07E1-4685-8A24-7C7830EF7600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*",
"matchCriteriaId": "DB7CD545-5B56-47FC-803F-8F150C810534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:11.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "568F994E-135F-486D-B57C-0245A1BC253B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:17.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BF274813-F650-447C-A1A6-61D5F8FF71BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:21.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F76A51BB-6DAE-4506-B737-7A5854543F18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Seguridad). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM para JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 y 22.3.4. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n de datos cr\u00edticos o a todos los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition, as\u00ed como acceso no autorizado a datos cr\u00edticos o acceso completo a todo Oracle Java. SE, Oracle GraalVM para JDK, datos accesibles de Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o subprogramas de Java en sandbox, que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan s\u00f3lo c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.1 Puntaje base 7.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)."
}
],
"id": "CVE-2024-20952",
"lastModified": "2024-02-15T03:18:31.140",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "secalert_us@oracle.com",
"type": "Primary"
}
]
},
"published": "2024-01-16T22:15:42.477",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240201-0002/"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2024.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
OPENSUSE-SU-2024:13587-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
java-17-openjdk-17.0.10.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: java-17-openjdk-17.0.10.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the java-17-openjdk-17.0.10.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13587
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.7 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
26 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2024-20918/ | self |
| https://www.suse.com/security/cve/CVE-2024-20919/ | self |
| https://www.suse.com/security/cve/CVE-2024-20921/ | self |
| https://www.suse.com/security/cve/CVE-2024-20932/ | self |
| https://www.suse.com/security/cve/CVE-2024-20945/ | self |
| https://www.suse.com/security/cve/CVE-2024-20952/ | self |
| https://www.suse.com/security/cve/CVE-2024-20918 | external |
| https://bugzilla.suse.com/1218907 | external |
| https://bugzilla.suse.com/1219843 | external |
| https://www.suse.com/security/cve/CVE-2024-20919 | external |
| https://bugzilla.suse.com/1218903 | external |
| https://bugzilla.suse.com/1219843 | external |
| https://www.suse.com/security/cve/CVE-2024-20921 | external |
| https://bugzilla.suse.com/1218905 | external |
| https://bugzilla.suse.com/1219843 | external |
| https://www.suse.com/security/cve/CVE-2024-20932 | external |
| https://bugzilla.suse.com/1218908 | external |
| https://bugzilla.suse.com/1219843 | external |
| https://www.suse.com/security/cve/CVE-2024-20945 | external |
| https://bugzilla.suse.com/1218909 | external |
| https://bugzilla.suse.com/1219843 | external |
| https://www.suse.com/security/cve/CVE-2024-20952 | external |
| https://bugzilla.suse.com/1218911 | external |
| https://bugzilla.suse.com/1219843 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "java-17-openjdk-17.0.10.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the java-17-openjdk-17.0.10.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13587",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13587-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-20918 page",
"url": "https://www.suse.com/security/cve/CVE-2024-20918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-20919 page",
"url": "https://www.suse.com/security/cve/CVE-2024-20919/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-20921 page",
"url": "https://www.suse.com/security/cve/CVE-2024-20921/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-20932 page",
"url": "https://www.suse.com/security/cve/CVE-2024-20932/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-20945 page",
"url": "https://www.suse.com/security/cve/CVE-2024-20945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-20952 page",
"url": "https://www.suse.com/security/cve/CVE-2024-20952/"
}
],
"title": "java-17-openjdk-17.0.10.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13587-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "java-17-openjdk-17.0.10.0-1.1.aarch64",
"product": {
"name": "java-17-openjdk-17.0.10.0-1.1.aarch64",
"product_id": "java-17-openjdk-17.0.10.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-demo-17.0.10.0-1.1.aarch64",
"product": {
"name": "java-17-openjdk-demo-17.0.10.0-1.1.aarch64",
"product_id": "java-17-openjdk-demo-17.0.10.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-devel-17.0.10.0-1.1.aarch64",
"product": {
"name": "java-17-openjdk-devel-17.0.10.0-1.1.aarch64",
"product_id": "java-17-openjdk-devel-17.0.10.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-headless-17.0.10.0-1.1.aarch64",
"product": {
"name": "java-17-openjdk-headless-17.0.10.0-1.1.aarch64",
"product_id": "java-17-openjdk-headless-17.0.10.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64",
"product": {
"name": "java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64",
"product_id": "java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-jmods-17.0.10.0-1.1.aarch64",
"product": {
"name": "java-17-openjdk-jmods-17.0.10.0-1.1.aarch64",
"product_id": "java-17-openjdk-jmods-17.0.10.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-src-17.0.10.0-1.1.aarch64",
"product": {
"name": "java-17-openjdk-src-17.0.10.0-1.1.aarch64",
"product_id": "java-17-openjdk-src-17.0.10.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-17-openjdk-17.0.10.0-1.1.ppc64le",
"product": {
"name": "java-17-openjdk-17.0.10.0-1.1.ppc64le",
"product_id": "java-17-openjdk-17.0.10.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-demo-17.0.10.0-1.1.ppc64le",
"product": {
"name": "java-17-openjdk-demo-17.0.10.0-1.1.ppc64le",
"product_id": "java-17-openjdk-demo-17.0.10.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-devel-17.0.10.0-1.1.ppc64le",
"product": {
"name": "java-17-openjdk-devel-17.0.10.0-1.1.ppc64le",
"product_id": "java-17-openjdk-devel-17.0.10.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-headless-17.0.10.0-1.1.ppc64le",
"product": {
"name": "java-17-openjdk-headless-17.0.10.0-1.1.ppc64le",
"product_id": "java-17-openjdk-headless-17.0.10.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le",
"product": {
"name": "java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le",
"product_id": "java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le",
"product": {
"name": "java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le",
"product_id": "java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-src-17.0.10.0-1.1.ppc64le",
"product": {
"name": "java-17-openjdk-src-17.0.10.0-1.1.ppc64le",
"product_id": "java-17-openjdk-src-17.0.10.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "java-17-openjdk-17.0.10.0-1.1.s390x",
"product": {
"name": "java-17-openjdk-17.0.10.0-1.1.s390x",
"product_id": "java-17-openjdk-17.0.10.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-demo-17.0.10.0-1.1.s390x",
"product": {
"name": "java-17-openjdk-demo-17.0.10.0-1.1.s390x",
"product_id": "java-17-openjdk-demo-17.0.10.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-devel-17.0.10.0-1.1.s390x",
"product": {
"name": "java-17-openjdk-devel-17.0.10.0-1.1.s390x",
"product_id": "java-17-openjdk-devel-17.0.10.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-headless-17.0.10.0-1.1.s390x",
"product": {
"name": "java-17-openjdk-headless-17.0.10.0-1.1.s390x",
"product_id": "java-17-openjdk-headless-17.0.10.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-javadoc-17.0.10.0-1.1.s390x",
"product": {
"name": "java-17-openjdk-javadoc-17.0.10.0-1.1.s390x",
"product_id": "java-17-openjdk-javadoc-17.0.10.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-jmods-17.0.10.0-1.1.s390x",
"product": {
"name": "java-17-openjdk-jmods-17.0.10.0-1.1.s390x",
"product_id": "java-17-openjdk-jmods-17.0.10.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-src-17.0.10.0-1.1.s390x",
"product": {
"name": "java-17-openjdk-src-17.0.10.0-1.1.s390x",
"product_id": "java-17-openjdk-src-17.0.10.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "java-17-openjdk-17.0.10.0-1.1.x86_64",
"product": {
"name": "java-17-openjdk-17.0.10.0-1.1.x86_64",
"product_id": "java-17-openjdk-17.0.10.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-demo-17.0.10.0-1.1.x86_64",
"product": {
"name": "java-17-openjdk-demo-17.0.10.0-1.1.x86_64",
"product_id": "java-17-openjdk-demo-17.0.10.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-devel-17.0.10.0-1.1.x86_64",
"product": {
"name": "java-17-openjdk-devel-17.0.10.0-1.1.x86_64",
"product_id": "java-17-openjdk-devel-17.0.10.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-headless-17.0.10.0-1.1.x86_64",
"product": {
"name": "java-17-openjdk-headless-17.0.10.0-1.1.x86_64",
"product_id": "java-17-openjdk-headless-17.0.10.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64",
"product": {
"name": "java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64",
"product_id": "java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-jmods-17.0.10.0-1.1.x86_64",
"product": {
"name": "java-17-openjdk-jmods-17.0.10.0-1.1.x86_64",
"product_id": "java-17-openjdk-jmods-17.0.10.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-17-openjdk-src-17.0.10.0-1.1.x86_64",
"product": {
"name": "java-17-openjdk-src-17.0.10.0-1.1.x86_64",
"product_id": "java-17-openjdk-src-17.0.10.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-17.0.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64"
},
"product_reference": "java-17-openjdk-17.0.10.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-17.0.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le"
},
"product_reference": "java-17-openjdk-17.0.10.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-17.0.10.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x"
},
"product_reference": "java-17-openjdk-17.0.10.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-17.0.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64"
},
"product_reference": "java-17-openjdk-17.0.10.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-demo-17.0.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64"
},
"product_reference": "java-17-openjdk-demo-17.0.10.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-demo-17.0.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le"
},
"product_reference": "java-17-openjdk-demo-17.0.10.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-demo-17.0.10.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x"
},
"product_reference": "java-17-openjdk-demo-17.0.10.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-demo-17.0.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64"
},
"product_reference": "java-17-openjdk-demo-17.0.10.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-devel-17.0.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64"
},
"product_reference": "java-17-openjdk-devel-17.0.10.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-devel-17.0.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le"
},
"product_reference": "java-17-openjdk-devel-17.0.10.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-devel-17.0.10.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x"
},
"product_reference": "java-17-openjdk-devel-17.0.10.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-devel-17.0.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64"
},
"product_reference": "java-17-openjdk-devel-17.0.10.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-headless-17.0.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64"
},
"product_reference": "java-17-openjdk-headless-17.0.10.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-headless-17.0.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le"
},
"product_reference": "java-17-openjdk-headless-17.0.10.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-headless-17.0.10.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x"
},
"product_reference": "java-17-openjdk-headless-17.0.10.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-headless-17.0.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64"
},
"product_reference": "java-17-openjdk-headless-17.0.10.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64"
},
"product_reference": "java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le"
},
"product_reference": "java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-javadoc-17.0.10.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x"
},
"product_reference": "java-17-openjdk-javadoc-17.0.10.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64"
},
"product_reference": "java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-jmods-17.0.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64"
},
"product_reference": "java-17-openjdk-jmods-17.0.10.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le"
},
"product_reference": "java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-jmods-17.0.10.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x"
},
"product_reference": "java-17-openjdk-jmods-17.0.10.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-jmods-17.0.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64"
},
"product_reference": "java-17-openjdk-jmods-17.0.10.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-src-17.0.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64"
},
"product_reference": "java-17-openjdk-src-17.0.10.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-src-17.0.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le"
},
"product_reference": "java-17-openjdk-src-17.0.10.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-src-17.0.10.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x"
},
"product_reference": "java-17-openjdk-src-17.0.10.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-17-openjdk-src-17.0.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64"
},
"product_reference": "java-17-openjdk-src-17.0.10.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-20918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-20918"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-20918",
"url": "https://www.suse.com/security/cve/CVE-2024-20918"
},
{
"category": "external",
"summary": "SUSE Bug 1218907 for CVE-2024-20918",
"url": "https://bugzilla.suse.com/1218907"
},
{
"category": "external",
"summary": "SUSE Bug 1219843 for CVE-2024-20918",
"url": "https://bugzilla.suse.com/1219843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-20918"
},
{
"cve": "CVE-2024-20919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-20919"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-20919",
"url": "https://www.suse.com/security/cve/CVE-2024-20919"
},
{
"category": "external",
"summary": "SUSE Bug 1218903 for CVE-2024-20919",
"url": "https://bugzilla.suse.com/1218903"
},
{
"category": "external",
"summary": "SUSE Bug 1219843 for CVE-2024-20919",
"url": "https://bugzilla.suse.com/1219843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-20919"
},
{
"cve": "CVE-2024-20921",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-20921"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-20921",
"url": "https://www.suse.com/security/cve/CVE-2024-20921"
},
{
"category": "external",
"summary": "SUSE Bug 1218905 for CVE-2024-20921",
"url": "https://bugzilla.suse.com/1218905"
},
{
"category": "external",
"summary": "SUSE Bug 1219843 for CVE-2024-20921",
"url": "https://bugzilla.suse.com/1219843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-20921"
},
{
"cve": "CVE-2024-20932",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-20932"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-20932",
"url": "https://www.suse.com/security/cve/CVE-2024-20932"
},
{
"category": "external",
"summary": "SUSE Bug 1218908 for CVE-2024-20932",
"url": "https://bugzilla.suse.com/1218908"
},
{
"category": "external",
"summary": "SUSE Bug 1219843 for CVE-2024-20932",
"url": "https://bugzilla.suse.com/1219843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-20932"
},
{
"cve": "CVE-2024-20945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-20945"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-20945",
"url": "https://www.suse.com/security/cve/CVE-2024-20945"
},
{
"category": "external",
"summary": "SUSE Bug 1218909 for CVE-2024-20945",
"url": "https://bugzilla.suse.com/1218909"
},
{
"category": "external",
"summary": "SUSE Bug 1219843 for CVE-2024-20945",
"url": "https://bugzilla.suse.com/1219843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-20945"
},
{
"cve": "CVE-2024-20952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-20952"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-20952",
"url": "https://www.suse.com/security/cve/CVE-2024-20952"
},
{
"category": "external",
"summary": "SUSE Bug 1218911 for CVE-2024-20952",
"url": "https://bugzilla.suse.com/1218911"
},
{
"category": "external",
"summary": "SUSE Bug 1219843 for CVE-2024-20952",
"url": "https://bugzilla.suse.com/1219843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-demo-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-devel-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-headless-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.10.0-1.1.x86_64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.aarch64",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.s390x",
"openSUSE Tumbleweed:java-17-openjdk-src-17.0.10.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-20952"
}
]
}
OPENSUSE-SU-2024:13594-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
java-21-openjdk-21.0.2.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: java-21-openjdk-21.0.2.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the java-21-openjdk-21.0.2.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13594
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.7 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
22 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2024-20918/ | self |
| https://www.suse.com/security/cve/CVE-2024-20919/ | self |
| https://www.suse.com/security/cve/CVE-2024-20921/ | self |
| https://www.suse.com/security/cve/CVE-2024-20945/ | self |
| https://www.suse.com/security/cve/CVE-2024-20952/ | self |
| https://www.suse.com/security/cve/CVE-2024-20918 | external |
| https://bugzilla.suse.com/1218907 | external |
| https://bugzilla.suse.com/1219843 | external |
| https://www.suse.com/security/cve/CVE-2024-20919 | external |
| https://bugzilla.suse.com/1218903 | external |
| https://bugzilla.suse.com/1219843 | external |
| https://www.suse.com/security/cve/CVE-2024-20921 | external |
| https://bugzilla.suse.com/1218905 | external |
| https://bugzilla.suse.com/1219843 | external |
| https://www.suse.com/security/cve/CVE-2024-20945 | external |
| https://bugzilla.suse.com/1218909 | external |
| https://bugzilla.suse.com/1219843 | external |
| https://www.suse.com/security/cve/CVE-2024-20952 | external |
| https://bugzilla.suse.com/1218911 | external |
| https://bugzilla.suse.com/1219843 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "java-21-openjdk-21.0.2.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the java-21-openjdk-21.0.2.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13594",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13594-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-20918 page",
"url": "https://www.suse.com/security/cve/CVE-2024-20918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-20919 page",
"url": "https://www.suse.com/security/cve/CVE-2024-20919/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-20921 page",
"url": "https://www.suse.com/security/cve/CVE-2024-20921/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-20945 page",
"url": "https://www.suse.com/security/cve/CVE-2024-20945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-20952 page",
"url": "https://www.suse.com/security/cve/CVE-2024-20952/"
}
],
"title": "java-21-openjdk-21.0.2.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13594-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "java-21-openjdk-21.0.2.0-1.1.aarch64",
"product": {
"name": "java-21-openjdk-21.0.2.0-1.1.aarch64",
"product_id": "java-21-openjdk-21.0.2.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-demo-21.0.2.0-1.1.aarch64",
"product": {
"name": "java-21-openjdk-demo-21.0.2.0-1.1.aarch64",
"product_id": "java-21-openjdk-demo-21.0.2.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-devel-21.0.2.0-1.1.aarch64",
"product": {
"name": "java-21-openjdk-devel-21.0.2.0-1.1.aarch64",
"product_id": "java-21-openjdk-devel-21.0.2.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-headless-21.0.2.0-1.1.aarch64",
"product": {
"name": "java-21-openjdk-headless-21.0.2.0-1.1.aarch64",
"product_id": "java-21-openjdk-headless-21.0.2.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64",
"product": {
"name": "java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64",
"product_id": "java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-jmods-21.0.2.0-1.1.aarch64",
"product": {
"name": "java-21-openjdk-jmods-21.0.2.0-1.1.aarch64",
"product_id": "java-21-openjdk-jmods-21.0.2.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-src-21.0.2.0-1.1.aarch64",
"product": {
"name": "java-21-openjdk-src-21.0.2.0-1.1.aarch64",
"product_id": "java-21-openjdk-src-21.0.2.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-21-openjdk-21.0.2.0-1.1.ppc64le",
"product": {
"name": "java-21-openjdk-21.0.2.0-1.1.ppc64le",
"product_id": "java-21-openjdk-21.0.2.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-demo-21.0.2.0-1.1.ppc64le",
"product": {
"name": "java-21-openjdk-demo-21.0.2.0-1.1.ppc64le",
"product_id": "java-21-openjdk-demo-21.0.2.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-devel-21.0.2.0-1.1.ppc64le",
"product": {
"name": "java-21-openjdk-devel-21.0.2.0-1.1.ppc64le",
"product_id": "java-21-openjdk-devel-21.0.2.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-headless-21.0.2.0-1.1.ppc64le",
"product": {
"name": "java-21-openjdk-headless-21.0.2.0-1.1.ppc64le",
"product_id": "java-21-openjdk-headless-21.0.2.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le",
"product": {
"name": "java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le",
"product_id": "java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le",
"product": {
"name": "java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le",
"product_id": "java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-src-21.0.2.0-1.1.ppc64le",
"product": {
"name": "java-21-openjdk-src-21.0.2.0-1.1.ppc64le",
"product_id": "java-21-openjdk-src-21.0.2.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "java-21-openjdk-21.0.2.0-1.1.s390x",
"product": {
"name": "java-21-openjdk-21.0.2.0-1.1.s390x",
"product_id": "java-21-openjdk-21.0.2.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-demo-21.0.2.0-1.1.s390x",
"product": {
"name": "java-21-openjdk-demo-21.0.2.0-1.1.s390x",
"product_id": "java-21-openjdk-demo-21.0.2.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-devel-21.0.2.0-1.1.s390x",
"product": {
"name": "java-21-openjdk-devel-21.0.2.0-1.1.s390x",
"product_id": "java-21-openjdk-devel-21.0.2.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-headless-21.0.2.0-1.1.s390x",
"product": {
"name": "java-21-openjdk-headless-21.0.2.0-1.1.s390x",
"product_id": "java-21-openjdk-headless-21.0.2.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-javadoc-21.0.2.0-1.1.s390x",
"product": {
"name": "java-21-openjdk-javadoc-21.0.2.0-1.1.s390x",
"product_id": "java-21-openjdk-javadoc-21.0.2.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-jmods-21.0.2.0-1.1.s390x",
"product": {
"name": "java-21-openjdk-jmods-21.0.2.0-1.1.s390x",
"product_id": "java-21-openjdk-jmods-21.0.2.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-src-21.0.2.0-1.1.s390x",
"product": {
"name": "java-21-openjdk-src-21.0.2.0-1.1.s390x",
"product_id": "java-21-openjdk-src-21.0.2.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "java-21-openjdk-21.0.2.0-1.1.x86_64",
"product": {
"name": "java-21-openjdk-21.0.2.0-1.1.x86_64",
"product_id": "java-21-openjdk-21.0.2.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-demo-21.0.2.0-1.1.x86_64",
"product": {
"name": "java-21-openjdk-demo-21.0.2.0-1.1.x86_64",
"product_id": "java-21-openjdk-demo-21.0.2.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-devel-21.0.2.0-1.1.x86_64",
"product": {
"name": "java-21-openjdk-devel-21.0.2.0-1.1.x86_64",
"product_id": "java-21-openjdk-devel-21.0.2.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-headless-21.0.2.0-1.1.x86_64",
"product": {
"name": "java-21-openjdk-headless-21.0.2.0-1.1.x86_64",
"product_id": "java-21-openjdk-headless-21.0.2.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64",
"product": {
"name": "java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64",
"product_id": "java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-jmods-21.0.2.0-1.1.x86_64",
"product": {
"name": "java-21-openjdk-jmods-21.0.2.0-1.1.x86_64",
"product_id": "java-21-openjdk-jmods-21.0.2.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-21-openjdk-src-21.0.2.0-1.1.x86_64",
"product": {
"name": "java-21-openjdk-src-21.0.2.0-1.1.x86_64",
"product_id": "java-21-openjdk-src-21.0.2.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-21.0.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.aarch64"
},
"product_reference": "java-21-openjdk-21.0.2.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-21.0.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.ppc64le"
},
"product_reference": "java-21-openjdk-21.0.2.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-21.0.2.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.s390x"
},
"product_reference": "java-21-openjdk-21.0.2.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-21.0.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.x86_64"
},
"product_reference": "java-21-openjdk-21.0.2.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-demo-21.0.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.aarch64"
},
"product_reference": "java-21-openjdk-demo-21.0.2.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-demo-21.0.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.ppc64le"
},
"product_reference": "java-21-openjdk-demo-21.0.2.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-demo-21.0.2.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.s390x"
},
"product_reference": "java-21-openjdk-demo-21.0.2.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-demo-21.0.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.x86_64"
},
"product_reference": "java-21-openjdk-demo-21.0.2.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-devel-21.0.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.aarch64"
},
"product_reference": "java-21-openjdk-devel-21.0.2.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-devel-21.0.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.ppc64le"
},
"product_reference": "java-21-openjdk-devel-21.0.2.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-devel-21.0.2.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.s390x"
},
"product_reference": "java-21-openjdk-devel-21.0.2.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-devel-21.0.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.x86_64"
},
"product_reference": "java-21-openjdk-devel-21.0.2.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-headless-21.0.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.aarch64"
},
"product_reference": "java-21-openjdk-headless-21.0.2.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-headless-21.0.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.ppc64le"
},
"product_reference": "java-21-openjdk-headless-21.0.2.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-headless-21.0.2.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.s390x"
},
"product_reference": "java-21-openjdk-headless-21.0.2.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-headless-21.0.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.x86_64"
},
"product_reference": "java-21-openjdk-headless-21.0.2.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64"
},
"product_reference": "java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le"
},
"product_reference": "java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-javadoc-21.0.2.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.s390x"
},
"product_reference": "java-21-openjdk-javadoc-21.0.2.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64"
},
"product_reference": "java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-jmods-21.0.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.aarch64"
},
"product_reference": "java-21-openjdk-jmods-21.0.2.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le"
},
"product_reference": "java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-jmods-21.0.2.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.s390x"
},
"product_reference": "java-21-openjdk-jmods-21.0.2.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-jmods-21.0.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.x86_64"
},
"product_reference": "java-21-openjdk-jmods-21.0.2.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-src-21.0.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.aarch64"
},
"product_reference": "java-21-openjdk-src-21.0.2.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-src-21.0.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.ppc64le"
},
"product_reference": "java-21-openjdk-src-21.0.2.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-src-21.0.2.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.s390x"
},
"product_reference": "java-21-openjdk-src-21.0.2.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-21-openjdk-src-21.0.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.x86_64"
},
"product_reference": "java-21-openjdk-src-21.0.2.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-20918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-20918"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-20918",
"url": "https://www.suse.com/security/cve/CVE-2024-20918"
},
{
"category": "external",
"summary": "SUSE Bug 1218907 for CVE-2024-20918",
"url": "https://bugzilla.suse.com/1218907"
},
{
"category": "external",
"summary": "SUSE Bug 1219843 for CVE-2024-20918",
"url": "https://bugzilla.suse.com/1219843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-20918"
},
{
"cve": "CVE-2024-20919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-20919"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-20919",
"url": "https://www.suse.com/security/cve/CVE-2024-20919"
},
{
"category": "external",
"summary": "SUSE Bug 1218903 for CVE-2024-20919",
"url": "https://bugzilla.suse.com/1218903"
},
{
"category": "external",
"summary": "SUSE Bug 1219843 for CVE-2024-20919",
"url": "https://bugzilla.suse.com/1219843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-20919"
},
{
"cve": "CVE-2024-20921",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-20921"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-20921",
"url": "https://www.suse.com/security/cve/CVE-2024-20921"
},
{
"category": "external",
"summary": "SUSE Bug 1218905 for CVE-2024-20921",
"url": "https://bugzilla.suse.com/1218905"
},
{
"category": "external",
"summary": "SUSE Bug 1219843 for CVE-2024-20921",
"url": "https://bugzilla.suse.com/1219843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-20921"
},
{
"cve": "CVE-2024-20945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-20945"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-20945",
"url": "https://www.suse.com/security/cve/CVE-2024-20945"
},
{
"category": "external",
"summary": "SUSE Bug 1218909 for CVE-2024-20945",
"url": "https://bugzilla.suse.com/1218909"
},
{
"category": "external",
"summary": "SUSE Bug 1219843 for CVE-2024-20945",
"url": "https://bugzilla.suse.com/1219843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-20945"
},
{
"cve": "CVE-2024-20952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-20952"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-20952",
"url": "https://www.suse.com/security/cve/CVE-2024-20952"
},
{
"category": "external",
"summary": "SUSE Bug 1218911 for CVE-2024-20952",
"url": "https://bugzilla.suse.com/1218911"
},
{
"category": "external",
"summary": "SUSE Bug 1219843 for CVE-2024-20952",
"url": "https://bugzilla.suse.com/1219843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-demo-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-devel-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-headless-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-javadoc-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-jmods-21.0.2.0-1.1.x86_64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.aarch64",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.s390x",
"openSUSE Tumbleweed:java-21-openjdk-src-21.0.2.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-20952"
}
]
}
OPENSUSE-SU-2024:13602-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
java-11-openjdk-11.0.22.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: java-11-openjdk-11.0.22.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the java-11-openjdk-11.0.22.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13602
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.7 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
26 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2024-20918/ | self |
| https://www.suse.com/security/cve/CVE-2024-20919/ | self |
| https://www.suse.com/security/cve/CVE-2024-20921/ | self |
| https://www.suse.com/security/cve/CVE-2024-20926/ | self |
| https://www.suse.com/security/cve/CVE-2024-20945/ | self |
| https://www.suse.com/security/cve/CVE-2024-20952/ | self |
| https://www.suse.com/security/cve/CVE-2024-20918 | external |
| https://bugzilla.suse.com/1218907 | external |
| https://bugzilla.suse.com/1219843 | external |
| https://www.suse.com/security/cve/CVE-2024-20919 | external |
| https://bugzilla.suse.com/1218903 | external |
| https://bugzilla.suse.com/1219843 | external |
| https://www.suse.com/security/cve/CVE-2024-20921 | external |
| https://bugzilla.suse.com/1218905 | external |
| https://bugzilla.suse.com/1219843 | external |
| https://www.suse.com/security/cve/CVE-2024-20926 | external |
| https://bugzilla.suse.com/1218906 | external |
| https://bugzilla.suse.com/1219843 | external |
| https://www.suse.com/security/cve/CVE-2024-20945 | external |
| https://bugzilla.suse.com/1218909 | external |
| https://bugzilla.suse.com/1219843 | external |
| https://www.suse.com/security/cve/CVE-2024-20952 | external |
| https://bugzilla.suse.com/1218911 | external |
| https://bugzilla.suse.com/1219843 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "java-11-openjdk-11.0.22.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the java-11-openjdk-11.0.22.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13602",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13602-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-20918 page",
"url": "https://www.suse.com/security/cve/CVE-2024-20918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-20919 page",
"url": "https://www.suse.com/security/cve/CVE-2024-20919/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-20921 page",
"url": "https://www.suse.com/security/cve/CVE-2024-20921/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-20926 page",
"url": "https://www.suse.com/security/cve/CVE-2024-20926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-20945 page",
"url": "https://www.suse.com/security/cve/CVE-2024-20945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-20952 page",
"url": "https://www.suse.com/security/cve/CVE-2024-20952/"
}
],
"title": "java-11-openjdk-11.0.22.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13602-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "java-11-openjdk-11.0.22.0-1.1.aarch64",
"product": {
"name": "java-11-openjdk-11.0.22.0-1.1.aarch64",
"product_id": "java-11-openjdk-11.0.22.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-demo-11.0.22.0-1.1.aarch64",
"product": {
"name": "java-11-openjdk-demo-11.0.22.0-1.1.aarch64",
"product_id": "java-11-openjdk-demo-11.0.22.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-devel-11.0.22.0-1.1.aarch64",
"product": {
"name": "java-11-openjdk-devel-11.0.22.0-1.1.aarch64",
"product_id": "java-11-openjdk-devel-11.0.22.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-headless-11.0.22.0-1.1.aarch64",
"product": {
"name": "java-11-openjdk-headless-11.0.22.0-1.1.aarch64",
"product_id": "java-11-openjdk-headless-11.0.22.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64",
"product": {
"name": "java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64",
"product_id": "java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-jmods-11.0.22.0-1.1.aarch64",
"product": {
"name": "java-11-openjdk-jmods-11.0.22.0-1.1.aarch64",
"product_id": "java-11-openjdk-jmods-11.0.22.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-src-11.0.22.0-1.1.aarch64",
"product": {
"name": "java-11-openjdk-src-11.0.22.0-1.1.aarch64",
"product_id": "java-11-openjdk-src-11.0.22.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-11-openjdk-11.0.22.0-1.1.ppc64le",
"product": {
"name": "java-11-openjdk-11.0.22.0-1.1.ppc64le",
"product_id": "java-11-openjdk-11.0.22.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-demo-11.0.22.0-1.1.ppc64le",
"product": {
"name": "java-11-openjdk-demo-11.0.22.0-1.1.ppc64le",
"product_id": "java-11-openjdk-demo-11.0.22.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-devel-11.0.22.0-1.1.ppc64le",
"product": {
"name": "java-11-openjdk-devel-11.0.22.0-1.1.ppc64le",
"product_id": "java-11-openjdk-devel-11.0.22.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-headless-11.0.22.0-1.1.ppc64le",
"product": {
"name": "java-11-openjdk-headless-11.0.22.0-1.1.ppc64le",
"product_id": "java-11-openjdk-headless-11.0.22.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le",
"product": {
"name": "java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le",
"product_id": "java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le",
"product": {
"name": "java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le",
"product_id": "java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-src-11.0.22.0-1.1.ppc64le",
"product": {
"name": "java-11-openjdk-src-11.0.22.0-1.1.ppc64le",
"product_id": "java-11-openjdk-src-11.0.22.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "java-11-openjdk-11.0.22.0-1.1.s390x",
"product": {
"name": "java-11-openjdk-11.0.22.0-1.1.s390x",
"product_id": "java-11-openjdk-11.0.22.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-demo-11.0.22.0-1.1.s390x",
"product": {
"name": "java-11-openjdk-demo-11.0.22.0-1.1.s390x",
"product_id": "java-11-openjdk-demo-11.0.22.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-devel-11.0.22.0-1.1.s390x",
"product": {
"name": "java-11-openjdk-devel-11.0.22.0-1.1.s390x",
"product_id": "java-11-openjdk-devel-11.0.22.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-headless-11.0.22.0-1.1.s390x",
"product": {
"name": "java-11-openjdk-headless-11.0.22.0-1.1.s390x",
"product_id": "java-11-openjdk-headless-11.0.22.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-javadoc-11.0.22.0-1.1.s390x",
"product": {
"name": "java-11-openjdk-javadoc-11.0.22.0-1.1.s390x",
"product_id": "java-11-openjdk-javadoc-11.0.22.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-jmods-11.0.22.0-1.1.s390x",
"product": {
"name": "java-11-openjdk-jmods-11.0.22.0-1.1.s390x",
"product_id": "java-11-openjdk-jmods-11.0.22.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-src-11.0.22.0-1.1.s390x",
"product": {
"name": "java-11-openjdk-src-11.0.22.0-1.1.s390x",
"product_id": "java-11-openjdk-src-11.0.22.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "java-11-openjdk-11.0.22.0-1.1.x86_64",
"product": {
"name": "java-11-openjdk-11.0.22.0-1.1.x86_64",
"product_id": "java-11-openjdk-11.0.22.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-demo-11.0.22.0-1.1.x86_64",
"product": {
"name": "java-11-openjdk-demo-11.0.22.0-1.1.x86_64",
"product_id": "java-11-openjdk-demo-11.0.22.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-devel-11.0.22.0-1.1.x86_64",
"product": {
"name": "java-11-openjdk-devel-11.0.22.0-1.1.x86_64",
"product_id": "java-11-openjdk-devel-11.0.22.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-headless-11.0.22.0-1.1.x86_64",
"product": {
"name": "java-11-openjdk-headless-11.0.22.0-1.1.x86_64",
"product_id": "java-11-openjdk-headless-11.0.22.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64",
"product": {
"name": "java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64",
"product_id": "java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-jmods-11.0.22.0-1.1.x86_64",
"product": {
"name": "java-11-openjdk-jmods-11.0.22.0-1.1.x86_64",
"product_id": "java-11-openjdk-jmods-11.0.22.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-11-openjdk-src-11.0.22.0-1.1.x86_64",
"product": {
"name": "java-11-openjdk-src-11.0.22.0-1.1.x86_64",
"product_id": "java-11-openjdk-src-11.0.22.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-11.0.22.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64"
},
"product_reference": "java-11-openjdk-11.0.22.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-11.0.22.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le"
},
"product_reference": "java-11-openjdk-11.0.22.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-11.0.22.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x"
},
"product_reference": "java-11-openjdk-11.0.22.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-11.0.22.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64"
},
"product_reference": "java-11-openjdk-11.0.22.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-demo-11.0.22.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64"
},
"product_reference": "java-11-openjdk-demo-11.0.22.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-demo-11.0.22.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le"
},
"product_reference": "java-11-openjdk-demo-11.0.22.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-demo-11.0.22.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x"
},
"product_reference": "java-11-openjdk-demo-11.0.22.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-demo-11.0.22.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64"
},
"product_reference": "java-11-openjdk-demo-11.0.22.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-devel-11.0.22.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64"
},
"product_reference": "java-11-openjdk-devel-11.0.22.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-devel-11.0.22.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le"
},
"product_reference": "java-11-openjdk-devel-11.0.22.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-devel-11.0.22.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x"
},
"product_reference": "java-11-openjdk-devel-11.0.22.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-devel-11.0.22.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64"
},
"product_reference": "java-11-openjdk-devel-11.0.22.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-headless-11.0.22.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64"
},
"product_reference": "java-11-openjdk-headless-11.0.22.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-headless-11.0.22.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le"
},
"product_reference": "java-11-openjdk-headless-11.0.22.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-headless-11.0.22.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x"
},
"product_reference": "java-11-openjdk-headless-11.0.22.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-headless-11.0.22.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64"
},
"product_reference": "java-11-openjdk-headless-11.0.22.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64"
},
"product_reference": "java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le"
},
"product_reference": "java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-javadoc-11.0.22.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x"
},
"product_reference": "java-11-openjdk-javadoc-11.0.22.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64"
},
"product_reference": "java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-jmods-11.0.22.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64"
},
"product_reference": "java-11-openjdk-jmods-11.0.22.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le"
},
"product_reference": "java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-jmods-11.0.22.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x"
},
"product_reference": "java-11-openjdk-jmods-11.0.22.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-jmods-11.0.22.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64"
},
"product_reference": "java-11-openjdk-jmods-11.0.22.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-src-11.0.22.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64"
},
"product_reference": "java-11-openjdk-src-11.0.22.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-src-11.0.22.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le"
},
"product_reference": "java-11-openjdk-src-11.0.22.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-src-11.0.22.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x"
},
"product_reference": "java-11-openjdk-src-11.0.22.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-11-openjdk-src-11.0.22.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64"
},
"product_reference": "java-11-openjdk-src-11.0.22.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-20918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-20918"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-20918",
"url": "https://www.suse.com/security/cve/CVE-2024-20918"
},
{
"category": "external",
"summary": "SUSE Bug 1218907 for CVE-2024-20918",
"url": "https://bugzilla.suse.com/1218907"
},
{
"category": "external",
"summary": "SUSE Bug 1219843 for CVE-2024-20918",
"url": "https://bugzilla.suse.com/1219843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-20918"
},
{
"cve": "CVE-2024-20919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-20919"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-20919",
"url": "https://www.suse.com/security/cve/CVE-2024-20919"
},
{
"category": "external",
"summary": "SUSE Bug 1218903 for CVE-2024-20919",
"url": "https://bugzilla.suse.com/1218903"
},
{
"category": "external",
"summary": "SUSE Bug 1219843 for CVE-2024-20919",
"url": "https://bugzilla.suse.com/1219843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-20919"
},
{
"cve": "CVE-2024-20921",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-20921"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-20921",
"url": "https://www.suse.com/security/cve/CVE-2024-20921"
},
{
"category": "external",
"summary": "SUSE Bug 1218905 for CVE-2024-20921",
"url": "https://bugzilla.suse.com/1218905"
},
{
"category": "external",
"summary": "SUSE Bug 1219843 for CVE-2024-20921",
"url": "https://bugzilla.suse.com/1219843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-20921"
},
{
"cve": "CVE-2024-20926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-20926"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-20926",
"url": "https://www.suse.com/security/cve/CVE-2024-20926"
},
{
"category": "external",
"summary": "SUSE Bug 1218906 for CVE-2024-20926",
"url": "https://bugzilla.suse.com/1218906"
},
{
"category": "external",
"summary": "SUSE Bug 1219843 for CVE-2024-20926",
"url": "https://bugzilla.suse.com/1219843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-20926"
},
{
"cve": "CVE-2024-20945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-20945"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-20945",
"url": "https://www.suse.com/security/cve/CVE-2024-20945"
},
{
"category": "external",
"summary": "SUSE Bug 1218909 for CVE-2024-20945",
"url": "https://bugzilla.suse.com/1218909"
},
{
"category": "external",
"summary": "SUSE Bug 1219843 for CVE-2024-20945",
"url": "https://bugzilla.suse.com/1219843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-20945"
},
{
"cve": "CVE-2024-20952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-20952"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-20952",
"url": "https://www.suse.com/security/cve/CVE-2024-20952"
},
{
"category": "external",
"summary": "SUSE Bug 1218911 for CVE-2024-20952",
"url": "https://bugzilla.suse.com/1218911"
},
{
"category": "external",
"summary": "SUSE Bug 1219843 for CVE-2024-20952",
"url": "https://bugzilla.suse.com/1219843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-demo-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-devel-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-headless-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.22.0-1.1.x86_64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.s390x",
"openSUSE Tumbleweed:java-11-openjdk-src-11.0.22.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-20952"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…