Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2017-3512
Vulnerability from cvelistv5
Published
2017-04-24 19:00
Modified
2024-10-04 19:25
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u131 Version: 8u121 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T14:30:57.616Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "GLSA-201705-03", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201705-03", }, { name: "97727", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97727", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", }, { name: "1038286", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038286", }, { name: "GLSA-201707-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201707-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2017-3512", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-04T16:22:49.275430Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-04T19:25:40.656Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE: 7u131", }, { status: "affected", version: "8u121", }, ], }, ], datePublic: "2017-04-18T00:00:00", descriptions: [ { lang: "en", value: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T09:57:01", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "GLSA-201705-03", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201705-03", }, { name: "97727", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97727", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", }, { name: "1038286", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038286", }, { name: "GLSA-201707-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201707-01", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2017-3512", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u131", }, { version_affected: "=", version_value: "8u121", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.", }, ], }, ], }, references: { reference_data: [ { name: "GLSA-201705-03", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201705-03", }, { name: "97727", refsource: "BID", url: "http://www.securityfocus.com/bid/97727", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", }, { name: "1038286", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038286", }, { name: "GLSA-201707-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201707-01", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2017-3512", datePublished: "2017-04-24T19:00:00", dateReserved: "2016-12-06T00:00:00", dateUpdated: "2024-10-04T19:25:40.656Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdk:1.7.0:update131:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BBA8749-EFC2-4055-A8AB-56D660C0BB70\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdk:1.8.0:update121:*:*:*:*:*:*\", \"matchCriteriaId\": \"34D1F91C-50D2-4D6A-BF4B-1B86F6909565\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jre:1.7.0:update_131:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C4946FF-E16B-4188-8BEA-1D5ABFBD54DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jre:1.8.0:update_121:*:*:*:*:*:*\", \"matchCriteriaId\": \"E463AEAC-F5DB-47E4-B863-E5D636895C51\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:icedtea:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.4.0\", \"matchCriteriaId\": \"B92D4C9E-8707-4E05-B12D-28C1AFCE2637\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: AWT). Versiones compatibles que son afectadas son Java SE: 7u131 y 8u121. Vulnerabilidad dificil de explotar permite autenticado atacante con acceso a la red a trav\\u00e9s de m\\u00faltiples protocolos para comprometer Java SE. Los ataques exitosos requieren la interacci\\u00f3n humana de una persona m\\u00e1s que un atacante y mientras la vulnerabilidad est\\u00e1 en Java SE, los ataques pueden afectar significativamente a otros productos. Los ataques con \\u00e9xito de esta vulnerabilidad pueden resultar en la adquisici\\u00f3n de Java SE. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, normalmente en clientes que ejecutan aplicaciones de Java Web Start en modo sandbox o en applets de Java protegidos, que cargan y ejecutan c\\u00f3digo no confiable (por ejemplo, c\\u00f3digo que proviene del Internet) y conf\\u00edan en el sandbox Java para seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan s\\u00f3lo c\\u00f3digo de confianza (por ejemplo, c\\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 8.3 (Confidencialidad, Integridad e Impactos de disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).\"}]", id: "CVE-2017-3512", lastModified: "2024-11-21T03:25:42.010", metrics: "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"baseScore\": 8.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:P/A:P\", \"baseScore\": 5.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 4.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}", published: "2017-04-24T19:59:03.223", references: "[{\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/97727\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038286\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://security.gentoo.org/glsa/201705-03\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201707-01\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/97727\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038286\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://security.gentoo.org/glsa/201705-03\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201707-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]", sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2017-3512\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2017-04-24T19:59:03.223\",\"lastModified\":\"2024-11-21T03:25:42.010\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: AWT). Versiones compatibles que son afectadas son Java SE: 7u131 y 8u121. Vulnerabilidad dificil de explotar permite autenticado atacante con acceso a la red a través de múltiples protocolos para comprometer Java SE. Los ataques exitosos requieren la interacción humana de una persona más que un atacante y mientras la vulnerabilidad está en Java SE, los ataques pueden afectar significativamente a otros productos. Los ataques con éxito de esta vulnerabilidad pueden resultar en la adquisición de Java SE. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, normalmente en clientes que ejecutan aplicaciones de Java Web Start en modo sandbox o en applets de Java protegidos, que cargan y ejecutan código no confiable (por ejemplo, código que proviene del Internet) y confían en el sandbox Java para seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan sólo código de confianza (por ejemplo, código instalado por un administrador). CVSS 3.0 Base Score 8.3 (Confidencialidad, Integridad e Impactos de disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.7.0:update131:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BBA8749-EFC2-4055-A8AB-56D660C0BB70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.8.0:update121:*:*:*:*:*:*\",\"matchCriteriaId\":\"34D1F91C-50D2-4D6A-BF4B-1B86F6909565\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.7.0:update_131:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C4946FF-E16B-4188-8BEA-1D5ABFBD54DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.8.0:update_121:*:*:*:*:*:*\",\"matchCriteriaId\":\"E463AEAC-F5DB-47E4-B863-E5D636895C51\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:icedtea:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.4.0\",\"matchCriteriaId\":\"B92D4C9E-8707-4E05-B12D-28C1AFCE2637\"}]}]}],\"references\":[{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/97727\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038286\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.gentoo.org/glsa/201705-03\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201707-01\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/97727\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038286\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.gentoo.org/glsa/201705-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201707-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.gentoo.org/glsa/201705-03\", \"name\": \"GLSA-201705-03\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/97727\", \"name\": \"97727\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1038286\", \"name\": \"1038286\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/201707-01\", \"name\": \"GLSA-201707-01\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T14:30:57.616Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2017-3512\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-04T16:22:49.275430Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-04T16:22:47.547Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Oracle Corporation\", \"product\": \"Java\", \"versions\": [{\"status\": \"affected\", \"version\": \"Java SE: 7u131\"}, {\"status\": \"affected\", \"version\": \"8u121\"}]}], \"datePublic\": \"2017-04-18T00:00:00\", \"references\": [{\"url\": \"https://security.gentoo.org/glsa/201705-03\", \"name\": \"GLSA-201705-03\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}, {\"url\": \"http://www.securityfocus.com/bid/97727\", \"name\": \"97727\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.securitytracker.com/id/1038286\", \"name\": \"1038286\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"https://security.gentoo.org/glsa/201707-01\", \"name\": \"GLSA-201707-01\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2017-07-10T09:57:01\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"Java SE: 7u131\", \"version_affected\": \"=\"}, {\"version_value\": \"8u121\", \"version_affected\": \"=\"}]}, \"product_name\": \"Java\"}]}, \"vendor_name\": \"Oracle Corporation\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://security.gentoo.org/glsa/201705-03\", \"name\": \"GLSA-201705-03\", \"refsource\": \"GENTOO\"}, {\"url\": \"http://www.securityfocus.com/bid/97727\", \"name\": \"97727\", \"refsource\": \"BID\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\", \"name\": \"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.securitytracker.com/id/1038286\", \"name\": \"1038286\", \"refsource\": \"SECTRACK\"}, {\"url\": \"https://security.gentoo.org/glsa/201707-01\", \"name\": \"GLSA-201707-01\", \"refsource\": \"GENTOO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2017-3512\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secalert_us@oracle.com\"}}}}", cveMetadata: "{\"cveId\": \"CVE-2017-3512\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-04T19:25:40.656Z\", \"dateReserved\": \"2016-12-06T00:00:00\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2017-04-24T19:00:00\", \"assignerShortName\": \"oracle\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
suse-su-2017:1400-1
Vulnerability from csaf_suse
Published
2017-05-24 14:23
Modified
2017-05-24 14:23
Summary
Security update for java-1_7_0-openjdk
Notes
Title of the patch
Security update for java-1_7_0-openjdk
Description of the patch
This update for java-1_7_0-openjdk fixes the following issues:
- Update to 2.6.10 - OpenJDK 7u141 (bsc#1034849)
* Security fixes
- S8163520, CVE-2017-3509: Reuse cache entries
- S8163528, CVE-2017-3511: Better library loading
- S8165626, CVE-2017-3512: Improved window framing
- S8167110, CVE-2017-3514: Windows peering issue
- S8169011, CVE-2017-3526: Resizing XML parse trees
- S8170222, CVE-2017-3533: Better transfers of files
- S8171121, CVE-2017-3539: Enhancing jar checking
- S8171533, CVE-2017-3544: Better email transfer
- S8172299: Improve class processing
* New features
- PR3347: jstack.stp should support AArch64
* Import of OpenJDK 7 u141 build 0
- S4717864: setFont() does not update Fonts of Menus already on
screen
- S6474807: (smartcardio) CardTerminal.connect() throws
CardException instead of CardNotPresentException
- S6518907: cleanup IA64 specific code in Hotspot
- S6869327: Add new C2 flag to keep safepoints in counted loops.
- S7112912: Message 'Error occurred during initialization of
VM' on boxes with lots of RAM
- S7124213: [macosx] pack() does ignore size of a component;
doesn't on the other platforms
- S7124219: [macosx] Unable to draw images to fullscreen
- S7124552: [macosx] NullPointerException in getBufferStrategy()
- S7148275: [macosx] setIconImages() not working correctly
(distorted icon when minimized)
- S7154841: [macosx] Popups appear behind taskbar
- S7155957:
closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java
hangs on win 64 bit with jdk8
- S7160627: [macosx] TextArea has wrong initial size
- S7167293: FtpURLConnection connection leak on
FileNotFoundException
- S7168851: [macosx] Netbeans crashes in
CImage.nativeCreateNSImageFromArray
- S7197203: sun/misc/URLClassPath/ClassnameCharTest.sh failed,
compile error
- S8005255: [macosx] Cleanup warnings in sun.lwawt
- S8006088: Incompatible heap size flags accepted by VM
- S8007295: Reduce number of warnings in awt classes
- S8010722: assert: failed: heap size is too big for compressed
oops
- S8011059: [macosx] Support automatic @2x images loading on
Mac OS X
- S8014058: Regression tests for 8006088
- S8014489:
tests/gc/arguments/Test(Serial|CMS|Parallel|G1)HeapSizeFlags
jtreg tests invoke wrong class
- S8016302: Change type of the number of GC workers to unsigned
int (2)
- S8024662: gc/arguments/TestUseCompressedOopsErgo.java does
not compile.
- S8024669: Native OOME when allocating after changes to
maximum heap supporting Coops sizing on sparcv9
- S8024926: [macosx] AquaIcon HiDPI support
- S8025974: l10n for policytool
- S8027025: [macosx] getLocationOnScreen returns 0 if parent
invisible
- S8028212: Custom cursor HiDPI support
- S8028471: PPC64 (part 215): opto: Extend ImplicitNullCheck
optimization.
- S8031573: [macosx] Checkmarks of JCheckBoxMenuItems aren't
rendered in high resolution on Retina
- S8033534: [macosx] Get MultiResolution image from native
system
- S8033786: White flashing when opening Dialogs and Menus using
Nimbus with dark background
- S8035568: [macosx] Cursor management unification
- S8041734: JFrame in full screen mode leaves empty workspace
after close
- S8059803: Update use of GetVersionEx to get correct Windows
version in hs_err files
- S8066504: GetVersionEx in
java.base/windows/native/libjava/java_props_md.c might not
get correct Windows version 0
- S8079595: Resizing dialog which is JWindow parent makes JVM
crash
- S8080729: [macosx] java 7 and 8 JDialogs on multiscreen jump
to parent frame on focus
- S8130769: The new menu can't be shown on the menubar after
clicking the 'Add' button.
- S8133357: 8u65 l10n resource file translation update
- S8146602:
jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java test
fails with NullPointerException
- S8147842: IME Composition Window is displayed at incorrect
location
- S8147910: Cache initial active_processor_count
- S8150490: Update OS detection code to recognize Windows
Server 2016
- S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints is
enabled
- S8161195: Regression:
closed/javax/swing/text/FlowView/LayoutTest.java
- S8161993: G1 crashes if active_processor_count changes during
startup
- S8162603: Unrecognized VM option 'UseCountedLoopSafepoints'
- S8162876: [TEST_BUG]
sun/net/www/protocol/http/HttpInputStream.java fails
intermittently
- S8164533: sun/security/ssl/SSLSocketImpl/CloseSocket.java
failed with 'Error while cleaning up threads after test'
- S8167179: Make XSL generated namespace prefixes local to
transformation process
- S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections
- S8169589: [macosx] Activating a JDialog puts to back another
dialog
- S8170307: Stack size option -Xss is ignored
- S8170316: (tz) Support tzdata2016j
- S8170814: Reuse cache entries (part II)
- S8171388: Update JNDI Thread contexts
- S8171949: [macosx] AWT_ZoomFrame Automated tests fail with
error: The bitwise mask Frame.ICONIFIED is not setwhen the
frame is in ICONIFIED state
- S8171952: [macosx]
AWT_Modality/Automated/ModalExclusion/NoExclusion/ModelessDialog
test fails as DummyButton on Dialog did not gain focus when
clicked.
- S8173931: 8u131 L10n resource file update
- S8174844: Incorrect GPL header causes RE script to miss swap
to commercial header for licensee source bundle
- S8175087: [bsd] Fix build after '8024900: PPC64: Enable new
build on AIX (jdk part)'
- S8175163: [bsd] Fix build after '8005629: javac warnings
compiling java.awt.EventDispatchThread...'
- S8176044: (tz) Support tzdata2017a
* Import of OpenJDK 7 u141 build 1
- S8043723: max_heap_for_compressed_oops() declared with
size_t, but defined with uintx
* Import of OpenJDK 7 u141 build 2
- S8011123: serialVersionUID of
java.awt.dnd.InvalidDnDOperationException changed in JDK8-b82
* Backports
- S6515172, PR3362: Runtime.availableProcessors() ignores Linux
taskset command
- S8022284, PR3209: Hide internal data structure in PhaseCFG
- S8023003, PR3209: Cleanup the public interface to PhaseCFG
- S8023691, PR3209: Create interface for nodes in class Block
- S8023988, PR3209: Move local scheduling of nodes to the CFG
creation and code motion phase (PhaseCFG)
- S8043780, PR3369: Use open(O_CLOEXEC) instead of
fcntl(FD_CLOEXEC)
- S8157306, PR3209: Random infrequent null pointer exceptions
in javac
- S8173783, PR3329: IllegalArgumentException:
jdk.tls.namedGroups
- S8173941, PR3330: SA does not work if executable is DSO
- S8174729, PR3361: Race Condition in
java.lang.reflect.WeakCache
* Bug fixes
- PR3349: Architectures unsupported by SystemTap tapsets throw
a parse error
- PR3370: Disable ARM32 JIT by default in jdk_generic_profile.sh
- PR3379: Perl should be mandatory
- PR3390: javac.in and javah.in should use @PERL@ rather than a
hardcoded path
* CACAO
- PR2732: Raise javadoc memory limits for CACAO again!
* AArch64 port
- S8177661, PR3367: Correct ad rule output register types from
iRegX to iRegXNoSp
- Get ecj.jar path from gcj, use the gcc variant that provides Java
to build C code to make sure jni.h is available.
- S8167104, CVE-2017-3289: Additional class construction
- S6253144: Long narrowing conversion should describe the
- S6328537: Improve javadocs for Socket class by adding
- S6978886: javadoc shows stacktrace after print error
- S6995421: Eliminate the static dependency to
- S7027045: (doc) java/awt/Window.java has several typos in
- S7054969: Null-check-in-finally pattern in java/security
- S7072353: JNDI libraries do not build with javac -Xlint:all
- S7092447: Clarify the default locale used in each locale
- S7103570: AtomicIntegerFieldUpdater does not work when
- S7187144: JavaDoc for ScriptEngineFactory.getProgram()
- S8000418: javadoc should used a standard 'generated by
- S8000666: javadoc should write directly to Writer instead of
- S8000970: break out auxiliary classes that will prevent
- S8001669: javadoc internal DocletAbortException should set
- S8011402: Move blacklisting certificate logic from hard code
- S8011547: Update XML Signature implementation to Apache
- S8012288: XML DSig API allows wrong tag names and extra
- S8017325: Cleanup of the javadoc <code> tag in
- S8017326: Cleanup of the javadoc <code> tag in
- S8019772: Fix doclint issues in javax.crypto and
- S8020688: Broken links in documentation at
- S8021108: Clean up doclint warnings and errors in java.text
- S8022120: JCK test
api/javax_xml/crypto/dsig/TransformService/index_ParamMethods
- S8025409: Fix javadoc comments errors and warning reported by
- S8026021: more fix of javadoc errors and warnings reported by
- S8037099: [macosx] Remove all references to GC from native
- S8038184: XMLSignature throws StringIndexOutOfBoundsException
- S8038349: Signing XML with DSA throws Exception when key is
- S8049244: XML Signature performance issue caused by
- S8050893: (smartcardio) Invert reset argument in tests in
- S8059212: Modify sun/security/smartcardio manual regression
- S8068279: (typo in the spec)
- S8068491: Update the protocol for references of
- S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs
- S8076369: Introduce the jdk.tls.client.protocols system
- S8139565: Restrict certificates with DSA keys less than 1024
- S8140422: Add mechanism to allow non default root CAs to be
- S8140587: Atomic*FieldUpdaters should use Class.isInstance
- S8149029: Secure validation of XML based digital signature
- S8151893: Add security property to configure XML Signature
- S8161228: URL objects with custom protocol handlers have port
- S8163304: jarsigner -verbose -verify should print the
- S8164908: ReflectionFactory support for IIOP and custom
- S8165230: RMIConnection addNotificationListeners failing with
- S8166393: disabledAlgorithms property should not be strictly
- S8166591: [macos 10.12] Trackpad scrolling of text on OS X
- S8166739: Improve extensibility of ObjectInputFilter
- S8167356: Follow up fix for jdk8 backport of 8164143. Changes
- S8167459: Add debug output for indicating if a chosen
- S8168861: AnchorCertificates uses hardcoded password for
- S8169688: Backout (remove) MD5 from
- S8169911: Enhanced tests for jarsigner -verbose -verify after
- S8170131: Certificates not being blocked by
- S8173854: [TEST] Update DHEKeySizing test case following
- S7102489, PR3316, RH1390708: RFE: cleanup jlong typedef on
- S8000351, PR3316, RH1390708: Tenuring threshold should be
- S8153711, PR3315, RH1284948: [REDO] JDWP: Memory Leak:
- S8170888, PR3316, RH1390708: [linux] Experimental support for
- PR3318: Replace 'infinality' with 'improved font rendering'
- PR3324: Fix NSS_LIBDIR substitution in
- S8165673, PR3320: AArch64: Fix JNI floating point argument
+ S6604109, PR3162:
- Add -fno-delete-null-pointer-checks -fno-lifetime-dse to try to
directory to be specified
versions of IcedTea
Patchnames
SUSE-SLE-DESKTOP-12-SP1-2017-864,SUSE-SLE-DESKTOP-12-SP2-2017-864,SUSE-SLE-RPI-12-SP2-2017-864,SUSE-SLE-SERVER-12-SP1-2017-864,SUSE-SLE-SERVER-12-SP2-2017-864
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for java-1_7_0-openjdk", title: "Title of the patch", }, { category: "description", text: "\nThis update for java-1_7_0-openjdk fixes the following issues:\n\n- Update to 2.6.10 - OpenJDK 7u141 (bsc#1034849)\n* Security fixes\n - S8163520, CVE-2017-3509: Reuse cache entries\n - S8163528, CVE-2017-3511: Better library loading\n - S8165626, CVE-2017-3512: Improved window framing\n - S8167110, CVE-2017-3514: Windows peering issue\n - S8169011, CVE-2017-3526: Resizing XML parse trees\n - S8170222, CVE-2017-3533: Better transfers of files\n - S8171121, CVE-2017-3539: Enhancing jar checking\n - S8171533, CVE-2017-3544: Better email transfer\n - S8172299: Improve class processing\n * New features\n - PR3347: jstack.stp should support AArch64\n * Import of OpenJDK 7 u141 build 0\n - S4717864: setFont() does not update Fonts of Menus already on\n screen\n - S6474807: (smartcardio) CardTerminal.connect() throws\n CardException instead of CardNotPresentException\n - S6518907: cleanup IA64 specific code in Hotspot\n - S6869327: Add new C2 flag to keep safepoints in counted loops.\n - S7112912: Message 'Error occurred during initialization of\n VM' on boxes with lots of RAM\n - S7124213: [macosx] pack() does ignore size of a component;\n doesn't on the other platforms\n - S7124219: [macosx] Unable to draw images to fullscreen\n - S7124552: [macosx] NullPointerException in getBufferStrategy()\n - S7148275: [macosx] setIconImages() not working correctly\n (distorted icon when minimized)\n - S7154841: [macosx] Popups appear behind taskbar\n - S7155957:\n closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java\n hangs on win 64 bit with jdk8\n - S7160627: [macosx] TextArea has wrong initial size\n - S7167293: FtpURLConnection connection leak on\n FileNotFoundException\n - S7168851: [macosx] Netbeans crashes in\n CImage.nativeCreateNSImageFromArray\n - S7197203: sun/misc/URLClassPath/ClassnameCharTest.sh failed,\n compile error\n - S8005255: [macosx] Cleanup warnings in sun.lwawt\n - S8006088: Incompatible heap size flags accepted by VM\n - S8007295: Reduce number of warnings in awt classes\n - S8010722: assert: failed: heap size is too big for compressed\n oops\n - S8011059: [macosx] Support automatic @2x images loading on\n Mac OS X\n - S8014058: Regression tests for 8006088\n - S8014489:\n tests/gc/arguments/Test(Serial|CMS|Parallel|G1)HeapSizeFlags\n jtreg tests invoke wrong class\n - S8016302: Change type of the number of GC workers to unsigned\n int (2)\n - S8024662: gc/arguments/TestUseCompressedOopsErgo.java does\n not compile.\n - S8024669: Native OOME when allocating after changes to\n maximum heap supporting Coops sizing on sparcv9\n - S8024926: [macosx] AquaIcon HiDPI support\n - S8025974: l10n for policytool\n - S8027025: [macosx] getLocationOnScreen returns 0 if parent\n invisible\n - S8028212: Custom cursor HiDPI support\n - S8028471: PPC64 (part 215): opto: Extend ImplicitNullCheck\n optimization.\n - S8031573: [macosx] Checkmarks of JCheckBoxMenuItems aren't\n rendered in high resolution on Retina\n - S8033534: [macosx] Get MultiResolution image from native\n system\n - S8033786: White flashing when opening Dialogs and Menus using\n Nimbus with dark background\n - S8035568: [macosx] Cursor management unification\n - S8041734: JFrame in full screen mode leaves empty workspace\n after close\n - S8059803: Update use of GetVersionEx to get correct Windows\n version in hs_err files\n - S8066504: GetVersionEx in\n java.base/windows/native/libjava/java_props_md.c might not\n get correct Windows version 0\n - S8079595: Resizing dialog which is JWindow parent makes JVM\n crash\n - S8080729: [macosx] java 7 and 8 JDialogs on multiscreen jump\n to parent frame on focus\n - S8130769: The new menu can't be shown on the menubar after\n clicking the 'Add' button.\n - S8133357: 8u65 l10n resource file translation update\n - S8146602:\n jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java test\n fails with NullPointerException\n - S8147842: IME Composition Window is displayed at incorrect\n location\n - S8147910: Cache initial active_processor_count\n - S8150490: Update OS detection code to recognize Windows\n Server 2016\n - S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints is\n enabled\n - S8161195: Regression:\n closed/javax/swing/text/FlowView/LayoutTest.java\n - S8161993: G1 crashes if active_processor_count changes during\n startup\n - S8162603: Unrecognized VM option 'UseCountedLoopSafepoints'\n - S8162876: [TEST_BUG]\n sun/net/www/protocol/http/HttpInputStream.java fails\n intermittently\n - S8164533: sun/security/ssl/SSLSocketImpl/CloseSocket.java\n failed with 'Error while cleaning up threads after test'\n - S8167179: Make XSL generated namespace prefixes local to\n transformation process\n - S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections\n - S8169589: [macosx] Activating a JDialog puts to back another\n dialog\n - S8170307: Stack size option -Xss is ignored\n - S8170316: (tz) Support tzdata2016j\n - S8170814: Reuse cache entries (part II)\n - S8171388: Update JNDI Thread contexts\n - S8171949: [macosx] AWT_ZoomFrame Automated tests fail with\n error: The bitwise mask Frame.ICONIFIED is not setwhen the\n frame is in ICONIFIED state\n - S8171952: [macosx]\n AWT_Modality/Automated/ModalExclusion/NoExclusion/ModelessDialog\n test fails as DummyButton on Dialog did not gain focus when\n clicked.\n - S8173931: 8u131 L10n resource file update\n - S8174844: Incorrect GPL header causes RE script to miss swap\n to commercial header for licensee source bundle\n - S8175087: [bsd] Fix build after '8024900: PPC64: Enable new\n build on AIX (jdk part)'\n - S8175163: [bsd] Fix build after '8005629: javac warnings\n compiling java.awt.EventDispatchThread...'\n - S8176044: (tz) Support tzdata2017a\n * Import of OpenJDK 7 u141 build 1\n - S8043723: max_heap_for_compressed_oops() declared with\n size_t, but defined with uintx\n * Import of OpenJDK 7 u141 build 2\n - S8011123: serialVersionUID of\n java.awt.dnd.InvalidDnDOperationException changed in JDK8-b82\n * Backports\n - S6515172, PR3362: Runtime.availableProcessors() ignores Linux\n taskset command\n - S8022284, PR3209: Hide internal data structure in PhaseCFG\n - S8023003, PR3209: Cleanup the public interface to PhaseCFG\n - S8023691, PR3209: Create interface for nodes in class Block\n - S8023988, PR3209: Move local scheduling of nodes to the CFG\n creation and code motion phase (PhaseCFG)\n - S8043780, PR3369: Use open(O_CLOEXEC) instead of\n fcntl(FD_CLOEXEC)\n - S8157306, PR3209: Random infrequent null pointer exceptions\n in javac\n - S8173783, PR3329: IllegalArgumentException:\n jdk.tls.namedGroups\n - S8173941, PR3330: SA does not work if executable is DSO\n - S8174729, PR3361: Race Condition in\n java.lang.reflect.WeakCache\n * Bug fixes\n - PR3349: Architectures unsupported by SystemTap tapsets throw\n a parse error\n - PR3370: Disable ARM32 JIT by default in jdk_generic_profile.sh\n - PR3379: Perl should be mandatory\n - PR3390: javac.in and javah.in should use @PERL@ rather than a\n hardcoded path\n * CACAO\n - PR2732: Raise javadoc memory limits for CACAO again!\n * AArch64 port\n - S8177661, PR3367: Correct ad rule output register types from\n iRegX to iRegXNoSp\n\n- Get ecj.jar path from gcj, use the gcc variant that provides Java\n to build C code to make sure jni.h is available.\n\n - S8167104, CVE-2017-3289: Additional class construction\n - S6253144: Long narrowing conversion should describe the\n - S6328537: Improve javadocs for Socket class by adding\n - S6978886: javadoc shows stacktrace after print error\n - S6995421: Eliminate the static dependency to\n - S7027045: (doc) java/awt/Window.java has several typos in\n - S7054969: Null-check-in-finally pattern in java/security\n - S7072353: JNDI libraries do not build with javac -Xlint:all\n - S7092447: Clarify the default locale used in each locale\n - S7103570: AtomicIntegerFieldUpdater does not work when\n - S7187144: JavaDoc for ScriptEngineFactory.getProgram()\n - S8000418: javadoc should used a standard 'generated by\n - S8000666: javadoc should write directly to Writer instead of\n - S8000970: break out auxiliary classes that will prevent\n - S8001669: javadoc internal DocletAbortException should set\n - S8011402: Move blacklisting certificate logic from hard code\n - S8011547: Update XML Signature implementation to Apache\n - S8012288: XML DSig API allows wrong tag names and extra\n - S8017325: Cleanup of the javadoc <code> tag in\n - S8017326: Cleanup of the javadoc <code> tag in\n - S8019772: Fix doclint issues in javax.crypto and\n - S8020688: Broken links in documentation at\n - S8021108: Clean up doclint warnings and errors in java.text\n - S8022120: JCK test\n api/javax_xml/crypto/dsig/TransformService/index_ParamMethods\n - S8025409: Fix javadoc comments errors and warning reported by\n - S8026021: more fix of javadoc errors and warnings reported by\n - S8037099: [macosx] Remove all references to GC from native\n - S8038184: XMLSignature throws StringIndexOutOfBoundsException\n - S8038349: Signing XML with DSA throws Exception when key is\n - S8049244: XML Signature performance issue caused by\n - S8050893: (smartcardio) Invert reset argument in tests in\n - S8059212: Modify sun/security/smartcardio manual regression\n - S8068279: (typo in the spec)\n - S8068491: Update the protocol for references of\n - S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs\n - S8076369: Introduce the jdk.tls.client.protocols system\n - S8139565: Restrict certificates with DSA keys less than 1024\n - S8140422: Add mechanism to allow non default root CAs to be\n - S8140587: Atomic*FieldUpdaters should use Class.isInstance\n - S8149029: Secure validation of XML based digital signature\n - S8151893: Add security property to configure XML Signature\n - S8161228: URL objects with custom protocol handlers have port\n - S8163304: jarsigner -verbose -verify should print the\n - S8164908: ReflectionFactory support for IIOP and custom\n - S8165230: RMIConnection addNotificationListeners failing with\n - S8166393: disabledAlgorithms property should not be strictly\n - S8166591: [macos 10.12] Trackpad scrolling of text on OS X\n - S8166739: Improve extensibility of ObjectInputFilter\n - S8167356: Follow up fix for jdk8 backport of 8164143. Changes\n - S8167459: Add debug output for indicating if a chosen\n - S8168861: AnchorCertificates uses hardcoded password for\n - S8169688: Backout (remove) MD5 from\n - S8169911: Enhanced tests for jarsigner -verbose -verify after\n - S8170131: Certificates not being blocked by\n - S8173854: [TEST] Update DHEKeySizing test case following\n - S7102489, PR3316, RH1390708: RFE: cleanup jlong typedef on\n - S8000351, PR3316, RH1390708: Tenuring threshold should be\n - S8153711, PR3315, RH1284948: [REDO] JDWP: Memory Leak:\n - S8170888, PR3316, RH1390708: [linux] Experimental support for\n - PR3318: Replace 'infinality' with 'improved font rendering'\n - PR3324: Fix NSS_LIBDIR substitution in\n - S8165673, PR3320: AArch64: Fix JNI floating point argument\n + S6604109, PR3162:\n- Add -fno-delete-null-pointer-checks -fno-lifetime-dse to try to\n directory to be specified\n versions of IcedTea\n", title: "Description of the patch", }, { category: "details", text: "SUSE-SLE-DESKTOP-12-SP1-2017-864,SUSE-SLE-DESKTOP-12-SP2-2017-864,SUSE-SLE-RPI-12-SP2-2017-864,SUSE-SLE-SERVER-12-SP1-2017-864,SUSE-SLE-SERVER-12-SP2-2017-864", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_1400-1.json", }, { category: "self", summary: "URL for SUSE-SU-2017:1400-1", url: "https://www.suse.com/support/update/announcement/2017/suse-su-20171400-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2017:1400-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2017-May/002920.html", }, { category: "self", summary: "SUSE Bug 1034849", url: "https://bugzilla.suse.com/1034849", }, { category: "self", summary: "SUSE CVE CVE-2017-3289 page", url: "https://www.suse.com/security/cve/CVE-2017-3289/", }, { category: "self", summary: "SUSE CVE CVE-2017-3509 page", url: "https://www.suse.com/security/cve/CVE-2017-3509/", }, { category: "self", summary: "SUSE CVE CVE-2017-3511 page", url: "https://www.suse.com/security/cve/CVE-2017-3511/", }, { category: "self", summary: "SUSE CVE CVE-2017-3512 page", url: "https://www.suse.com/security/cve/CVE-2017-3512/", }, { category: "self", summary: "SUSE CVE CVE-2017-3514 page", url: "https://www.suse.com/security/cve/CVE-2017-3514/", }, { category: "self", summary: "SUSE CVE CVE-2017-3526 page", url: "https://www.suse.com/security/cve/CVE-2017-3526/", }, { category: "self", summary: "SUSE CVE CVE-2017-3533 page", url: "https://www.suse.com/security/cve/CVE-2017-3533/", }, { category: "self", summary: "SUSE CVE CVE-2017-3539 page", url: "https://www.suse.com/security/cve/CVE-2017-3539/", }, { category: "self", summary: "SUSE CVE CVE-2017-3544 page", url: "https://www.suse.com/security/cve/CVE-2017-3544/", }, ], title: "Security update for java-1_7_0-openjdk", tracking: { current_release_date: "2017-05-24T14:23:03Z", generator: { date: "2017-05-24T14:23:03Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2017:1400-1", initial_release_date: "2017-05-24T14:23:03Z", revision_history: [ { date: "2017-05-24T14:23:03Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", product: { name: "java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", product_id: "java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", }, }, { category: "product_version", name: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", product: { name: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", product_id: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", }, }, { category: "product_version", name: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", product: { name: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", product_id: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", }, }, { category: "product_version", name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", product: { name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", product_id: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", product: { name: "java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", product_id: "java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", }, }, { category: "product_version", name: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", product: { name: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", product_id: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", }, }, { category: "product_version", name: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", product: { name: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", product_id: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", }, }, { category: "product_version", name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", product: { name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", product_id: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "java-1_7_0-openjdk-1.7.0.141-42.1.s390x", product: { name: "java-1_7_0-openjdk-1.7.0.141-42.1.s390x", product_id: "java-1_7_0-openjdk-1.7.0.141-42.1.s390x", }, }, { category: "product_version", name: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", product: { name: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", product_id: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", }, }, { category: "product_version", name: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", product: { name: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", product_id: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", }, }, { category: "product_version", name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", product: { name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", product_id: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", product: { name: "java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", product_id: "java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", }, }, { category: "product_version", name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", product: { name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", product_id: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", }, }, { category: "product_version", name: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", product: { name: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", product_id: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", }, }, { category: "product_version", name: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", product: { name: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", product_id: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Desktop 12 SP1", product: { name: "SUSE Linux Enterprise Desktop 12 SP1", product_id: "SUSE Linux Enterprise Desktop 12 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sled:12:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Desktop 12 SP2", product: { name: "SUSE Linux Enterprise Desktop 12 SP2", product_id: "SUSE Linux Enterprise Desktop 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sled:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product: { name: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP1", product: { name: "SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP2", product: { name: "SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp2", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-1.7.0.141-42.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1", product_id: "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", }, product_reference: "java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1", product_id: "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", }, product_reference: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-1.7.0.141-42.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2", product_id: "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", }, product_reference: "java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2", product_id: "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", }, product_reference: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-1.7.0.141-42.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", }, product_reference: "java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", }, product_reference: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", }, product_reference: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", }, product_reference: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", }, product_reference: "java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-1.7.0.141-42.1.s390x as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", }, product_reference: "java-1_7_0-openjdk-1.7.0.141-42.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-1.7.0.141-42.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", }, product_reference: "java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", }, product_reference: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", }, product_reference: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", }, product_reference: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", }, product_reference: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", }, product_reference: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", }, product_reference: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", }, product_reference: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", }, product_reference: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", }, product_reference: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", }, product_reference: "java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-1.7.0.141-42.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", }, product_reference: "java-1_7_0-openjdk-1.7.0.141-42.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-1.7.0.141-42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", }, product_reference: "java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", }, product_reference: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", }, product_reference: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", }, product_reference: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", }, product_reference: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", }, product_reference: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", }, product_reference: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", }, product_reference: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", }, product_reference: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", }, product_reference: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-1.7.0.141-42.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", }, product_reference: "java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", }, product_reference: "java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-1.7.0.141-42.1.s390x as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", }, product_reference: "java-1_7_0-openjdk-1.7.0.141-42.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-1.7.0.141-42.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", }, product_reference: "java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", }, product_reference: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", }, product_reference: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", }, product_reference: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", }, product_reference: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", }, product_reference: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", }, product_reference: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", }, product_reference: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", }, product_reference: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", }, product_reference: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", }, product_reference: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", }, product_reference: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", }, product_reference: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-1.7.0.141-42.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", }, product_reference: "java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", }, product_reference: "java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-1.7.0.141-42.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", }, product_reference: "java-1_7_0-openjdk-1.7.0.141-42.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-1.7.0.141-42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", }, product_reference: "java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", }, product_reference: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", }, product_reference: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", }, product_reference: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", }, product_reference: "java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", }, product_reference: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", }, product_reference: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", }, product_reference: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", }, product_reference: "java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", }, product_reference: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", }, product_reference: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", }, product_reference: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", }, product_reference: "java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, ], }, vulnerabilities: [ { cve: "CVE-2017-3289", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3289", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3289", url: "https://www.suse.com/security/cve/CVE-2017-3289", }, { category: "external", summary: "SUSE Bug 1020905 for CVE-2017-3289", url: "https://bugzilla.suse.com/1020905", }, { category: "external", summary: "SUSE Bug 1024218 for CVE-2017-3289", url: "https://bugzilla.suse.com/1024218", }, { category: "external", summary: "SUSE Bug 1163365 for CVE-2017-3289", url: "https://bugzilla.suse.com/1163365", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.6, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-24T14:23:03Z", details: "critical", }, ], title: "CVE-2017-3289", }, { cve: "CVE-2017-3509", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3509", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3509", url: "https://www.suse.com/security/cve/CVE-2017-3509", }, { category: "external", summary: "SUSE Bug 1034849 for CVE-2017-3509", url: "https://bugzilla.suse.com/1034849", }, { category: "external", summary: "SUSE Bug 1038505 for CVE-2017-3509", url: "https://bugzilla.suse.com/1038505", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-24T14:23:03Z", details: "moderate", }, ], title: "CVE-2017-3509", }, { cve: "CVE-2017-3511", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3511", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3511", url: "https://www.suse.com/security/cve/CVE-2017-3511", }, { category: "external", summary: "SUSE Bug 1034849 for CVE-2017-3511", url: "https://bugzilla.suse.com/1034849", }, { category: "external", summary: "SUSE Bug 1038505 for CVE-2017-3511", url: "https://bugzilla.suse.com/1038505", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.7, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-24T14:23:03Z", details: "important", }, ], title: "CVE-2017-3511", }, { cve: "CVE-2017-3512", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3512", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3512", url: "https://www.suse.com/security/cve/CVE-2017-3512", }, { category: "external", summary: "SUSE Bug 1034849 for CVE-2017-3512", url: "https://bugzilla.suse.com/1034849", }, { category: "external", summary: "SUSE Bug 1038505 for CVE-2017-3512", url: "https://bugzilla.suse.com/1038505", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-24T14:23:03Z", details: "moderate", }, ], title: "CVE-2017-3512", }, { cve: "CVE-2017-3514", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3514", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3514", url: "https://www.suse.com/security/cve/CVE-2017-3514", }, { category: "external", summary: "SUSE Bug 1034849 for CVE-2017-3514", url: "https://bugzilla.suse.com/1034849", }, { category: "external", summary: "SUSE Bug 1038505 for CVE-2017-3514", url: "https://bugzilla.suse.com/1038505", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-24T14:23:03Z", details: "moderate", }, ], title: "CVE-2017-3514", }, { cve: "CVE-2017-3526", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3526", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3526", url: "https://www.suse.com/security/cve/CVE-2017-3526", }, { category: "external", summary: "SUSE Bug 1034849 for CVE-2017-3526", url: "https://bugzilla.suse.com/1034849", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-24T14:23:03Z", details: "important", }, ], title: "CVE-2017-3526", }, { cve: "CVE-2017-3533", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3533", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3533", url: "https://www.suse.com/security/cve/CVE-2017-3533", }, { category: "external", summary: "SUSE Bug 1034849 for CVE-2017-3533", url: "https://bugzilla.suse.com/1034849", }, { category: "external", summary: "SUSE Bug 1038505 for CVE-2017-3533", url: "https://bugzilla.suse.com/1038505", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-24T14:23:03Z", details: "moderate", }, ], title: "CVE-2017-3533", }, { cve: "CVE-2017-3539", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3539", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3539", url: "https://www.suse.com/security/cve/CVE-2017-3539", }, { category: "external", summary: "SUSE Bug 1005522 for CVE-2017-3539", url: "https://bugzilla.suse.com/1005522", }, { category: "external", summary: "SUSE Bug 1034849 for CVE-2017-3539", url: "https://bugzilla.suse.com/1034849", }, { category: "external", summary: "SUSE Bug 1038505 for CVE-2017-3539", url: "https://bugzilla.suse.com/1038505", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-24T14:23:03Z", details: "low", }, ], title: "CVE-2017-3539", }, { cve: "CVE-2017-3544", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3544", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3544", url: "https://www.suse.com/security/cve/CVE-2017-3544", }, { category: "external", summary: "SUSE Bug 1034849 for CVE-2017-3544", url: "https://bugzilla.suse.com/1034849", }, { category: "external", summary: "SUSE Bug 1038505 for CVE-2017-3544", url: "https://bugzilla.suse.com/1038505", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-demo-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-devel-1.7.0.141-42.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_7_0-openjdk-headless-1.7.0.141-42.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-24T14:23:03Z", details: "important", }, ], title: "CVE-2017-3544", }, ], }
suse-su-2017:1445-1
Vulnerability from csaf_suse
Published
2017-05-30 11:19
Modified
2017-05-30 11:19
Summary
Security update for java-1_8_0-openjdk
Notes
Title of the patch
Security update for java-1_8_0-openjdk
Description of the patch
This update for java-1_8_0-openjdk fixes the following issues:
- Upgrade to version jdk8u131 (icedtea 3.4.0) - bsc#1034849
* Security fixes
- S8163520, CVE-2017-3509: Reuse cache entries
- S8163528, CVE-2017-3511: Better library loading
- S8165626, CVE-2017-3512: Improved window framing
- S8167110, CVE-2017-3514: Windows peering issue
- S8168699: Validate special case invocations
- S8169011, CVE-2017-3526: Resizing XML parse trees
- S8170222, CVE-2017-3533: Better transfers of files
- S8171121, CVE-2017-3539: Enhancing jar checking
- S8171533, CVE-2017-3544: Better email transfer
- S8172299: Improve class processing
* New features
- PR1969: Add AArch32 JIT port
- PR3297: Allow Shenandoah to be used on AArch64
- PR3340: jstack.stp should support AArch64
* Import of OpenJDK 8 u131 build 11
- S6474807: (smartcardio) CardTerminal.connect() throws
CardException instead of CardNotPresentException
- S6515172, PR3346: Runtime.availableProcessors() ignores Linux
taskset command
- S7155957:
closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java
hangs on win 64 bit with jdk8
- S7167293: FtpURLConnection connection leak on
FileNotFoundException
- S8035568: [macosx] Cursor management unification
- S8079595: Resizing dialog which is JWindow parent makes JVM
crash
- S8130769: The new menu can't be shown on the menubar after
clicking the 'Add' button.
- S8146602:
jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java test
fails with NullPointerException
- S8147842: IME Composition Window is displayed at incorrect
location
- S8147910, PR3346: Cache initial active_processor_count
- S8150490: Update OS detection code to recognize Windows
Server 2016
- S8160951: [TEST_BUG]
javax/xml/bind/marshal/8134111/UnmarshalTest.java should be
added into :needs_jre group
- S8160958: [TEST_BUG]
java/net/SetFactoryPermission/SetFactoryPermission.java
should be added into :needs_compact2 group
- S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints is
enabled
- S8161195: Regression:
closed/javax/swing/text/FlowView/LayoutTest.java
- S8161993, PR3346: G1 crashes if active_processor_count
changes during startup
- S8162876: [TEST_BUG]
sun/net/www/protocol/http/HttpInputStream.java fails
intermittently
- S8162916: Test sun/security/krb5/auto/UnboundSSL.java fails
- S8164533: sun/security/ssl/SSLSocketImpl/CloseSocket.java
failed with 'Error while cleaning up threads after test'
- S8167179: Make XSL generated namespace prefixes local to
transformation process
- S8168774: Polymorhic signature method check crashes javac
- S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections
- S8169589: [macosx] Activating a JDialog puts to back another
dialog
- S8170307: Stack size option -Xss is ignored
- S8170316: (tz) Support tzdata2016j
- S8170814: Reuse cache entries (part II)
- S8170888, PR3314, RH1284948: [linux] Experimental support for
cgroup memory limits in container (ie Docker) environments
- S8171388: Update JNDI Thread contexts
- S8171949: [macosx] AWT_ZoomFrame Automated tests fail with
error: The bitwise mask Frame.ICONIFIED is not setwhen the
frame is in ICONIFIED state
- S8171952: [macosx]
AWT_Modality/Automated/ModalExclusion/NoExclusion/ModelessDialog
test fails as DummyButton on Dialog did not gain focus when
clicked.
- S8173030: Temporary backout fix #8035568 from 8u131-b03
- S8173031: Temporary backout fix #8171952 from 8u131-b03
- S8173783, PR3328: IllegalArgumentException:
jdk.tls.namedGroups
- S8173931: 8u131 L10n resource file update
- S8174844: Incorrect GPL header causes RE script to miss swap
to commercial header for licensee source bundle
- S8174985: NTLM authentication doesn't work with IIS if NTLM
cache is disabled
- S8176044: (tz) Support tzdata2017a
* Backports
- S6457406, PR3335: javadoc doesn't handle <a
href='http://...'> properly in producing index pages
- S8030245, PR3335: Update langtools to use try-with-resources
and multi-catch
- S8030253, PR3335: Update langtools to use strings-in-switch
- S8030262, PR3335: Update langtools to use foreach loops
- S8031113, PR3337: TEST_BUG:
java/nio/channels/AsynchronousChannelGroup/Basic.java fails
intermittently
- S8031625, PR3335: javadoc problems referencing inner class
constructors
- S8031649, PR3335: Clean up javadoc tests
- S8031670, PR3335: Remove unneeded -source options in javadoc
tests
- S8032066, PR3335: Serialized form has broken links to non
private inner classes of package private
- S8034174, PR2290: Remove use of JVM_* functions from java.net
code
- S8034182, PR2290: Misc. warnings in java.net code
- S8035876, PR2290: AIX build issues after '8034174: Remove use
of JVM_* functions from java.net code'
- S8038730, PR3335: Clean up the way JavadocTester is invoked,
and checks for errors.
- S8040903, PR3335: Clean up use of BUG_ID in javadoc tests
- S8040904, PR3335: Ensure javadoc tests do not overwrite
results within tests
- S8040908, PR3335: javadoc test TestDocEncoding should use
-notimestamp
- S8041150, PR3335: Avoid silly use of static methods in
JavadocTester
- S8041253, PR3335: Avoid redundant synonyms of NO_TEST
- S8043780, PR3368: Use open(O_CLOEXEC) instead of
fcntl(FD_CLOEXEC)
- S8061305, PR3335: Javadoc crashes when method name ends with
'Property'
- S8072452, PR3337: Support DHE sizes up to 8192-bits and DSA
sizes up to 3072-bits
- S8075565, PR3337: Define @intermittent jtreg keyword and mark
intermittently failing jdk tests
- S8075670, PR3337: Remove intermittent keyword from some tests
- S8078334, PR3337: Mark regression tests using randomness
- S8078880, PR3337: Mark a few more intermittently failuring
security-libs
- S8133318, PR3337: Exclude intermittent failing PKCS11 tests
on Solaris SPARC 11.1 and earlier
- S8144539, PR3337: Update PKCS11 tests to run with security
manager
- S8144566, PR3352: Custom HostnameVerifier disables SNI
extension
- S8153711, PR3313, RH1284948: [REDO] JDWP: Memory Leak:
GlobalRefs never deleted when processing invokeMethod command
- S8155049, PR3352: New tests from 8144566 fail with 'No
expected Server Name Indication'
- S8173941, PR3326: SA does not work if executable is DSO
- S8174164, PR3334, RH1417266: SafePointNode::_replaced_nodes
breaks with irreducible loops
- S8174729, PR3336, RH1420518: Race Condition in
java.lang.reflect.WeakCache
- S8175097, PR3334, RH1417266: [TESTBUG] 8174164 fix missed the
test
* Bug fixes
- PR3348: Architectures unsupported by SystemTap tapsets throw
a parse error
- PR3378: Perl should be mandatory
- PR3389: javac.in and javah.in should use @PERL@ rather than a
hardcoded path
* AArch64 port
- S8168699, PR3372: Validate special case invocations [AArch64
support]
- S8170100, PR3372: AArch64: Crash in C1-compiled code
accessing References
- S8172881, PR3372: AArch64: assertion failure: the int
pressure is incorrect
- S8173472, PR3372: AArch64: C1 comparisons with null only use
32-bit instructions
- S8177661, PR3372: Correct ad rule output register types from
iRegX to iRegXNoSp
* AArch32 port
- PR3380: Zero should not be enabled by default on arm with the
AArch32 HotSpot build
- PR3384, S8139303, S8167584: Add support for AArch32
architecture to configure and jdk makefiles
- PR3385: aarch32 does not support -Xshare:dump
- PR3386, S8164652: AArch32 jvm.cfg wrong for C1 build
- PR3387: Installation fails on arm with AArch32 port as
INSTALL_ARCH_DIR is arm, not aarch32
- PR3388: Wrong path for jvm.cfg being used on arm with AArch32
build
* Shenandoah
- Fix Shenandoah argument checking on 32bit builds.
- Import from Shenandoah tag
aarch64-shenandoah-jdk8u101-b14-shenandoah-merge-2016-07-25
- Import from Shenandoah tag
aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-02-20
- Import from Shenandoah tag
aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-06
- Import from Shenandoah tag
aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-09
- Import from Shenandoah tag
aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-23
Patchnames
SUSE-SLE-DESKTOP-12-SP2-2017-879,SUSE-SLE-RPI-12-SP2-2017-879,SUSE-SLE-SERVER-12-SP2-2017-879
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for java-1_8_0-openjdk", title: "Title of the patch", }, { category: "description", text: "\nThis update for java-1_8_0-openjdk fixes the following issues:\n\n- Upgrade to version jdk8u131 (icedtea 3.4.0) - bsc#1034849\n * Security fixes\n - S8163520, CVE-2017-3509: Reuse cache entries\n - S8163528, CVE-2017-3511: Better library loading\n - S8165626, CVE-2017-3512: Improved window framing\n - S8167110, CVE-2017-3514: Windows peering issue\n - S8168699: Validate special case invocations\n - S8169011, CVE-2017-3526: Resizing XML parse trees\n - S8170222, CVE-2017-3533: Better transfers of files\n - S8171121, CVE-2017-3539: Enhancing jar checking\n - S8171533, CVE-2017-3544: Better email transfer\n - S8172299: Improve class processing\n * New features\n - PR1969: Add AArch32 JIT port\n - PR3297: Allow Shenandoah to be used on AArch64\n - PR3340: jstack.stp should support AArch64\n * Import of OpenJDK 8 u131 build 11\n - S6474807: (smartcardio) CardTerminal.connect() throws\n CardException instead of CardNotPresentException\n - S6515172, PR3346: Runtime.availableProcessors() ignores Linux\n taskset command\n - S7155957:\n closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java\n hangs on win 64 bit with jdk8\n - S7167293: FtpURLConnection connection leak on\n FileNotFoundException\n - S8035568: [macosx] Cursor management unification\n - S8079595: Resizing dialog which is JWindow parent makes JVM\n crash\n - S8130769: The new menu can't be shown on the menubar after\n clicking the 'Add' button.\n - S8146602:\n jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java test\n fails with NullPointerException\n - S8147842: IME Composition Window is displayed at incorrect\n location\n - S8147910, PR3346: Cache initial active_processor_count\n - S8150490: Update OS detection code to recognize Windows\n Server 2016\n - S8160951: [TEST_BUG]\n javax/xml/bind/marshal/8134111/UnmarshalTest.java should be\n added into :needs_jre group\n - S8160958: [TEST_BUG]\n java/net/SetFactoryPermission/SetFactoryPermission.java\n should be added into :needs_compact2 group\n - S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints is\n enabled\n - S8161195: Regression:\n closed/javax/swing/text/FlowView/LayoutTest.java\n - S8161993, PR3346: G1 crashes if active_processor_count\n changes during startup\n - S8162876: [TEST_BUG]\n sun/net/www/protocol/http/HttpInputStream.java fails\n intermittently\n - S8162916: Test sun/security/krb5/auto/UnboundSSL.java fails\n - S8164533: sun/security/ssl/SSLSocketImpl/CloseSocket.java\n failed with 'Error while cleaning up threads after test'\n - S8167179: Make XSL generated namespace prefixes local to\n transformation process\n - S8168774: Polymorhic signature method check crashes javac\n - S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections\n - S8169589: [macosx] Activating a JDialog puts to back another\n dialog\n - S8170307: Stack size option -Xss is ignored\n - S8170316: (tz) Support tzdata2016j\n - S8170814: Reuse cache entries (part II)\n - S8170888, PR3314, RH1284948: [linux] Experimental support for\n cgroup memory limits in container (ie Docker) environments\n - S8171388: Update JNDI Thread contexts\n - S8171949: [macosx] AWT_ZoomFrame Automated tests fail with\n error: The bitwise mask Frame.ICONIFIED is not setwhen the\n frame is in ICONIFIED state\n - S8171952: [macosx]\n AWT_Modality/Automated/ModalExclusion/NoExclusion/ModelessDialog\n test fails as DummyButton on Dialog did not gain focus when\n\t clicked.\n - S8173030: Temporary backout fix #8035568 from 8u131-b03\n - S8173031: Temporary backout fix #8171952 from 8u131-b03\n - S8173783, PR3328: IllegalArgumentException:\n jdk.tls.namedGroups\n - S8173931: 8u131 L10n resource file update\n - S8174844: Incorrect GPL header causes RE script to miss swap\n to commercial header for licensee source bundle\n - S8174985: NTLM authentication doesn't work with IIS if NTLM\n cache is disabled\n - S8176044: (tz) Support tzdata2017a\n * Backports\n - S6457406, PR3335: javadoc doesn't handle <a\n href='http://...'> properly in producing index pages\n - S8030245, PR3335: Update langtools to use try-with-resources\n and multi-catch\n - S8030253, PR3335: Update langtools to use strings-in-switch\n - S8030262, PR3335: Update langtools to use foreach loops\n - S8031113, PR3337: TEST_BUG:\n java/nio/channels/AsynchronousChannelGroup/Basic.java fails\n intermittently\n - S8031625, PR3335: javadoc problems referencing inner class\n constructors\n - S8031649, PR3335: Clean up javadoc tests\n - S8031670, PR3335: Remove unneeded -source options in javadoc\n tests\n - S8032066, PR3335: Serialized form has broken links to non\n private inner classes of package private\n - S8034174, PR2290: Remove use of JVM_* functions from java.net\n code\n - S8034182, PR2290: Misc. warnings in java.net code\n - S8035876, PR2290: AIX build issues after '8034174: Remove use\n of JVM_* functions from java.net code'\n - S8038730, PR3335: Clean up the way JavadocTester is invoked,\n and checks for errors.\n - S8040903, PR3335: Clean up use of BUG_ID in javadoc tests\n - S8040904, PR3335: Ensure javadoc tests do not overwrite\n results within tests\n - S8040908, PR3335: javadoc test TestDocEncoding should use\n -notimestamp\n - S8041150, PR3335: Avoid silly use of static methods in\n JavadocTester\n - S8041253, PR3335: Avoid redundant synonyms of NO_TEST\n - S8043780, PR3368: Use open(O_CLOEXEC) instead of\n fcntl(FD_CLOEXEC)\n - S8061305, PR3335: Javadoc crashes when method name ends with\n 'Property'\n - S8072452, PR3337: Support DHE sizes up to 8192-bits and DSA\n sizes up to 3072-bits\n - S8075565, PR3337: Define @intermittent jtreg keyword and mark\n intermittently failing jdk tests\n - S8075670, PR3337: Remove intermittent keyword from some tests\n - S8078334, PR3337: Mark regression tests using randomness\n - S8078880, PR3337: Mark a few more intermittently failuring\n security-libs\n - S8133318, PR3337: Exclude intermittent failing PKCS11 tests\n on Solaris SPARC 11.1 and earlier\n - S8144539, PR3337: Update PKCS11 tests to run with security\n manager\n - S8144566, PR3352: Custom HostnameVerifier disables SNI\n extension\n - S8153711, PR3313, RH1284948: [REDO] JDWP: Memory Leak:\n GlobalRefs never deleted when processing invokeMethod command\n - S8155049, PR3352: New tests from 8144566 fail with 'No\n expected Server Name Indication'\n - S8173941, PR3326: SA does not work if executable is DSO\n - S8174164, PR3334, RH1417266: SafePointNode::_replaced_nodes\n breaks with irreducible loops\n - S8174729, PR3336, RH1420518: Race Condition in\n java.lang.reflect.WeakCache\n - S8175097, PR3334, RH1417266: [TESTBUG] 8174164 fix missed the\n test\n * Bug fixes\n - PR3348: Architectures unsupported by SystemTap tapsets throw\n a parse error\n - PR3378: Perl should be mandatory\n - PR3389: javac.in and javah.in should use @PERL@ rather than a\n hardcoded path\n * AArch64 port\n - S8168699, PR3372: Validate special case invocations [AArch64\n support]\n - S8170100, PR3372: AArch64: Crash in C1-compiled code\n accessing References\n - S8172881, PR3372: AArch64: assertion failure: the int\n pressure is incorrect\n - S8173472, PR3372: AArch64: C1 comparisons with null only use\n 32-bit instructions\n - S8177661, PR3372: Correct ad rule output register types from\n iRegX to iRegXNoSp\n * AArch32 port\n - PR3380: Zero should not be enabled by default on arm with the\n AArch32 HotSpot build\n - PR3384, S8139303, S8167584: Add support for AArch32\n architecture to configure and jdk makefiles\n - PR3385: aarch32 does not support -Xshare:dump\n - PR3386, S8164652: AArch32 jvm.cfg wrong for C1 build\n - PR3387: Installation fails on arm with AArch32 port as\n INSTALL_ARCH_DIR is arm, not aarch32\n - PR3388: Wrong path for jvm.cfg being used on arm with AArch32\n build\n * Shenandoah\n - Fix Shenandoah argument checking on 32bit builds.\n - Import from Shenandoah tag\n aarch64-shenandoah-jdk8u101-b14-shenandoah-merge-2016-07-25\n - Import from Shenandoah tag\n aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-02-20\n - Import from Shenandoah tag\n aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-06\n - Import from Shenandoah tag\n aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-09\n - Import from Shenandoah tag\n aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-23\n", title: "Description of the patch", }, { category: "details", text: "SUSE-SLE-DESKTOP-12-SP2-2017-879,SUSE-SLE-RPI-12-SP2-2017-879,SUSE-SLE-SERVER-12-SP2-2017-879", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_1445-1.json", }, { category: "self", summary: "URL for SUSE-SU-2017:1445-1", url: "https://www.suse.com/support/update/announcement/2017/suse-su-20171445-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2017:1445-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2017-May/002928.html", }, { category: "self", summary: "SUSE Bug 1034849", url: "https://bugzilla.suse.com/1034849", }, { category: "self", summary: "SUSE CVE CVE-2017-3509 page", url: "https://www.suse.com/security/cve/CVE-2017-3509/", }, { category: "self", summary: "SUSE CVE CVE-2017-3511 page", url: "https://www.suse.com/security/cve/CVE-2017-3511/", }, { category: "self", summary: "SUSE CVE CVE-2017-3512 page", url: "https://www.suse.com/security/cve/CVE-2017-3512/", }, { category: "self", summary: "SUSE CVE CVE-2017-3514 page", url: "https://www.suse.com/security/cve/CVE-2017-3514/", }, { category: "self", summary: "SUSE CVE CVE-2017-3526 page", url: "https://www.suse.com/security/cve/CVE-2017-3526/", }, { category: "self", summary: "SUSE CVE CVE-2017-3533 page", url: "https://www.suse.com/security/cve/CVE-2017-3533/", }, { category: "self", summary: "SUSE CVE CVE-2017-3539 page", url: "https://www.suse.com/security/cve/CVE-2017-3539/", }, { category: "self", summary: "SUSE CVE CVE-2017-3544 page", url: "https://www.suse.com/security/cve/CVE-2017-3544/", }, ], title: "Security update for java-1_8_0-openjdk", tracking: { current_release_date: "2017-05-30T11:19:00Z", generator: { date: "2017-05-30T11:19:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2017:1445-1", initial_release_date: "2017-05-30T11:19:00Z", revision_history: [ { date: "2017-05-30T11:19:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", product: { name: "java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", product_id: "java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", }, }, { category: "product_version", name: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", product: { name: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", product_id: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", }, }, { category: "product_version", name: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", product: { name: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", product_id: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", }, }, { category: "product_version", name: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", product: { name: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", product_id: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", product: { name: "java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", product_id: "java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", product: { name: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", product_id: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", product: { name: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", product_id: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", product: { name: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", product_id: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "java-1_8_0-openjdk-1.8.0.131-26.3.s390x", product: { name: "java-1_8_0-openjdk-1.8.0.131-26.3.s390x", product_id: "java-1_8_0-openjdk-1.8.0.131-26.3.s390x", }, }, { category: "product_version", name: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", product: { name: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", product_id: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", }, }, { category: "product_version", name: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", product: { name: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", product_id: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", }, }, { category: "product_version", name: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", product: { name: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", product_id: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", product: { name: "java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", product_id: "java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", }, }, { category: "product_version", name: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", product: { name: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", product_id: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", }, }, { category: "product_version", name: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", product: { name: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", product_id: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", }, }, { category: "product_version", name: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", product: { name: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", product_id: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Desktop 12 SP2", product: { name: "SUSE Linux Enterprise Desktop 12 SP2", product_id: "SUSE Linux Enterprise Desktop 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sled:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product: { name: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP2", product: { name: "SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp2", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-1.8.0.131-26.3.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2", product_id: "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", }, product_reference: "java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2", product_id: "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", }, product_reference: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-1.8.0.131-26.3.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", }, product_reference: "java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", }, product_reference: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", }, product_reference: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", }, product_reference: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-1.8.0.131-26.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", }, product_reference: "java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", }, product_reference: "java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-1.8.0.131-26.3.s390x as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", }, product_reference: "java-1_8_0-openjdk-1.8.0.131-26.3.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-1.8.0.131-26.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", }, product_reference: "java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", }, product_reference: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", }, product_reference: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", }, product_reference: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", }, product_reference: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", }, product_reference: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", }, product_reference: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", }, product_reference: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", }, product_reference: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", }, product_reference: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", }, product_reference: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", }, product_reference: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", }, product_reference: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-1.8.0.131-26.3.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", }, product_reference: "java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", }, product_reference: "java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-1.8.0.131-26.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", }, product_reference: "java-1_8_0-openjdk-1.8.0.131-26.3.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-1.8.0.131-26.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", }, product_reference: "java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", }, product_reference: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", }, product_reference: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", }, product_reference: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", }, product_reference: "java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", }, product_reference: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", }, product_reference: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", }, product_reference: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", }, product_reference: "java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", }, product_reference: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", }, product_reference: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", }, product_reference: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", }, product_reference: "java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, ], }, vulnerabilities: [ { cve: "CVE-2017-3509", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3509", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3509", url: "https://www.suse.com/security/cve/CVE-2017-3509", }, { category: "external", summary: "SUSE Bug 1034849 for CVE-2017-3509", url: "https://bugzilla.suse.com/1034849", }, { category: "external", summary: "SUSE Bug 1038505 for CVE-2017-3509", url: "https://bugzilla.suse.com/1038505", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-30T11:19:00Z", details: "moderate", }, ], title: "CVE-2017-3509", }, { cve: "CVE-2017-3511", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3511", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3511", url: "https://www.suse.com/security/cve/CVE-2017-3511", }, { category: "external", summary: "SUSE Bug 1034849 for CVE-2017-3511", url: "https://bugzilla.suse.com/1034849", }, { category: "external", summary: "SUSE Bug 1038505 for CVE-2017-3511", url: "https://bugzilla.suse.com/1038505", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.7, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-30T11:19:00Z", details: "important", }, ], title: "CVE-2017-3511", }, { cve: "CVE-2017-3512", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3512", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3512", url: "https://www.suse.com/security/cve/CVE-2017-3512", }, { category: "external", summary: "SUSE Bug 1034849 for CVE-2017-3512", url: "https://bugzilla.suse.com/1034849", }, { category: "external", summary: "SUSE Bug 1038505 for CVE-2017-3512", url: "https://bugzilla.suse.com/1038505", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-30T11:19:00Z", details: "moderate", }, ], title: "CVE-2017-3512", }, { cve: "CVE-2017-3514", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3514", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3514", url: "https://www.suse.com/security/cve/CVE-2017-3514", }, { category: "external", summary: "SUSE Bug 1034849 for CVE-2017-3514", url: "https://bugzilla.suse.com/1034849", }, { category: "external", summary: "SUSE Bug 1038505 for CVE-2017-3514", url: "https://bugzilla.suse.com/1038505", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-30T11:19:00Z", details: "moderate", }, ], title: "CVE-2017-3514", }, { cve: "CVE-2017-3526", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3526", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3526", url: "https://www.suse.com/security/cve/CVE-2017-3526", }, { category: "external", summary: "SUSE Bug 1034849 for CVE-2017-3526", url: "https://bugzilla.suse.com/1034849", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-30T11:19:00Z", details: "important", }, ], title: "CVE-2017-3526", }, { cve: "CVE-2017-3533", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3533", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3533", url: "https://www.suse.com/security/cve/CVE-2017-3533", }, { category: "external", summary: "SUSE Bug 1034849 for CVE-2017-3533", url: "https://bugzilla.suse.com/1034849", }, { category: "external", summary: "SUSE Bug 1038505 for CVE-2017-3533", url: "https://bugzilla.suse.com/1038505", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-30T11:19:00Z", details: "moderate", }, ], title: "CVE-2017-3533", }, { cve: "CVE-2017-3539", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3539", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3539", url: "https://www.suse.com/security/cve/CVE-2017-3539", }, { category: "external", summary: "SUSE Bug 1005522 for CVE-2017-3539", url: "https://bugzilla.suse.com/1005522", }, { category: "external", summary: "SUSE Bug 1034849 for CVE-2017-3539", url: "https://bugzilla.suse.com/1034849", }, { category: "external", summary: "SUSE Bug 1038505 for CVE-2017-3539", url: "https://bugzilla.suse.com/1038505", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-30T11:19:00Z", details: "low", }, ], title: "CVE-2017-3539", }, { cve: "CVE-2017-3544", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3544", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3544", url: "https://www.suse.com/security/cve/CVE-2017-3544", }, { category: "external", summary: "SUSE Bug 1034849 for CVE-2017-3544", url: "https://bugzilla.suse.com/1034849", }, { category: "external", summary: "SUSE Bug 1038505 for CVE-2017-3544", url: "https://bugzilla.suse.com/1038505", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-demo-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-devel-1.8.0.131-26.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:java-1_8_0-openjdk-headless-1.8.0.131-26.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-30T11:19:00Z", details: "important", }, ], title: "CVE-2017-3544", }, ], }
fkie_cve-2017-3512
Vulnerability from fkie_nvd
Published
2017-04-24 19:59
Modified
2024-11-21 03:25
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update131:*:*:*:*:*:*", matchCriteriaId: "2BBA8749-EFC2-4055-A8AB-56D660C0BB70", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update121:*:*:*:*:*:*", matchCriteriaId: "34D1F91C-50D2-4D6A-BF4B-1B86F6909565", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update_131:*:*:*:*:*:*", matchCriteriaId: "7C4946FF-E16B-4188-8BEA-1D5ABFBD54DB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update_121:*:*:*:*:*:*", matchCriteriaId: "E463AEAC-F5DB-47E4-B863-E5D636895C51", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:icedtea:*:*:*:*:*:*:*:*", matchCriteriaId: "B92D4C9E-8707-4E05-B12D-28C1AFCE2637", versionEndExcluding: "3.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, { lang: "es", value: "Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: AWT). Versiones compatibles que son afectadas son Java SE: 7u131 y 8u121. Vulnerabilidad dificil de explotar permite autenticado atacante con acceso a la red a través de múltiples protocolos para comprometer Java SE. Los ataques exitosos requieren la interacción humana de una persona más que un atacante y mientras la vulnerabilidad está en Java SE, los ataques pueden afectar significativamente a otros productos. Los ataques con éxito de esta vulnerabilidad pueden resultar en la adquisición de Java SE. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java, normalmente en clientes que ejecutan aplicaciones de Java Web Start en modo sandbox o en applets de Java protegidos, que cargan y ejecutan código no confiable (por ejemplo, código que proviene del Internet) y confían en el sandbox Java para seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan sólo código de confianza (por ejemplo, código instalado por un administrador). CVSS 3.0 Base Score 8.3 (Confidencialidad, Integridad e Impactos de disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], id: "CVE-2017-3512", lastModified: "2024-11-21T03:25:42.010", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-24T19:59:03.223", references: [ { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97727", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038286", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201705-03", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201707-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97727", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038286", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201705-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201707-01", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
gsd-2017-3512
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Aliases
Aliases
{ GSD: { alias: "CVE-2017-3512", description: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", id: "GSD-2017-3512", references: [ "https://www.suse.com/security/cve/CVE-2017-3512.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2017-3512", ], details: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", id: "GSD-2017-3512", modified: "2023-12-13T01:21:16.253883Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2017-3512", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java", version: { version_data: [ { version_affected: "=", version_value: "Java SE: 7u131", }, { version_affected: "=", version_value: "8u121", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.", }, ], }, ], }, references: { reference_data: [ { name: "GLSA-201705-03", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201705-03", }, { name: "97727", refsource: "BID", url: "http://www.securityfocus.com/bid/97727", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", }, { name: "1038286", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038286", }, { name: "GLSA-201707-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201707-01", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:oracle:jdk:1.7.0:update131:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:jre:1.7.0:update_131:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:jdk:1.8.0:update121:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:jre:1.8.0:update_121:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:redhat:icedtea:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "3.4.0", vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2017-3512", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], }, ], }, references: { reference_data: [ { name: "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", refsource: "CONFIRM", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", }, { name: "97727", refsource: "BID", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97727", }, { name: "GLSA-201705-03", refsource: "GENTOO", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201705-03", }, { name: "GLSA-201707-01", refsource: "GENTOO", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201707-01", }, { name: "1038286", refsource: "SECTRACK", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038286", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: true, }, baseMetricV3: { cvssV3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 6, }, }, lastModifiedDate: "2020-09-08T12:59Z", publishedDate: "2017-04-24T19:59Z", }, }, }
opensuse-su-2024:10876-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
java-1_8_0-openjdk-1.8.0.302-2.2 on GA media
Notes
Title of the patch
java-1_8_0-openjdk-1.8.0.302-2.2 on GA media
Description of the patch
These are all security issues fixed in the java-1_8_0-openjdk-1.8.0.302-2.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10876
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "java-1_8_0-openjdk-1.8.0.302-2.2 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the java-1_8_0-openjdk-1.8.0.302-2.2 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-10876", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10876-1.json", }, { category: "self", summary: "SUSE CVE CVE-2016-10165 page", url: "https://www.suse.com/security/cve/CVE-2016-10165/", }, { category: "self", summary: "SUSE CVE CVE-2016-2183 page", url: "https://www.suse.com/security/cve/CVE-2016-2183/", }, { category: "self", summary: "SUSE CVE CVE-2016-5546 page", url: "https://www.suse.com/security/cve/CVE-2016-5546/", }, { category: "self", summary: "SUSE CVE CVE-2016-5547 page", url: "https://www.suse.com/security/cve/CVE-2016-5547/", }, { category: "self", summary: "SUSE CVE CVE-2016-5548 page", url: "https://www.suse.com/security/cve/CVE-2016-5548/", }, { category: "self", summary: "SUSE CVE CVE-2016-5549 page", url: "https://www.suse.com/security/cve/CVE-2016-5549/", }, { category: "self", summary: "SUSE CVE CVE-2016-5552 page", url: "https://www.suse.com/security/cve/CVE-2016-5552/", }, { category: "self", summary: "SUSE CVE CVE-2016-9840 page", url: "https://www.suse.com/security/cve/CVE-2016-9840/", }, { category: "self", summary: "SUSE CVE CVE-2016-9843 page", url: "https://www.suse.com/security/cve/CVE-2016-9843/", }, { category: "self", summary: "SUSE CVE CVE-2017-10053 page", url: "https://www.suse.com/security/cve/CVE-2017-10053/", }, { category: "self", summary: "SUSE CVE CVE-2017-10067 page", url: "https://www.suse.com/security/cve/CVE-2017-10067/", }, { category: "self", summary: "SUSE CVE CVE-2017-10074 page", url: "https://www.suse.com/security/cve/CVE-2017-10074/", }, { category: "self", summary: "SUSE CVE CVE-2017-10078 page", url: "https://www.suse.com/security/cve/CVE-2017-10078/", }, { category: "self", summary: "SUSE CVE CVE-2017-10081 page", url: "https://www.suse.com/security/cve/CVE-2017-10081/", }, { category: "self", summary: "SUSE CVE CVE-2017-10086 page", url: "https://www.suse.com/security/cve/CVE-2017-10086/", }, { category: "self", summary: "SUSE CVE CVE-2017-10087 page", url: "https://www.suse.com/security/cve/CVE-2017-10087/", }, { category: "self", summary: "SUSE CVE CVE-2017-10089 page", url: "https://www.suse.com/security/cve/CVE-2017-10089/", }, { category: "self", summary: "SUSE CVE CVE-2017-10090 page", url: "https://www.suse.com/security/cve/CVE-2017-10090/", }, { category: "self", summary: "SUSE CVE CVE-2017-10096 page", url: "https://www.suse.com/security/cve/CVE-2017-10096/", }, { category: "self", summary: "SUSE CVE CVE-2017-10101 page", url: "https://www.suse.com/security/cve/CVE-2017-10101/", }, { category: "self", summary: "SUSE CVE CVE-2017-10102 page", url: "https://www.suse.com/security/cve/CVE-2017-10102/", }, { category: "self", summary: "SUSE CVE CVE-2017-10105 page", url: "https://www.suse.com/security/cve/CVE-2017-10105/", }, { category: "self", summary: "SUSE CVE CVE-2017-10107 page", url: "https://www.suse.com/security/cve/CVE-2017-10107/", }, { category: "self", summary: "SUSE CVE CVE-2017-10108 page", url: "https://www.suse.com/security/cve/CVE-2017-10108/", }, { category: "self", summary: "SUSE CVE CVE-2017-10109 page", url: "https://www.suse.com/security/cve/CVE-2017-10109/", }, { category: "self", summary: "SUSE CVE CVE-2017-10110 page", url: "https://www.suse.com/security/cve/CVE-2017-10110/", }, { category: "self", summary: "SUSE CVE CVE-2017-10111 page", url: "https://www.suse.com/security/cve/CVE-2017-10111/", }, { category: "self", summary: "SUSE CVE CVE-2017-10114 page", url: "https://www.suse.com/security/cve/CVE-2017-10114/", }, { category: "self", summary: "SUSE CVE CVE-2017-10115 page", url: "https://www.suse.com/security/cve/CVE-2017-10115/", }, { category: "self", summary: "SUSE CVE CVE-2017-10116 page", url: "https://www.suse.com/security/cve/CVE-2017-10116/", }, { category: "self", summary: "SUSE CVE CVE-2017-10118 page", url: "https://www.suse.com/security/cve/CVE-2017-10118/", }, { category: "self", summary: "SUSE CVE CVE-2017-10125 page", url: "https://www.suse.com/security/cve/CVE-2017-10125/", }, { category: "self", summary: "SUSE CVE CVE-2017-10135 page", url: "https://www.suse.com/security/cve/CVE-2017-10135/", }, { category: "self", summary: "SUSE CVE CVE-2017-10176 page", url: "https://www.suse.com/security/cve/CVE-2017-10176/", }, { category: "self", summary: "SUSE CVE CVE-2017-10193 page", url: "https://www.suse.com/security/cve/CVE-2017-10193/", }, { category: "self", summary: "SUSE CVE CVE-2017-10198 page", url: "https://www.suse.com/security/cve/CVE-2017-10198/", }, { category: "self", summary: "SUSE CVE CVE-2017-10243 page", url: "https://www.suse.com/security/cve/CVE-2017-10243/", }, { category: "self", summary: "SUSE CVE CVE-2017-10274 page", url: "https://www.suse.com/security/cve/CVE-2017-10274/", }, { category: "self", summary: "SUSE CVE CVE-2017-10281 page", url: "https://www.suse.com/security/cve/CVE-2017-10281/", }, { category: "self", summary: "SUSE CVE CVE-2017-10285 page", url: "https://www.suse.com/security/cve/CVE-2017-10285/", }, { category: "self", summary: "SUSE CVE CVE-2017-10295 page", url: "https://www.suse.com/security/cve/CVE-2017-10295/", }, { category: "self", summary: "SUSE CVE CVE-2017-10345 page", url: "https://www.suse.com/security/cve/CVE-2017-10345/", }, { category: "self", summary: "SUSE CVE CVE-2017-10346 page", url: "https://www.suse.com/security/cve/CVE-2017-10346/", }, { category: "self", summary: "SUSE CVE CVE-2017-10347 page", url: "https://www.suse.com/security/cve/CVE-2017-10347/", }, { category: "self", summary: "SUSE CVE CVE-2017-10348 page", url: "https://www.suse.com/security/cve/CVE-2017-10348/", }, { category: "self", summary: "SUSE CVE CVE-2017-10349 page", url: "https://www.suse.com/security/cve/CVE-2017-10349/", }, { category: "self", summary: "SUSE CVE CVE-2017-10350 page", url: "https://www.suse.com/security/cve/CVE-2017-10350/", }, { category: "self", summary: "SUSE CVE CVE-2017-10355 page", url: "https://www.suse.com/security/cve/CVE-2017-10355/", }, { category: "self", summary: "SUSE CVE CVE-2017-10356 page", url: "https://www.suse.com/security/cve/CVE-2017-10356/", }, { category: "self", summary: "SUSE CVE CVE-2017-10357 page", url: "https://www.suse.com/security/cve/CVE-2017-10357/", }, { category: "self", summary: "SUSE CVE CVE-2017-10388 page", url: "https://www.suse.com/security/cve/CVE-2017-10388/", }, { category: "self", summary: "SUSE CVE CVE-2017-3231 page", url: "https://www.suse.com/security/cve/CVE-2017-3231/", }, { category: "self", summary: "SUSE CVE CVE-2017-3241 page", url: "https://www.suse.com/security/cve/CVE-2017-3241/", }, { category: "self", summary: "SUSE CVE CVE-2017-3252 page", url: "https://www.suse.com/security/cve/CVE-2017-3252/", }, { category: "self", summary: "SUSE CVE CVE-2017-3253 page", url: "https://www.suse.com/security/cve/CVE-2017-3253/", }, { category: "self", summary: "SUSE CVE CVE-2017-3260 page", url: "https://www.suse.com/security/cve/CVE-2017-3260/", }, { category: "self", summary: "SUSE CVE CVE-2017-3261 page", url: "https://www.suse.com/security/cve/CVE-2017-3261/", }, { category: "self", summary: "SUSE CVE CVE-2017-3272 page", url: "https://www.suse.com/security/cve/CVE-2017-3272/", }, { category: "self", summary: "SUSE CVE CVE-2017-3289 page", url: "https://www.suse.com/security/cve/CVE-2017-3289/", }, { category: "self", summary: "SUSE CVE CVE-2017-3509 page", url: "https://www.suse.com/security/cve/CVE-2017-3509/", }, { category: "self", summary: "SUSE CVE CVE-2017-3511 page", url: "https://www.suse.com/security/cve/CVE-2017-3511/", }, { category: "self", summary: "SUSE CVE CVE-2017-3512 page", url: "https://www.suse.com/security/cve/CVE-2017-3512/", }, { category: "self", summary: "SUSE CVE CVE-2017-3514 page", url: "https://www.suse.com/security/cve/CVE-2017-3514/", }, { category: "self", summary: "SUSE CVE CVE-2017-3526 page", url: "https://www.suse.com/security/cve/CVE-2017-3526/", }, { category: "self", summary: "SUSE CVE CVE-2017-3533 page", url: "https://www.suse.com/security/cve/CVE-2017-3533/", }, { category: "self", summary: "SUSE CVE CVE-2017-3539 page", url: "https://www.suse.com/security/cve/CVE-2017-3539/", }, { category: "self", summary: "SUSE CVE CVE-2017-3544 page", url: "https://www.suse.com/security/cve/CVE-2017-3544/", }, { category: "self", summary: "SUSE CVE CVE-2018-11212 page", url: "https://www.suse.com/security/cve/CVE-2018-11212/", }, { category: "self", summary: "SUSE CVE CVE-2018-13785 page", url: "https://www.suse.com/security/cve/CVE-2018-13785/", }, { category: "self", summary: "SUSE CVE CVE-2018-16435 page", url: "https://www.suse.com/security/cve/CVE-2018-16435/", }, { category: "self", summary: "SUSE CVE CVE-2018-2579 page", url: "https://www.suse.com/security/cve/CVE-2018-2579/", }, { category: "self", summary: "SUSE CVE CVE-2018-2582 page", url: "https://www.suse.com/security/cve/CVE-2018-2582/", }, { category: "self", summary: "SUSE CVE CVE-2018-2588 page", url: "https://www.suse.com/security/cve/CVE-2018-2588/", }, { category: "self", summary: "SUSE CVE CVE-2018-2599 page", url: "https://www.suse.com/security/cve/CVE-2018-2599/", }, { category: "self", summary: "SUSE CVE CVE-2018-2602 page", url: "https://www.suse.com/security/cve/CVE-2018-2602/", }, { category: "self", summary: "SUSE CVE CVE-2018-2603 page", url: "https://www.suse.com/security/cve/CVE-2018-2603/", }, { category: "self", summary: "SUSE CVE CVE-2018-2618 page", url: "https://www.suse.com/security/cve/CVE-2018-2618/", }, { category: "self", summary: "SUSE CVE CVE-2018-2629 page", url: "https://www.suse.com/security/cve/CVE-2018-2629/", }, { category: "self", summary: "SUSE CVE CVE-2018-2633 page", url: "https://www.suse.com/security/cve/CVE-2018-2633/", }, { category: "self", summary: "SUSE CVE CVE-2018-2634 page", url: "https://www.suse.com/security/cve/CVE-2018-2634/", }, { category: "self", summary: "SUSE CVE CVE-2018-2637 page", url: "https://www.suse.com/security/cve/CVE-2018-2637/", }, { category: "self", summary: "SUSE CVE CVE-2018-2641 page", url: "https://www.suse.com/security/cve/CVE-2018-2641/", }, { category: "self", summary: "SUSE CVE CVE-2018-2663 page", url: "https://www.suse.com/security/cve/CVE-2018-2663/", }, { category: "self", summary: "SUSE CVE CVE-2018-2677 page", url: "https://www.suse.com/security/cve/CVE-2018-2677/", }, { category: "self", summary: "SUSE CVE CVE-2018-2678 page", url: "https://www.suse.com/security/cve/CVE-2018-2678/", }, { category: "self", summary: "SUSE CVE CVE-2018-2790 page", url: "https://www.suse.com/security/cve/CVE-2018-2790/", }, { category: "self", summary: "SUSE CVE CVE-2018-2794 page", url: "https://www.suse.com/security/cve/CVE-2018-2794/", }, { category: "self", summary: "SUSE CVE CVE-2018-2795 page", url: "https://www.suse.com/security/cve/CVE-2018-2795/", }, { category: "self", summary: "SUSE CVE CVE-2018-2796 page", url: "https://www.suse.com/security/cve/CVE-2018-2796/", }, { category: "self", summary: "SUSE CVE CVE-2018-2797 page", url: "https://www.suse.com/security/cve/CVE-2018-2797/", }, { category: "self", summary: "SUSE CVE CVE-2018-2798 page", url: "https://www.suse.com/security/cve/CVE-2018-2798/", }, { category: "self", summary: "SUSE CVE CVE-2018-2799 page", url: "https://www.suse.com/security/cve/CVE-2018-2799/", }, { category: "self", summary: "SUSE CVE CVE-2018-2800 page", url: "https://www.suse.com/security/cve/CVE-2018-2800/", }, { category: "self", summary: "SUSE CVE CVE-2018-2814 page", url: "https://www.suse.com/security/cve/CVE-2018-2814/", }, { category: "self", summary: "SUSE CVE CVE-2018-2815 page", url: "https://www.suse.com/security/cve/CVE-2018-2815/", }, { category: "self", summary: "SUSE CVE CVE-2018-2938 page", url: "https://www.suse.com/security/cve/CVE-2018-2938/", }, { category: "self", summary: "SUSE CVE CVE-2018-2940 page", url: "https://www.suse.com/security/cve/CVE-2018-2940/", }, { category: "self", summary: "SUSE CVE CVE-2018-2952 page", url: "https://www.suse.com/security/cve/CVE-2018-2952/", }, { category: "self", summary: "SUSE CVE CVE-2018-2973 page", url: "https://www.suse.com/security/cve/CVE-2018-2973/", }, { category: "self", summary: "SUSE CVE CVE-2018-3136 page", url: "https://www.suse.com/security/cve/CVE-2018-3136/", }, { category: "self", summary: "SUSE CVE CVE-2018-3139 page", url: "https://www.suse.com/security/cve/CVE-2018-3139/", }, { category: "self", summary: "SUSE CVE CVE-2018-3149 page", url: "https://www.suse.com/security/cve/CVE-2018-3149/", }, { category: "self", summary: "SUSE CVE CVE-2018-3169 page", url: "https://www.suse.com/security/cve/CVE-2018-3169/", }, { category: "self", summary: "SUSE CVE CVE-2018-3180 page", url: "https://www.suse.com/security/cve/CVE-2018-3180/", }, { category: "self", summary: "SUSE CVE CVE-2018-3183 page", url: "https://www.suse.com/security/cve/CVE-2018-3183/", }, { category: "self", summary: "SUSE CVE CVE-2018-3214 page", url: "https://www.suse.com/security/cve/CVE-2018-3214/", }, { category: "self", summary: "SUSE CVE CVE-2018-3639 page", url: "https://www.suse.com/security/cve/CVE-2018-3639/", }, { category: "self", summary: "SUSE CVE CVE-2019-2422 page", url: "https://www.suse.com/security/cve/CVE-2019-2422/", }, { category: "self", summary: "SUSE CVE CVE-2019-2426 page", url: "https://www.suse.com/security/cve/CVE-2019-2426/", }, { category: "self", summary: "SUSE CVE CVE-2019-2602 page", url: "https://www.suse.com/security/cve/CVE-2019-2602/", }, { category: "self", summary: "SUSE CVE CVE-2019-2684 page", url: "https://www.suse.com/security/cve/CVE-2019-2684/", }, { category: "self", summary: "SUSE CVE CVE-2019-2698 page", url: "https://www.suse.com/security/cve/CVE-2019-2698/", }, { category: "self", summary: "SUSE CVE CVE-2019-2745 page", url: "https://www.suse.com/security/cve/CVE-2019-2745/", }, { category: "self", summary: "SUSE CVE CVE-2019-2762 page", url: "https://www.suse.com/security/cve/CVE-2019-2762/", }, { category: "self", summary: "SUSE CVE CVE-2019-2766 page", url: "https://www.suse.com/security/cve/CVE-2019-2766/", }, { category: "self", summary: "SUSE CVE CVE-2019-2769 page", url: "https://www.suse.com/security/cve/CVE-2019-2769/", }, { category: "self", summary: "SUSE CVE CVE-2019-2786 page", url: "https://www.suse.com/security/cve/CVE-2019-2786/", }, { category: "self", summary: "SUSE CVE CVE-2019-2816 page", url: "https://www.suse.com/security/cve/CVE-2019-2816/", }, { category: "self", summary: "SUSE CVE CVE-2019-2842 page", url: "https://www.suse.com/security/cve/CVE-2019-2842/", }, { category: "self", summary: "SUSE CVE CVE-2019-2894 page", url: "https://www.suse.com/security/cve/CVE-2019-2894/", }, { category: "self", summary: "SUSE CVE CVE-2019-2933 page", url: "https://www.suse.com/security/cve/CVE-2019-2933/", }, { category: "self", summary: "SUSE CVE CVE-2019-2945 page", url: "https://www.suse.com/security/cve/CVE-2019-2945/", }, { category: "self", summary: "SUSE CVE CVE-2019-2949 page", url: "https://www.suse.com/security/cve/CVE-2019-2949/", }, { category: "self", summary: "SUSE CVE CVE-2019-2958 page", url: "https://www.suse.com/security/cve/CVE-2019-2958/", }, { category: "self", summary: "SUSE CVE CVE-2019-2962 page", url: "https://www.suse.com/security/cve/CVE-2019-2962/", }, { category: "self", summary: "SUSE CVE CVE-2019-2964 page", url: "https://www.suse.com/security/cve/CVE-2019-2964/", }, { category: "self", summary: "SUSE CVE CVE-2019-2973 page", url: "https://www.suse.com/security/cve/CVE-2019-2973/", }, { category: "self", summary: "SUSE CVE CVE-2019-2975 page", url: "https://www.suse.com/security/cve/CVE-2019-2975/", }, { category: "self", summary: "SUSE CVE CVE-2019-2978 page", url: "https://www.suse.com/security/cve/CVE-2019-2978/", }, { category: "self", summary: "SUSE CVE CVE-2019-2981 page", url: "https://www.suse.com/security/cve/CVE-2019-2981/", }, { category: "self", summary: "SUSE CVE CVE-2019-2983 page", url: "https://www.suse.com/security/cve/CVE-2019-2983/", }, { category: "self", summary: "SUSE CVE CVE-2019-2987 page", url: "https://www.suse.com/security/cve/CVE-2019-2987/", }, { category: "self", summary: "SUSE CVE CVE-2019-2988 page", url: "https://www.suse.com/security/cve/CVE-2019-2988/", }, { category: "self", summary: "SUSE CVE CVE-2019-2989 page", url: "https://www.suse.com/security/cve/CVE-2019-2989/", }, { category: "self", summary: "SUSE CVE CVE-2019-2992 page", url: "https://www.suse.com/security/cve/CVE-2019-2992/", }, { category: "self", summary: "SUSE CVE CVE-2019-2999 page", url: "https://www.suse.com/security/cve/CVE-2019-2999/", }, { category: "self", summary: "SUSE CVE CVE-2019-7317 page", url: "https://www.suse.com/security/cve/CVE-2019-7317/", }, { category: "self", summary: "SUSE CVE CVE-2020-14556 page", url: "https://www.suse.com/security/cve/CVE-2020-14556/", }, { category: "self", summary: "SUSE CVE CVE-2020-14577 page", url: "https://www.suse.com/security/cve/CVE-2020-14577/", }, { category: "self", summary: "SUSE CVE CVE-2020-14578 page", url: "https://www.suse.com/security/cve/CVE-2020-14578/", }, { category: "self", summary: "SUSE CVE CVE-2020-14579 page", url: "https://www.suse.com/security/cve/CVE-2020-14579/", }, { category: "self", summary: "SUSE CVE CVE-2020-14581 page", url: "https://www.suse.com/security/cve/CVE-2020-14581/", }, { category: "self", summary: "SUSE CVE CVE-2020-14583 page", url: "https://www.suse.com/security/cve/CVE-2020-14583/", }, { category: "self", summary: "SUSE CVE CVE-2020-14593 page", url: "https://www.suse.com/security/cve/CVE-2020-14593/", }, { category: "self", summary: "SUSE CVE CVE-2020-14621 page", url: "https://www.suse.com/security/cve/CVE-2020-14621/", }, { category: "self", summary: "SUSE CVE CVE-2020-14779 page", url: "https://www.suse.com/security/cve/CVE-2020-14779/", }, { category: "self", summary: "SUSE CVE CVE-2020-14781 page", url: "https://www.suse.com/security/cve/CVE-2020-14781/", }, { category: "self", summary: "SUSE CVE CVE-2020-14782 page", url: "https://www.suse.com/security/cve/CVE-2020-14782/", }, { category: "self", summary: "SUSE CVE CVE-2020-14792 page", url: "https://www.suse.com/security/cve/CVE-2020-14792/", }, { category: "self", summary: "SUSE CVE CVE-2020-14796 page", url: "https://www.suse.com/security/cve/CVE-2020-14796/", }, { category: "self", summary: "SUSE CVE CVE-2020-14797 page", url: "https://www.suse.com/security/cve/CVE-2020-14797/", }, { category: "self", summary: "SUSE CVE CVE-2020-14798 page", url: "https://www.suse.com/security/cve/CVE-2020-14798/", }, { category: "self", summary: "SUSE CVE CVE-2020-14803 page", url: "https://www.suse.com/security/cve/CVE-2020-14803/", }, { category: "self", summary: "SUSE CVE CVE-2020-2583 page", url: "https://www.suse.com/security/cve/CVE-2020-2583/", }, { category: "self", summary: "SUSE CVE CVE-2020-2590 page", url: "https://www.suse.com/security/cve/CVE-2020-2590/", }, { category: "self", summary: "SUSE CVE CVE-2020-2593 page", url: "https://www.suse.com/security/cve/CVE-2020-2593/", }, { category: "self", summary: "SUSE CVE CVE-2020-2601 page", url: "https://www.suse.com/security/cve/CVE-2020-2601/", }, { category: "self", summary: "SUSE CVE CVE-2020-2604 page", url: "https://www.suse.com/security/cve/CVE-2020-2604/", }, { category: "self", summary: "SUSE CVE CVE-2020-2654 page", url: "https://www.suse.com/security/cve/CVE-2020-2654/", }, { category: "self", summary: "SUSE CVE CVE-2020-2659 page", url: "https://www.suse.com/security/cve/CVE-2020-2659/", }, { category: "self", summary: "SUSE CVE CVE-2020-2754 page", url: "https://www.suse.com/security/cve/CVE-2020-2754/", }, { category: "self", summary: "SUSE CVE CVE-2020-2755 page", url: "https://www.suse.com/security/cve/CVE-2020-2755/", }, { category: "self", summary: "SUSE CVE CVE-2020-2756 page", url: "https://www.suse.com/security/cve/CVE-2020-2756/", }, { category: "self", summary: "SUSE CVE CVE-2020-2757 page", url: "https://www.suse.com/security/cve/CVE-2020-2757/", }, { category: "self", summary: "SUSE CVE CVE-2020-2773 page", url: "https://www.suse.com/security/cve/CVE-2020-2773/", }, { category: "self", summary: "SUSE CVE CVE-2020-2781 page", url: "https://www.suse.com/security/cve/CVE-2020-2781/", }, { category: "self", summary: "SUSE CVE CVE-2020-2800 page", url: "https://www.suse.com/security/cve/CVE-2020-2800/", }, { category: "self", summary: "SUSE CVE CVE-2020-2803 page", url: "https://www.suse.com/security/cve/CVE-2020-2803/", }, { category: "self", summary: "SUSE CVE CVE-2020-2805 page", url: "https://www.suse.com/security/cve/CVE-2020-2805/", }, { category: "self", summary: "SUSE CVE CVE-2020-2830 page", url: "https://www.suse.com/security/cve/CVE-2020-2830/", }, { category: "self", summary: "SUSE CVE CVE-2021-2161 page", url: "https://www.suse.com/security/cve/CVE-2021-2161/", }, { category: "self", summary: "SUSE CVE CVE-2021-2163 page", url: "https://www.suse.com/security/cve/CVE-2021-2163/", }, { category: "self", summary: "SUSE CVE CVE-2021-2341 page", url: "https://www.suse.com/security/cve/CVE-2021-2341/", }, { category: "self", summary: "SUSE CVE CVE-2021-2369 page", url: "https://www.suse.com/security/cve/CVE-2021-2369/", }, { category: "self", summary: "SUSE CVE CVE-2021-2388 page", url: "https://www.suse.com/security/cve/CVE-2021-2388/", }, ], title: "java-1_8_0-openjdk-1.8.0.302-2.2 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:10876-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", product: { name: "java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", product_id: "java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", }, }, { category: "product_version", name: "java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", product: { name: "java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", product_id: "java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", }, }, { category: "product_version", name: "java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", product: { name: "java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", product_id: "java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", }, }, { category: "product_version", name: "java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", product: { name: "java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", product_id: "java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", }, }, { category: "product_version", name: "java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", product: { name: "java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", product_id: "java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", }, }, { category: "product_version", name: "java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", product: { name: "java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", product_id: "java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", }, }, { category: "product_version", name: "java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", product: { name: "java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", product_id: "java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", product: { name: "java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", product_id: "java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", product: { name: "java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", product_id: "java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", product: { name: "java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", product_id: "java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", product: { name: "java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", product_id: "java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", product: { name: "java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", product_id: "java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", product: { name: "java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", product_id: "java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", product: { name: "java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", product_id: "java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "java-1_8_0-openjdk-1.8.0.302-2.2.s390x", product: { name: "java-1_8_0-openjdk-1.8.0.302-2.2.s390x", product_id: "java-1_8_0-openjdk-1.8.0.302-2.2.s390x", }, }, { category: "product_version", name: "java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", product: { name: "java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", product_id: "java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", }, }, { category: "product_version", name: "java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", product: { name: "java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", product_id: "java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", }, }, { category: "product_version", name: "java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", product: { name: "java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", product_id: "java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", }, }, { category: "product_version", name: "java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", product: { name: "java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", product_id: "java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", }, }, { category: "product_version", name: "java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", product: { name: "java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", product_id: "java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", }, }, { category: "product_version", name: "java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", product: { name: "java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", product_id: "java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", product: { name: "java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", product_id: "java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", }, }, { category: "product_version", name: "java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", product: { name: "java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", product_id: "java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", }, }, { category: "product_version", name: "java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", product: { name: "java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", product_id: "java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", }, }, { category: "product_version", name: "java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", product: { name: "java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", product_id: "java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", }, }, { category: "product_version", name: "java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", product: { name: "java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", product_id: "java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", }, }, { category: "product_version", name: "java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", product: { name: "java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", product_id: "java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", }, }, { category: "product_version", name: "java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", product: { name: "java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", product_id: "java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-1.8.0.302-2.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", }, product_reference: "java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", }, product_reference: "java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-1.8.0.302-2.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", }, product_reference: "java-1_8_0-openjdk-1.8.0.302-2.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-1.8.0.302-2.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", }, product_reference: "java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", }, product_reference: "java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", }, product_reference: "java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", }, product_reference: "java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", }, product_reference: "java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", }, product_reference: "java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", }, product_reference: "java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", }, product_reference: "java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", }, product_reference: "java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", }, product_reference: "java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", }, product_reference: "java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", }, product_reference: "java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", }, product_reference: "java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", }, product_reference: "java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", }, product_reference: "java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", }, product_reference: "java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", }, product_reference: "java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", }, product_reference: "java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", }, product_reference: "java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", }, product_reference: "java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", }, product_reference: "java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", }, product_reference: "java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", }, product_reference: "java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", }, product_reference: "java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", }, product_reference: "java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2016-10165", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-10165", }, ], notes: [ { category: "general", text: "The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-10165", url: "https://www.suse.com/security/cve/CVE-2016-10165", }, { category: "external", summary: "SUSE Bug 1021364 for CVE-2016-10165", url: "https://bugzilla.suse.com/1021364", }, { category: "external", summary: "SUSE Bug 1064069 for CVE-2016-10165", url: "https://bugzilla.suse.com/1064069", }, { category: "external", summary: "SUSE Bug 1070162 for CVE-2016-10165", url: "https://bugzilla.suse.com/1070162", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-10165", }, { cve: "CVE-2016-2183", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-2183", }, ], notes: [ { category: "general", text: "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-2183", url: "https://www.suse.com/security/cve/CVE-2016-2183", }, { category: "external", summary: "SUSE Bug 1001912 for CVE-2016-2183", url: "https://bugzilla.suse.com/1001912", }, { category: "external", summary: "SUSE Bug 1024218 for CVE-2016-2183", url: "https://bugzilla.suse.com/1024218", }, { category: "external", summary: "SUSE Bug 1027038 for CVE-2016-2183", url: "https://bugzilla.suse.com/1027038", }, { category: "external", summary: "SUSE Bug 1034689 for CVE-2016-2183", url: "https://bugzilla.suse.com/1034689", }, { category: "external", summary: "SUSE Bug 1056614 for CVE-2016-2183", url: "https://bugzilla.suse.com/1056614", }, { category: "external", summary: "SUSE Bug 1171693 for CVE-2016-2183", url: "https://bugzilla.suse.com/1171693", }, { category: "external", summary: "SUSE Bug 994844 for CVE-2016-2183", url: "https://bugzilla.suse.com/994844", }, { category: "external", summary: "SUSE Bug 995359 for CVE-2016-2183", url: "https://bugzilla.suse.com/995359", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-2183", }, { cve: "CVE-2016-5546", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5546", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Integrity impacts).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5546", url: "https://www.suse.com/security/cve/CVE-2016-5546", }, { category: "external", summary: "SUSE Bug 1020905 for CVE-2016-5546", url: "https://bugzilla.suse.com/1020905", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2016-5546", }, { cve: "CVE-2016-5547", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5547", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Availability impacts).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5547", url: "https://www.suse.com/security/cve/CVE-2016-5547", }, { category: "external", summary: "SUSE Bug 1020905 for CVE-2016-5547", url: "https://bugzilla.suse.com/1020905", }, { category: "external", summary: "SUSE Bug 1024218 for CVE-2016-5547", url: "https://bugzilla.suse.com/1024218", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-5547", }, { cve: "CVE-2016-5548", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5548", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5548", url: "https://www.suse.com/security/cve/CVE-2016-5548", }, { category: "external", summary: "SUSE Bug 1020905 for CVE-2016-5548", url: "https://bugzilla.suse.com/1020905", }, { category: "external", summary: "SUSE Bug 1024218 for CVE-2016-5548", url: "https://bugzilla.suse.com/1024218", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2016-5548", }, { cve: "CVE-2016-5549", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5549", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5549", url: "https://www.suse.com/security/cve/CVE-2016-5549", }, { category: "external", summary: "SUSE Bug 1020905 for CVE-2016-5549", url: "https://bugzilla.suse.com/1020905", }, { category: "external", summary: "SUSE Bug 1024218 for CVE-2016-5549", url: "https://bugzilla.suse.com/1024218", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2016-5549", }, { cve: "CVE-2016-5552", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5552", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Integrity impacts).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5552", url: "https://www.suse.com/security/cve/CVE-2016-5552", }, { category: "external", summary: "SUSE Bug 1020905 for CVE-2016-5552", url: "https://bugzilla.suse.com/1020905", }, { category: "external", summary: "SUSE Bug 1024218 for CVE-2016-5552", url: "https://bugzilla.suse.com/1024218", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-5552", }, { cve: "CVE-2016-9840", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9840", }, ], notes: [ { category: "general", text: "inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-9840", url: "https://www.suse.com/security/cve/CVE-2016-9840", }, { category: "external", summary: "SUSE Bug 1003579 for CVE-2016-9840", url: "https://bugzilla.suse.com/1003579", }, { category: "external", summary: "SUSE Bug 1022633 for CVE-2016-9840", url: "https://bugzilla.suse.com/1022633", }, { category: "external", summary: "SUSE Bug 1023215 for CVE-2016-9840", url: "https://bugzilla.suse.com/1023215", }, { category: "external", summary: "SUSE Bug 1038505 for CVE-2016-9840", url: "https://bugzilla.suse.com/1038505", }, { category: "external", summary: "SUSE Bug 1062104 for CVE-2016-9840", url: "https://bugzilla.suse.com/1062104", }, { category: "external", summary: "SUSE Bug 1120866 for CVE-2016-9840", url: "https://bugzilla.suse.com/1120866", }, { category: "external", summary: "SUSE Bug 1123150 for CVE-2016-9840", url: "https://bugzilla.suse.com/1123150", }, { category: "external", summary: "SUSE Bug 1127473 for CVE-2016-9840", url: "https://bugzilla.suse.com/1127473", }, { category: "external", summary: "SUSE Bug 1184301 for CVE-2016-9840", url: "https://bugzilla.suse.com/1184301", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-9840", }, { cve: "CVE-2016-9843", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9843", }, ], notes: [ { category: "general", text: "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-9843", url: "https://www.suse.com/security/cve/CVE-2016-9843", }, { category: "external", summary: "SUSE Bug 1003580 for CVE-2016-9843", url: "https://bugzilla.suse.com/1003580", }, { category: "external", summary: "SUSE Bug 1013882 for CVE-2016-9843", url: "https://bugzilla.suse.com/1013882", }, { category: "external", summary: "SUSE Bug 1038505 for CVE-2016-9843", url: "https://bugzilla.suse.com/1038505", }, { category: "external", summary: "SUSE Bug 1062104 for CVE-2016-9843", url: "https://bugzilla.suse.com/1062104", }, { category: "external", summary: "SUSE Bug 1116686 for CVE-2016-9843", url: "https://bugzilla.suse.com/1116686", }, { category: "external", summary: "SUSE Bug 1120866 for CVE-2016-9843", url: "https://bugzilla.suse.com/1120866", }, { category: "external", summary: "SUSE Bug 1123150 for CVE-2016-9843", url: "https://bugzilla.suse.com/1123150", }, { category: "external", summary: "SUSE Bug 1127473 for CVE-2016-9843", url: "https://bugzilla.suse.com/1127473", }, { category: "external", summary: "SUSE Bug 1184301 for CVE-2016-9843", url: "https://bugzilla.suse.com/1184301", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-9843", }, { cve: "CVE-2017-10053", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10053", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10053", url: "https://www.suse.com/security/cve/CVE-2017-10053", }, { category: "external", summary: "SUSE Bug 1049305 for CVE-2017-10053", url: "https://bugzilla.suse.com/1049305", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-10053", }, { cve: "CVE-2017-10067", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10067", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10067", url: "https://www.suse.com/security/cve/CVE-2017-10067", }, { category: "external", summary: "SUSE Bug 1049306 for CVE-2017-10067", url: "https://bugzilla.suse.com/1049306", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-10067", }, { cve: "CVE-2017-10074", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10074", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10074", url: "https://www.suse.com/security/cve/CVE-2017-10074", }, { category: "external", summary: "SUSE Bug 1049307 for CVE-2017-10074", url: "https://bugzilla.suse.com/1049307", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10074", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-10074", }, { cve: "CVE-2017-10078", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10078", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10078", url: "https://www.suse.com/security/cve/CVE-2017-10078", }, { category: "external", summary: "SUSE Bug 1049308 for CVE-2017-10078", url: "https://bugzilla.suse.com/1049308", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10078", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-10078", }, { cve: "CVE-2017-10081", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10081", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10081", url: "https://www.suse.com/security/cve/CVE-2017-10081", }, { category: "external", summary: "SUSE Bug 1049309 for CVE-2017-10081", url: "https://bugzilla.suse.com/1049309", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10081", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-10081", }, { cve: "CVE-2017-10086", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10086", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10086", url: "https://www.suse.com/security/cve/CVE-2017-10086", }, { category: "external", summary: "SUSE Bug 1049310 for CVE-2017-10086", url: "https://bugzilla.suse.com/1049310", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10086", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.6, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-10086", }, { cve: "CVE-2017-10087", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10087", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10087", url: "https://www.suse.com/security/cve/CVE-2017-10087", }, { category: "external", summary: "SUSE Bug 1049311 for CVE-2017-10087", url: "https://bugzilla.suse.com/1049311", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10087", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.6, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-10087", }, { cve: "CVE-2017-10089", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10089", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10089", url: "https://www.suse.com/security/cve/CVE-2017-10089", }, { category: "external", summary: "SUSE Bug 1049312 for CVE-2017-10089", url: "https://bugzilla.suse.com/1049312", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10089", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.6, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-10089", }, { cve: "CVE-2017-10090", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10090", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10090", url: "https://www.suse.com/security/cve/CVE-2017-10090", }, { category: "external", summary: "SUSE Bug 1049313 for CVE-2017-10090", url: "https://bugzilla.suse.com/1049313", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10090", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.6, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-10090", }, { cve: "CVE-2017-10096", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10096", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10096", url: "https://www.suse.com/security/cve/CVE-2017-10096", }, { category: "external", summary: "SUSE Bug 1049314 for CVE-2017-10096", url: "https://bugzilla.suse.com/1049314", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10096", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.6, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-10096", }, { cve: "CVE-2017-10101", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10101", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10101", url: "https://www.suse.com/security/cve/CVE-2017-10101", }, { category: "external", summary: "SUSE Bug 1049315 for CVE-2017-10101", url: "https://bugzilla.suse.com/1049315", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10101", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.6, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-10101", }, { cve: "CVE-2017-10102", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10102", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10102", url: "https://www.suse.com/security/cve/CVE-2017-10102", }, { category: "external", summary: "SUSE Bug 1049316 for CVE-2017-10102", url: "https://bugzilla.suse.com/1049316", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10102", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-10102", }, { cve: "CVE-2017-10105", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10105", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10105", url: "https://www.suse.com/security/cve/CVE-2017-10105", }, { category: "external", summary: "SUSE Bug 1049317 for CVE-2017-10105", url: "https://bugzilla.suse.com/1049317", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10105", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-10105", }, { cve: "CVE-2017-10107", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10107", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10107", url: "https://www.suse.com/security/cve/CVE-2017-10107", }, { category: "external", summary: "SUSE Bug 1049318 for CVE-2017-10107", url: "https://bugzilla.suse.com/1049318", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10107", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.6, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-10107", }, { cve: "CVE-2017-10108", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10108", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10108", url: "https://www.suse.com/security/cve/CVE-2017-10108", }, { category: "external", summary: "SUSE Bug 1049319 for CVE-2017-10108", url: "https://bugzilla.suse.com/1049319", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10108", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-10108", }, { cve: "CVE-2017-10109", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10109", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10109", url: "https://www.suse.com/security/cve/CVE-2017-10109", }, { category: "external", summary: "SUSE Bug 1049320 for CVE-2017-10109", url: "https://bugzilla.suse.com/1049320", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10109", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-10109", }, { cve: "CVE-2017-10110", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10110", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10110", url: "https://www.suse.com/security/cve/CVE-2017-10110", }, { category: "external", summary: "SUSE Bug 1049321 for CVE-2017-10110", url: "https://bugzilla.suse.com/1049321", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10110", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.6, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-10110", }, { cve: "CVE-2017-10111", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10111", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10111", url: "https://www.suse.com/security/cve/CVE-2017-10111", }, { category: "external", summary: "SUSE Bug 1049322 for CVE-2017-10111", url: "https://bugzilla.suse.com/1049322", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10111", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.6, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-10111", }, { cve: "CVE-2017-10114", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10114", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10114", url: "https://www.suse.com/security/cve/CVE-2017-10114", }, { category: "external", summary: "SUSE Bug 1049323 for CVE-2017-10114", url: "https://bugzilla.suse.com/1049323", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10114", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-10114", }, { cve: "CVE-2017-10115", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10115", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10115", url: "https://www.suse.com/security/cve/CVE-2017-10115", }, { category: "external", summary: "SUSE Bug 1020905 for CVE-2017-10115", url: "https://bugzilla.suse.com/1020905", }, { category: "external", summary: "SUSE Bug 1049324 for CVE-2017-10115", url: "https://bugzilla.suse.com/1049324", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10115", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-10115", }, { cve: "CVE-2017-10116", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10116", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10116", url: "https://www.suse.com/security/cve/CVE-2017-10116", }, { category: "external", summary: "SUSE Bug 1049325 for CVE-2017-10116", url: "https://bugzilla.suse.com/1049325", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10116", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-10116", }, { cve: "CVE-2017-10118", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10118", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10118", url: "https://www.suse.com/security/cve/CVE-2017-10118", }, { category: "external", summary: "SUSE Bug 1049326 for CVE-2017-10118", url: "https://bugzilla.suse.com/1049326", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10118", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-10118", }, { cve: "CVE-2017-10125", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10125", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10125", url: "https://www.suse.com/security/cve/CVE-2017-10125", }, { category: "external", summary: "SUSE Bug 1049327 for CVE-2017-10125", url: "https://bugzilla.suse.com/1049327", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10125", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-10125", }, { cve: "CVE-2017-10135", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10135", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10135", url: "https://www.suse.com/security/cve/CVE-2017-10135", }, { category: "external", summary: "SUSE Bug 1049328 for CVE-2017-10135", url: "https://bugzilla.suse.com/1049328", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10135", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-10135", }, { cve: "CVE-2017-10176", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10176", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10176", url: "https://www.suse.com/security/cve/CVE-2017-10176", }, { category: "external", summary: "SUSE Bug 1049329 for CVE-2017-10176", url: "https://bugzilla.suse.com/1049329", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10176", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-10176", }, { cve: "CVE-2017-10193", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10193", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10193", url: "https://www.suse.com/security/cve/CVE-2017-10193", }, { category: "external", summary: "SUSE Bug 1049330 for CVE-2017-10193", url: "https://bugzilla.suse.com/1049330", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10193", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2017-10193", }, { cve: "CVE-2017-10198", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10198", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10198", url: "https://www.suse.com/security/cve/CVE-2017-10198", }, { category: "external", summary: "SUSE Bug 1049331 for CVE-2017-10198", url: "https://bugzilla.suse.com/1049331", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10198", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-10198", }, { cve: "CVE-2017-10243", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10243", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10243", url: "https://www.suse.com/security/cve/CVE-2017-10243", }, { category: "external", summary: "SUSE Bug 1049332 for CVE-2017-10243", url: "https://bugzilla.suse.com/1049332", }, { category: "external", summary: "SUSE Bug 1049333 for CVE-2017-10243", url: "https://bugzilla.suse.com/1049333", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-10243", }, { cve: "CVE-2017-10274", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10274", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10274", url: "https://www.suse.com/security/cve/CVE-2017-10274", }, { category: "external", summary: "SUSE Bug 1064071 for CVE-2017-10274", url: "https://bugzilla.suse.com/1064071", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-10274", }, { cve: "CVE-2017-10281", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10281", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10281", url: "https://www.suse.com/security/cve/CVE-2017-10281", }, { category: "external", summary: "SUSE Bug 1064072 for CVE-2017-10281", url: "https://bugzilla.suse.com/1064072", }, { category: "external", summary: "SUSE Bug 1070162 for CVE-2017-10281", url: "https://bugzilla.suse.com/1070162", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-10281", }, { cve: "CVE-2017-10285", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10285", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10285", url: "https://www.suse.com/security/cve/CVE-2017-10285", }, { category: "external", summary: "SUSE Bug 1064073 for CVE-2017-10285", url: "https://bugzilla.suse.com/1064073", }, { category: "external", summary: "SUSE Bug 1070162 for CVE-2017-10285", url: "https://bugzilla.suse.com/1070162", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-10285", }, { cve: "CVE-2017-10295", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10295", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10295", url: "https://www.suse.com/security/cve/CVE-2017-10295", }, { category: "external", summary: "SUSE Bug 1064075 for CVE-2017-10295", url: "https://bugzilla.suse.com/1064075", }, { category: "external", summary: "SUSE Bug 1070162 for CVE-2017-10295", url: "https://bugzilla.suse.com/1070162", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2017-10295", }, { cve: "CVE-2017-10345", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10345", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10345", url: "https://www.suse.com/security/cve/CVE-2017-10345", }, { category: "external", summary: "SUSE Bug 1064077 for CVE-2017-10345", url: "https://bugzilla.suse.com/1064077", }, { category: "external", summary: "SUSE Bug 1070162 for CVE-2017-10345", url: "https://bugzilla.suse.com/1070162", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2017-10345", }, { cve: "CVE-2017-10346", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10346", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10346", url: "https://www.suse.com/security/cve/CVE-2017-10346", }, { category: "external", summary: "SUSE Bug 1064078 for CVE-2017-10346", url: "https://bugzilla.suse.com/1064078", }, { category: "external", summary: "SUSE Bug 1070162 for CVE-2017-10346", url: "https://bugzilla.suse.com/1070162", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-10346", }, { cve: "CVE-2017-10347", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10347", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10347", url: "https://www.suse.com/security/cve/CVE-2017-10347", }, { category: "external", summary: "SUSE Bug 1064079 for CVE-2017-10347", url: "https://bugzilla.suse.com/1064079", }, { category: "external", summary: "SUSE Bug 1070162 for CVE-2017-10347", url: "https://bugzilla.suse.com/1070162", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-10347", }, { cve: "CVE-2017-10348", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10348", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10348", url: "https://www.suse.com/security/cve/CVE-2017-10348", }, { category: "external", summary: "SUSE Bug 1064080 for CVE-2017-10348", url: "https://bugzilla.suse.com/1064080", }, { category: "external", summary: "SUSE Bug 1070162 for CVE-2017-10348", url: "https://bugzilla.suse.com/1070162", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-10348", }, { cve: "CVE-2017-10349", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10349", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10349", url: "https://www.suse.com/security/cve/CVE-2017-10349", }, { category: "external", summary: "SUSE Bug 1064081 for CVE-2017-10349", url: "https://bugzilla.suse.com/1064081", }, { category: "external", summary: "SUSE Bug 1070162 for CVE-2017-10349", url: "https://bugzilla.suse.com/1070162", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-10349", }, { cve: "CVE-2017-10350", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10350", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10350", url: "https://www.suse.com/security/cve/CVE-2017-10350", }, { category: "external", summary: "SUSE Bug 1064082 for CVE-2017-10350", url: "https://bugzilla.suse.com/1064082", }, { category: "external", summary: "SUSE Bug 1070162 for CVE-2017-10350", url: "https://bugzilla.suse.com/1070162", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-10350", }, { cve: "CVE-2017-10355", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10355", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10355", url: "https://www.suse.com/security/cve/CVE-2017-10355", }, { category: "external", summary: "SUSE Bug 1064083 for CVE-2017-10355", url: "https://bugzilla.suse.com/1064083", }, { category: "external", summary: "SUSE Bug 1070162 for CVE-2017-10355", url: "https://bugzilla.suse.com/1070162", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-10355", }, { cve: "CVE-2017-10356", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10356", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10356", url: "https://www.suse.com/security/cve/CVE-2017-10356", }, { category: "external", summary: "SUSE Bug 1064084 for CVE-2017-10356", url: "https://bugzilla.suse.com/1064084", }, { category: "external", summary: "SUSE Bug 1070162 for CVE-2017-10356", url: "https://bugzilla.suse.com/1070162", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-10356", }, { cve: "CVE-2017-10357", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10357", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10357", url: "https://www.suse.com/security/cve/CVE-2017-10357", }, { category: "external", summary: "SUSE Bug 1064085 for CVE-2017-10357", url: "https://bugzilla.suse.com/1064085", }, { category: "external", summary: "SUSE Bug 1070162 for CVE-2017-10357", url: "https://bugzilla.suse.com/1070162", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-10357", }, { cve: "CVE-2017-10388", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10388", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10388", url: "https://www.suse.com/security/cve/CVE-2017-10388", }, { category: "external", summary: "SUSE Bug 1064086 for CVE-2017-10388", url: "https://bugzilla.suse.com/1064086", }, { category: "external", summary: "SUSE Bug 1070162 for CVE-2017-10388", url: "https://bugzilla.suse.com/1070162", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-10388", }, { cve: "CVE-2017-3231", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3231", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3231", url: "https://www.suse.com/security/cve/CVE-2017-3231", }, { category: "external", summary: "SUSE Bug 1020905 for CVE-2017-3231", url: "https://bugzilla.suse.com/1020905", }, { category: "external", summary: "SUSE Bug 1024218 for CVE-2017-3231", url: "https://bugzilla.suse.com/1024218", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-3231", }, { cve: "CVE-2017-3241", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3241", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3241", url: "https://www.suse.com/security/cve/CVE-2017-3241", }, { category: "external", summary: "SUSE Bug 1020905 for CVE-2017-3241", url: "https://bugzilla.suse.com/1020905", }, { category: "external", summary: "SUSE Bug 1024218 for CVE-2017-3241", url: "https://bugzilla.suse.com/1024218", }, { category: "external", summary: "SUSE Bug 1163365 for CVE-2017-3241", url: "https://bugzilla.suse.com/1163365", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-3241", }, { cve: "CVE-2017-3252", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3252", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.8 (Integrity impacts).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3252", url: "https://www.suse.com/security/cve/CVE-2017-3252", }, { category: "external", summary: "SUSE Bug 1020905 for CVE-2017-3252", url: "https://bugzilla.suse.com/1020905", }, { category: "external", summary: "SUSE Bug 1024218 for CVE-2017-3252", url: "https://bugzilla.suse.com/1024218", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-3252", }, { cve: "CVE-2017-3253", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3253", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Availability impacts).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3253", url: "https://www.suse.com/security/cve/CVE-2017-3253", }, { category: "external", summary: "SUSE Bug 1020905 for CVE-2017-3253", url: "https://bugzilla.suse.com/1020905", }, { category: "external", summary: "SUSE Bug 1024218 for CVE-2017-3253", url: "https://bugzilla.suse.com/1024218", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-3253", }, { cve: "CVE-2017-3260", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3260", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3260", url: "https://www.suse.com/security/cve/CVE-2017-3260", }, { category: "external", summary: "SUSE Bug 1020905 for CVE-2017-3260", url: "https://bugzilla.suse.com/1020905", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-3260", }, { cve: "CVE-2017-3261", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3261", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3261", url: "https://www.suse.com/security/cve/CVE-2017-3261", }, { category: "external", summary: "SUSE Bug 1020905 for CVE-2017-3261", url: "https://bugzilla.suse.com/1020905", }, { category: "external", summary: "SUSE Bug 1024218 for CVE-2017-3261", url: "https://bugzilla.suse.com/1024218", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-3261", }, { cve: "CVE-2017-3272", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3272", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3272", url: "https://www.suse.com/security/cve/CVE-2017-3272", }, { category: "external", summary: "SUSE Bug 1020905 for CVE-2017-3272", url: "https://bugzilla.suse.com/1020905", }, { category: "external", summary: "SUSE Bug 1024218 for CVE-2017-3272", url: "https://bugzilla.suse.com/1024218", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.6, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-3272", }, { cve: "CVE-2017-3289", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3289", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3289", url: "https://www.suse.com/security/cve/CVE-2017-3289", }, { category: "external", summary: "SUSE Bug 1020905 for CVE-2017-3289", url: "https://bugzilla.suse.com/1020905", }, { category: "external", summary: "SUSE Bug 1024218 for CVE-2017-3289", url: "https://bugzilla.suse.com/1024218", }, { category: "external", summary: "SUSE Bug 1163365 for CVE-2017-3289", url: "https://bugzilla.suse.com/1163365", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.6, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2017-3289", }, { cve: "CVE-2017-3509", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3509", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3509", url: "https://www.suse.com/security/cve/CVE-2017-3509", }, { category: "external", summary: "SUSE Bug 1034849 for CVE-2017-3509", url: "https://bugzilla.suse.com/1034849", }, { category: "external", summary: "SUSE Bug 1038505 for CVE-2017-3509", url: "https://bugzilla.suse.com/1038505", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-3509", }, { cve: "CVE-2017-3511", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3511", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3511", url: "https://www.suse.com/security/cve/CVE-2017-3511", }, { category: "external", summary: "SUSE Bug 1034849 for CVE-2017-3511", url: "https://bugzilla.suse.com/1034849", }, { category: "external", summary: "SUSE Bug 1038505 for CVE-2017-3511", url: "https://bugzilla.suse.com/1038505", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.7, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-3511", }, { cve: "CVE-2017-3512", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3512", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3512", url: "https://www.suse.com/security/cve/CVE-2017-3512", }, { category: "external", summary: "SUSE Bug 1034849 for CVE-2017-3512", url: "https://bugzilla.suse.com/1034849", }, { category: "external", summary: "SUSE Bug 1038505 for CVE-2017-3512", url: "https://bugzilla.suse.com/1038505", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-3512", }, { cve: "CVE-2017-3514", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3514", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3514", url: "https://www.suse.com/security/cve/CVE-2017-3514", }, { category: "external", summary: "SUSE Bug 1034849 for CVE-2017-3514", url: "https://bugzilla.suse.com/1034849", }, { category: "external", summary: "SUSE Bug 1038505 for CVE-2017-3514", url: "https://bugzilla.suse.com/1038505", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-3514", }, { cve: "CVE-2017-3526", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3526", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3526", url: "https://www.suse.com/security/cve/CVE-2017-3526", }, { category: "external", summary: "SUSE Bug 1034849 for CVE-2017-3526", url: "https://bugzilla.suse.com/1034849", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-3526", }, { cve: "CVE-2017-3533", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3533", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3533", url: "https://www.suse.com/security/cve/CVE-2017-3533", }, { category: "external", summary: "SUSE Bug 1034849 for CVE-2017-3533", url: "https://bugzilla.suse.com/1034849", }, { category: "external", summary: "SUSE Bug 1038505 for CVE-2017-3533", url: "https://bugzilla.suse.com/1038505", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-3533", }, { cve: "CVE-2017-3539", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3539", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3539", url: "https://www.suse.com/security/cve/CVE-2017-3539", }, { category: "external", summary: "SUSE Bug 1005522 for CVE-2017-3539", url: "https://bugzilla.suse.com/1005522", }, { category: "external", summary: "SUSE Bug 1034849 for CVE-2017-3539", url: "https://bugzilla.suse.com/1034849", }, { category: "external", summary: "SUSE Bug 1038505 for CVE-2017-3539", url: "https://bugzilla.suse.com/1038505", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2017-3539", }, { cve: "CVE-2017-3544", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-3544", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-3544", url: "https://www.suse.com/security/cve/CVE-2017-3544", }, { category: "external", summary: "SUSE Bug 1034849 for CVE-2017-3544", url: "https://bugzilla.suse.com/1034849", }, { category: "external", summary: "SUSE Bug 1038505 for CVE-2017-3544", url: "https://bugzilla.suse.com/1038505", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-3544", }, { cve: "CVE-2018-11212", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-11212", }, ], notes: [ { category: "general", text: "An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-11212", url: "https://www.suse.com/security/cve/CVE-2018-11212", }, { category: "external", summary: "SUSE Bug 1122299 for CVE-2018-11212", url: "https://bugzilla.suse.com/1122299", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2018-11212", }, { cve: "CVE-2018-13785", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-13785", }, ], notes: [ { category: "general", text: "In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-13785", url: "https://www.suse.com/security/cve/CVE-2018-13785", }, { category: "external", summary: "SUSE Bug 1100687 for CVE-2018-13785", url: "https://bugzilla.suse.com/1100687", }, { category: "external", summary: "SUSE Bug 1112153 for CVE-2018-13785", url: "https://bugzilla.suse.com/1112153", }, { category: "external", summary: "SUSE Bug 1116574 for CVE-2018-13785", url: "https://bugzilla.suse.com/1116574", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2018-13785", }, { cve: "CVE-2018-16435", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-16435", }, ], notes: [ { category: "general", text: "Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-16435", url: "https://www.suse.com/security/cve/CVE-2018-16435", }, { category: "external", summary: "SUSE Bug 1108813 for CVE-2018-16435", url: "https://bugzilla.suse.com/1108813", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-16435", }, { cve: "CVE-2018-2579", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2579", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2579", url: "https://www.suse.com/security/cve/CVE-2018-2579", }, { category: "external", summary: "SUSE Bug 1076366 for CVE-2018-2579", url: "https://bugzilla.suse.com/1076366", }, { category: "external", summary: "SUSE Bug 1082810 for CVE-2018-2579", url: "https://bugzilla.suse.com/1082810", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2018-2579", }, { cve: "CVE-2018-2582", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2582", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2582", url: "https://www.suse.com/security/cve/CVE-2018-2582", }, { category: "external", summary: "SUSE Bug 1076366 for CVE-2018-2582", url: "https://bugzilla.suse.com/1076366", }, { category: "external", summary: "SUSE Bug 1082810 for CVE-2018-2582", url: "https://bugzilla.suse.com/1082810", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-2582", }, { cve: "CVE-2018-2588", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2588", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2588", url: "https://www.suse.com/security/cve/CVE-2018-2588", }, { category: "external", summary: "SUSE Bug 1076366 for CVE-2018-2588", url: "https://bugzilla.suse.com/1076366", }, { category: "external", summary: "SUSE Bug 1082810 for CVE-2018-2588", url: "https://bugzilla.suse.com/1082810", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-2588", }, { cve: "CVE-2018-2599", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2599", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2599", url: "https://www.suse.com/security/cve/CVE-2018-2599", }, { category: "external", summary: "SUSE Bug 1076366 for CVE-2018-2599", url: "https://bugzilla.suse.com/1076366", }, { category: "external", summary: "SUSE Bug 1082810 for CVE-2018-2599", url: "https://bugzilla.suse.com/1082810", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-2599", }, { cve: "CVE-2018-2602", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2602", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2602", url: "https://www.suse.com/security/cve/CVE-2018-2602", }, { category: "external", summary: "SUSE Bug 1076366 for CVE-2018-2602", url: "https://bugzilla.suse.com/1076366", }, { category: "external", summary: "SUSE Bug 1082810 for CVE-2018-2602", url: "https://bugzilla.suse.com/1082810", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-2602", }, { cve: "CVE-2018-2603", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2603", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2603", url: "https://www.suse.com/security/cve/CVE-2018-2603", }, { category: "external", summary: "SUSE Bug 1076366 for CVE-2018-2603", url: "https://bugzilla.suse.com/1076366", }, { category: "external", summary: "SUSE Bug 1082810 for CVE-2018-2603", url: "https://bugzilla.suse.com/1082810", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-2603", }, { cve: "CVE-2018-2618", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2618", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2618", url: "https://www.suse.com/security/cve/CVE-2018-2618", }, { category: "external", summary: "SUSE Bug 1076366 for CVE-2018-2618", url: "https://bugzilla.suse.com/1076366", }, { category: "external", summary: "SUSE Bug 1082810 for CVE-2018-2618", url: "https://bugzilla.suse.com/1082810", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-2618", }, { cve: "CVE-2018-2629", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2629", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2629", url: "https://www.suse.com/security/cve/CVE-2018-2629", }, { category: "external", summary: "SUSE Bug 1076366 for CVE-2018-2629", url: "https://bugzilla.suse.com/1076366", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-2629", }, { cve: "CVE-2018-2633", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2633", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2633", url: "https://www.suse.com/security/cve/CVE-2018-2633", }, { category: "external", summary: "SUSE Bug 1076366 for CVE-2018-2633", url: "https://bugzilla.suse.com/1076366", }, { category: "external", summary: "SUSE Bug 1082810 for CVE-2018-2633", url: "https://bugzilla.suse.com/1082810", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-2633", }, { cve: "CVE-2018-2634", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2634", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2634", url: "https://www.suse.com/security/cve/CVE-2018-2634", }, { category: "external", summary: "SUSE Bug 1076366 for CVE-2018-2634", url: "https://bugzilla.suse.com/1076366", }, { category: "external", summary: "SUSE Bug 1082810 for CVE-2018-2634", url: "https://bugzilla.suse.com/1082810", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-2634", }, { cve: "CVE-2018-2637", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2637", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2637", url: "https://www.suse.com/security/cve/CVE-2018-2637", }, { category: "external", summary: "SUSE Bug 1076366 for CVE-2018-2637", url: "https://bugzilla.suse.com/1076366", }, { category: "external", summary: "SUSE Bug 1082810 for CVE-2018-2637", url: "https://bugzilla.suse.com/1082810", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-2637", }, { cve: "CVE-2018-2641", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2641", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2641", url: "https://www.suse.com/security/cve/CVE-2018-2641", }, { category: "external", summary: "SUSE Bug 1076366 for CVE-2018-2641", url: "https://bugzilla.suse.com/1076366", }, { category: "external", summary: "SUSE Bug 1082810 for CVE-2018-2641", url: "https://bugzilla.suse.com/1082810", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-2641", }, { cve: "CVE-2018-2663", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2663", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2663", url: "https://www.suse.com/security/cve/CVE-2018-2663", }, { category: "external", summary: "SUSE Bug 1076366 for CVE-2018-2663", url: "https://bugzilla.suse.com/1076366", }, { category: "external", summary: "SUSE Bug 1082810 for CVE-2018-2663", url: "https://bugzilla.suse.com/1082810", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-2663", }, { cve: "CVE-2018-2677", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2677", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2677", url: "https://www.suse.com/security/cve/CVE-2018-2677", }, { category: "external", summary: "SUSE Bug 1076366 for CVE-2018-2677", url: "https://bugzilla.suse.com/1076366", }, { category: "external", summary: "SUSE Bug 1082810 for CVE-2018-2677", url: "https://bugzilla.suse.com/1082810", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-2677", }, { cve: "CVE-2018-2678", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2678", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2678", url: "https://www.suse.com/security/cve/CVE-2018-2678", }, { category: "external", summary: "SUSE Bug 1076366 for CVE-2018-2678", url: "https://bugzilla.suse.com/1076366", }, { category: "external", summary: "SUSE Bug 1082810 for CVE-2018-2678", url: "https://bugzilla.suse.com/1082810", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-2678", }, { cve: "CVE-2018-2790", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2790", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2790", url: "https://www.suse.com/security/cve/CVE-2018-2790", }, { category: "external", summary: "SUSE Bug 1090023 for CVE-2018-2790", url: "https://bugzilla.suse.com/1090023", }, { category: "external", summary: "SUSE Bug 1093311 for CVE-2018-2790", url: "https://bugzilla.suse.com/1093311", }, { category: "external", summary: "SUSE Bug 1101637 for CVE-2018-2790", url: "https://bugzilla.suse.com/1101637", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2018-2790", }, { cve: "CVE-2018-2794", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2794", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2794", url: "https://www.suse.com/security/cve/CVE-2018-2794", }, { category: "external", summary: "SUSE Bug 1090024 for CVE-2018-2794", url: "https://bugzilla.suse.com/1090024", }, { category: "external", summary: "SUSE Bug 1093311 for CVE-2018-2794", url: "https://bugzilla.suse.com/1093311", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-2794", }, { cve: "CVE-2018-2795", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2795", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2795", url: "https://www.suse.com/security/cve/CVE-2018-2795", }, { category: "external", summary: "SUSE Bug 1090025 for CVE-2018-2795", url: "https://bugzilla.suse.com/1090025", }, { category: "external", summary: "SUSE Bug 1093311 for CVE-2018-2795", url: "https://bugzilla.suse.com/1093311", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-2795", }, { cve: "CVE-2018-2796", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2796", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2796", url: "https://www.suse.com/security/cve/CVE-2018-2796", }, { category: "external", summary: "SUSE Bug 1090026 for CVE-2018-2796", url: "https://bugzilla.suse.com/1090026", }, { category: "external", summary: "SUSE Bug 1093311 for CVE-2018-2796", url: "https://bugzilla.suse.com/1093311", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-2796", }, { cve: "CVE-2018-2797", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2797", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2797", url: "https://www.suse.com/security/cve/CVE-2018-2797", }, { category: "external", summary: "SUSE Bug 1090027 for CVE-2018-2797", url: "https://bugzilla.suse.com/1090027", }, { category: "external", summary: "SUSE Bug 1093311 for CVE-2018-2797", url: "https://bugzilla.suse.com/1093311", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-2797", }, { cve: "CVE-2018-2798", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2798", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2798", url: "https://www.suse.com/security/cve/CVE-2018-2798", }, { category: "external", summary: "SUSE Bug 1090028 for CVE-2018-2798", url: "https://bugzilla.suse.com/1090028", }, { category: "external", summary: "SUSE Bug 1093311 for CVE-2018-2798", url: "https://bugzilla.suse.com/1093311", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-2798", }, { cve: "CVE-2018-2799", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2799", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2799", url: "https://www.suse.com/security/cve/CVE-2018-2799", }, { category: "external", summary: "SUSE Bug 1090029 for CVE-2018-2799", url: "https://bugzilla.suse.com/1090029", }, { category: "external", summary: "SUSE Bug 1093311 for CVE-2018-2799", url: "https://bugzilla.suse.com/1093311", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-2799", }, { cve: "CVE-2018-2800", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2800", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2800", url: "https://www.suse.com/security/cve/CVE-2018-2800", }, { category: "external", summary: "SUSE Bug 1090030 for CVE-2018-2800", url: "https://bugzilla.suse.com/1090030", }, { category: "external", summary: "SUSE Bug 1093311 for CVE-2018-2800", url: "https://bugzilla.suse.com/1093311", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-2800", }, { cve: "CVE-2018-2814", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2814", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2814", url: "https://www.suse.com/security/cve/CVE-2018-2814", }, { category: "external", summary: "SUSE Bug 1090032 for CVE-2018-2814", url: "https://bugzilla.suse.com/1090032", }, { category: "external", summary: "SUSE Bug 1093311 for CVE-2018-2814", url: "https://bugzilla.suse.com/1093311", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-2814", }, { cve: "CVE-2018-2815", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2815", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2815", url: "https://www.suse.com/security/cve/CVE-2018-2815", }, { category: "external", summary: "SUSE Bug 1090033 for CVE-2018-2815", url: "https://bugzilla.suse.com/1090033", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-2815", }, { cve: "CVE-2018-2938", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2938", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Supported versions that are affected are Java SE: 6u191, 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVE-2018-2938 addresses CVE-2018-1313. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2938", url: "https://www.suse.com/security/cve/CVE-2018-2938", }, { category: "external", summary: "SUSE Bug 1101644 for CVE-2018-2938", url: "https://bugzilla.suse.com/1101644", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-2938", }, { cve: "CVE-2018-2940", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2940", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2940", url: "https://www.suse.com/security/cve/CVE-2018-2940", }, { category: "external", summary: "SUSE Bug 1101645 for CVE-2018-2940", url: "https://bugzilla.suse.com/1101645", }, { category: "external", summary: "SUSE Bug 1101656 for CVE-2018-2940", url: "https://bugzilla.suse.com/1101656", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-2940", }, { cve: "CVE-2018-2952", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2952", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2952", url: "https://www.suse.com/security/cve/CVE-2018-2952", }, { category: "external", summary: "SUSE Bug 1101645 for CVE-2018-2952", url: "https://bugzilla.suse.com/1101645", }, { category: "external", summary: "SUSE Bug 1101651 for CVE-2018-2952", url: "https://bugzilla.suse.com/1101651", }, { category: "external", summary: "SUSE Bug 1101656 for CVE-2018-2952", url: "https://bugzilla.suse.com/1101656", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-2952", }, { cve: "CVE-2018-2973", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-2973", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-2973", url: "https://www.suse.com/security/cve/CVE-2018-2973", }, { category: "external", summary: "SUSE Bug 1101645 for CVE-2018-2973", url: "https://bugzilla.suse.com/1101645", }, { category: "external", summary: "SUSE Bug 1101656 for CVE-2018-2973", url: "https://bugzilla.suse.com/1101656", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-2973", }, { cve: "CVE-2018-3136", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-3136", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-3136", url: "https://www.suse.com/security/cve/CVE-2018-3136", }, { category: "external", summary: "SUSE Bug 1112142 for CVE-2018-3136", url: "https://bugzilla.suse.com/1112142", }, { category: "external", summary: "SUSE Bug 1112143 for CVE-2018-3136", url: "https://bugzilla.suse.com/1112143", }, { category: "external", summary: "SUSE Bug 1112144 for CVE-2018-3136", url: "https://bugzilla.suse.com/1112144", }, { category: "external", summary: "SUSE Bug 1112146 for CVE-2018-3136", url: "https://bugzilla.suse.com/1112146", }, { category: "external", summary: "SUSE Bug 1112148 for CVE-2018-3136", url: "https://bugzilla.suse.com/1112148", }, { category: "external", summary: "SUSE Bug 1112152 for CVE-2018-3136", url: "https://bugzilla.suse.com/1112152", }, { category: "external", summary: "SUSE Bug 1116574 for CVE-2018-3136", url: "https://bugzilla.suse.com/1116574", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2018-3136", }, { cve: "CVE-2018-3139", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-3139", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-3139", url: "https://www.suse.com/security/cve/CVE-2018-3139", }, { category: "external", summary: "SUSE Bug 1112142 for CVE-2018-3139", url: "https://bugzilla.suse.com/1112142", }, { category: "external", summary: "SUSE Bug 1112143 for CVE-2018-3139", url: "https://bugzilla.suse.com/1112143", }, { category: "external", summary: "SUSE Bug 1112144 for CVE-2018-3139", url: "https://bugzilla.suse.com/1112144", }, { category: "external", summary: "SUSE Bug 1112146 for CVE-2018-3139", url: "https://bugzilla.suse.com/1112146", }, { category: "external", summary: "SUSE Bug 1112148 for CVE-2018-3139", url: "https://bugzilla.suse.com/1112148", }, { category: "external", summary: "SUSE Bug 1112152 for CVE-2018-3139", url: "https://bugzilla.suse.com/1112152", }, { category: "external", summary: "SUSE Bug 1116574 for CVE-2018-3139", url: "https://bugzilla.suse.com/1116574", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2018-3139", }, { cve: "CVE-2018-3149", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-3149", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-3149", url: "https://www.suse.com/security/cve/CVE-2018-3149", }, { category: "external", summary: "SUSE Bug 1112142 for CVE-2018-3149", url: "https://bugzilla.suse.com/1112142", }, { category: "external", summary: "SUSE Bug 1112143 for CVE-2018-3149", url: "https://bugzilla.suse.com/1112143", }, { category: "external", summary: "SUSE Bug 1112144 for CVE-2018-3149", url: "https://bugzilla.suse.com/1112144", }, { category: "external", summary: "SUSE Bug 1112146 for CVE-2018-3149", url: "https://bugzilla.suse.com/1112146", }, { category: "external", summary: "SUSE Bug 1112148 for CVE-2018-3149", url: "https://bugzilla.suse.com/1112148", }, { category: "external", summary: "SUSE Bug 1112152 for CVE-2018-3149", url: "https://bugzilla.suse.com/1112152", }, { category: "external", summary: "SUSE Bug 1116574 for CVE-2018-3149", url: "https://bugzilla.suse.com/1116574", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-3149", }, { cve: "CVE-2018-3169", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-3169", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-3169", url: "https://www.suse.com/security/cve/CVE-2018-3169", }, { category: "external", summary: "SUSE Bug 1112142 for CVE-2018-3169", url: "https://bugzilla.suse.com/1112142", }, { category: "external", summary: "SUSE Bug 1112143 for CVE-2018-3169", url: "https://bugzilla.suse.com/1112143", }, { category: "external", summary: "SUSE Bug 1112144 for CVE-2018-3169", url: "https://bugzilla.suse.com/1112144", }, { category: "external", summary: "SUSE Bug 1112146 for CVE-2018-3169", url: "https://bugzilla.suse.com/1112146", }, { category: "external", summary: "SUSE Bug 1112148 for CVE-2018-3169", url: "https://bugzilla.suse.com/1112148", }, { category: "external", summary: "SUSE Bug 1112152 for CVE-2018-3169", url: "https://bugzilla.suse.com/1112152", }, { category: "external", summary: "SUSE Bug 1116574 for CVE-2018-3169", url: "https://bugzilla.suse.com/1116574", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-3169", }, { cve: "CVE-2018-3180", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-3180", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-3180", url: "https://www.suse.com/security/cve/CVE-2018-3180", }, { category: "external", summary: "SUSE Bug 1112142 for CVE-2018-3180", url: "https://bugzilla.suse.com/1112142", }, { category: "external", summary: "SUSE Bug 1112143 for CVE-2018-3180", url: "https://bugzilla.suse.com/1112143", }, { category: "external", summary: "SUSE Bug 1112144 for CVE-2018-3180", url: "https://bugzilla.suse.com/1112144", }, { category: "external", summary: "SUSE Bug 1112146 for CVE-2018-3180", url: "https://bugzilla.suse.com/1112146", }, { category: "external", summary: "SUSE Bug 1112147 for CVE-2018-3180", url: "https://bugzilla.suse.com/1112147", }, { category: "external", summary: "SUSE Bug 1112148 for CVE-2018-3180", url: "https://bugzilla.suse.com/1112148", }, { category: "external", summary: "SUSE Bug 1112152 for CVE-2018-3180", url: "https://bugzilla.suse.com/1112152", }, { category: "external", summary: "SUSE Bug 1116574 for CVE-2018-3180", url: "https://bugzilla.suse.com/1116574", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-3180", }, { cve: "CVE-2018-3183", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-3183", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-3183", url: "https://www.suse.com/security/cve/CVE-2018-3183", }, { category: "external", summary: "SUSE Bug 1112142 for CVE-2018-3183", url: "https://bugzilla.suse.com/1112142", }, { category: "external", summary: "SUSE Bug 1112143 for CVE-2018-3183", url: "https://bugzilla.suse.com/1112143", }, { category: "external", summary: "SUSE Bug 1112144 for CVE-2018-3183", url: "https://bugzilla.suse.com/1112144", }, { category: "external", summary: "SUSE Bug 1112146 for CVE-2018-3183", url: "https://bugzilla.suse.com/1112146", }, { category: "external", summary: "SUSE Bug 1112148 for CVE-2018-3183", url: "https://bugzilla.suse.com/1112148", }, { category: "external", summary: "SUSE Bug 1112152 for CVE-2018-3183", url: "https://bugzilla.suse.com/1112152", }, { category: "external", summary: "SUSE Bug 1116574 for CVE-2018-3183", url: "https://bugzilla.suse.com/1116574", }, { category: "external", summary: "SUSE Bug 1120714 for CVE-2018-3183", url: "https://bugzilla.suse.com/1120714", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2018-3183", }, { cve: "CVE-2018-3214", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-3214", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-3214", url: "https://www.suse.com/security/cve/CVE-2018-3214", }, { category: "external", summary: "SUSE Bug 1112142 for CVE-2018-3214", url: "https://bugzilla.suse.com/1112142", }, { category: "external", summary: "SUSE Bug 1112143 for CVE-2018-3214", url: "https://bugzilla.suse.com/1112143", }, { category: "external", summary: "SUSE Bug 1112144 for CVE-2018-3214", url: "https://bugzilla.suse.com/1112144", }, { category: "external", summary: "SUSE Bug 1112146 for CVE-2018-3214", url: "https://bugzilla.suse.com/1112146", }, { category: "external", summary: "SUSE Bug 1112148 for CVE-2018-3214", url: "https://bugzilla.suse.com/1112148", }, { category: "external", summary: "SUSE Bug 1112152 for CVE-2018-3214", url: "https://bugzilla.suse.com/1112152", }, { category: "external", summary: "SUSE Bug 1116574 for CVE-2018-3214", url: "https://bugzilla.suse.com/1116574", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-3214", }, { cve: "CVE-2018-3639", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-3639", }, ], notes: [ { category: "general", text: "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-3639", url: "https://www.suse.com/security/cve/CVE-2018-3639", }, { category: "external", summary: "SUSE Bug 1074701 for CVE-2018-3639", url: "https://bugzilla.suse.com/1074701", }, { category: "external", summary: "SUSE Bug 1085235 for CVE-2018-3639", url: "https://bugzilla.suse.com/1085235", }, { category: "external", summary: "SUSE Bug 1085308 for CVE-2018-3639", url: "https://bugzilla.suse.com/1085308", }, { category: "external", summary: "SUSE Bug 1087078 for CVE-2018-3639", url: "https://bugzilla.suse.com/1087078", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2018-3639", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1092631 for CVE-2018-3639", url: "https://bugzilla.suse.com/1092631", }, { category: "external", summary: "SUSE Bug 1092885 for CVE-2018-3639", url: "https://bugzilla.suse.com/1092885", }, { category: "external", summary: "SUSE Bug 1094912 for CVE-2018-3639", url: "https://bugzilla.suse.com/1094912", }, { category: "external", summary: "SUSE Bug 1098813 for CVE-2018-3639", url: "https://bugzilla.suse.com/1098813", }, { category: "external", summary: "SUSE Bug 1100394 for CVE-2018-3639", url: "https://bugzilla.suse.com/1100394", }, { category: "external", summary: "SUSE Bug 1102640 for CVE-2018-3639", url: "https://bugzilla.suse.com/1102640", }, { category: "external", summary: "SUSE Bug 1105412 for CVE-2018-3639", url: "https://bugzilla.suse.com/1105412", }, { category: "external", summary: "SUSE Bug 1111963 for CVE-2018-3639", url: "https://bugzilla.suse.com/1111963", }, { category: "external", summary: "SUSE Bug 1172781 for CVE-2018-3639", url: "https://bugzilla.suse.com/1172781", }, { category: "external", summary: "SUSE Bug 1172782 for CVE-2018-3639", url: "https://bugzilla.suse.com/1172782", }, { category: "external", summary: "SUSE Bug 1172783 for CVE-2018-3639", url: "https://bugzilla.suse.com/1172783", }, { category: "external", summary: "SUSE Bug 1173489 for CVE-2018-3639", url: "https://bugzilla.suse.com/1173489", }, { category: "external", summary: "SUSE Bug 1178658 for CVE-2018-3639", url: "https://bugzilla.suse.com/1178658", }, { category: "external", summary: "SUSE Bug 1201877 for CVE-2018-3639", url: "https://bugzilla.suse.com/1201877", }, { category: "external", summary: "SUSE Bug 1215674 for CVE-2018-3639", url: "https://bugzilla.suse.com/1215674", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-3639", }, { cve: "CVE-2019-2422", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2422", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2422", url: "https://www.suse.com/security/cve/CVE-2019-2422", }, { category: "external", summary: "SUSE Bug 1122293 for CVE-2019-2422", url: "https://bugzilla.suse.com/1122293", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-2422", }, { cve: "CVE-2019-2426", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2426", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2426", url: "https://www.suse.com/security/cve/CVE-2019-2426", }, { category: "external", summary: "SUSE Bug 1134297 for CVE-2019-2426", url: "https://bugzilla.suse.com/1134297", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-2426", }, { cve: "CVE-2019-2602", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2602", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2602", url: "https://www.suse.com/security/cve/CVE-2019-2602", }, { category: "external", summary: "SUSE Bug 1132728 for CVE-2019-2602", url: "https://bugzilla.suse.com/1132728", }, { category: "external", summary: "SUSE Bug 1134718 for CVE-2019-2602", url: "https://bugzilla.suse.com/1134718", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-2602", }, { cve: "CVE-2019-2684", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2684", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2684", url: "https://www.suse.com/security/cve/CVE-2019-2684", }, { category: "external", summary: "SUSE Bug 1132732 for CVE-2019-2684", url: "https://bugzilla.suse.com/1132732", }, { category: "external", summary: "SUSE Bug 1134718 for CVE-2019-2684", url: "https://bugzilla.suse.com/1134718", }, { category: "external", summary: "SUSE Bug 1184734 for CVE-2019-2684", url: "https://bugzilla.suse.com/1184734", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-2684", }, { cve: "CVE-2019-2698", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2698", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2698", url: "https://www.suse.com/security/cve/CVE-2019-2698", }, { category: "external", summary: "SUSE Bug 1132729 for CVE-2019-2698", url: "https://bugzilla.suse.com/1132729", }, { category: "external", summary: "SUSE Bug 1134718 for CVE-2019-2698", url: "https://bugzilla.suse.com/1134718", }, { category: "external", summary: "SUSE Bug 1163365 for CVE-2019-2698", url: "https://bugzilla.suse.com/1163365", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-2698", }, { cve: "CVE-2019-2745", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2745", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2745", url: "https://www.suse.com/security/cve/CVE-2019-2745", }, { category: "external", summary: "SUSE Bug 1141784 for CVE-2019-2745", url: "https://bugzilla.suse.com/1141784", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-2745", }, { cve: "CVE-2019-2762", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2762", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2762", url: "https://www.suse.com/security/cve/CVE-2019-2762", }, { category: "external", summary: "SUSE Bug 1141782 for CVE-2019-2762", url: "https://bugzilla.suse.com/1141782", }, { category: "external", summary: "SUSE Bug 1147021 for CVE-2019-2762", url: "https://bugzilla.suse.com/1147021", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-2762", }, { cve: "CVE-2019-2766", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2766", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2766", url: "https://www.suse.com/security/cve/CVE-2019-2766", }, { category: "external", summary: "SUSE Bug 1141789 for CVE-2019-2766", url: "https://bugzilla.suse.com/1141789", }, { category: "external", summary: "SUSE Bug 1147021 for CVE-2019-2766", url: "https://bugzilla.suse.com/1147021", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-2766", }, { cve: "CVE-2019-2769", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2769", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2769", url: "https://www.suse.com/security/cve/CVE-2019-2769", }, { category: "external", summary: "SUSE Bug 1141783 for CVE-2019-2769", url: "https://bugzilla.suse.com/1141783", }, { category: "external", summary: "SUSE Bug 1147021 for CVE-2019-2769", url: "https://bugzilla.suse.com/1147021", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-2769", }, { cve: "CVE-2019-2786", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2786", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2786", url: "https://www.suse.com/security/cve/CVE-2019-2786", }, { category: "external", summary: "SUSE Bug 1141787 for CVE-2019-2786", url: "https://bugzilla.suse.com/1141787", }, { category: "external", summary: "SUSE Bug 1147021 for CVE-2019-2786", url: "https://bugzilla.suse.com/1147021", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-2786", }, { cve: "CVE-2019-2816", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2816", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2816", url: "https://www.suse.com/security/cve/CVE-2019-2816", }, { category: "external", summary: "SUSE Bug 1141785 for CVE-2019-2816", url: "https://bugzilla.suse.com/1141785", }, { category: "external", summary: "SUSE Bug 1147021 for CVE-2019-2816", url: "https://bugzilla.suse.com/1147021", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-2816", }, { cve: "CVE-2019-2842", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2842", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2842", url: "https://www.suse.com/security/cve/CVE-2019-2842", }, { category: "external", summary: "SUSE Bug 1141786 for CVE-2019-2842", url: "https://bugzilla.suse.com/1141786", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-2842", }, { cve: "CVE-2019-2894", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2894", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2894", url: "https://www.suse.com/security/cve/CVE-2019-2894", }, { category: "external", summary: "SUSE Bug 1152856 for CVE-2019-2894", url: "https://bugzilla.suse.com/1152856", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-2894", url: "https://bugzilla.suse.com/1154212", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-2894", }, { cve: "CVE-2019-2933", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2933", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2933", url: "https://www.suse.com/security/cve/CVE-2019-2933", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-2933", url: "https://bugzilla.suse.com/1154212", }, { category: "external", summary: "SUSE Bug 1158442 for CVE-2019-2933", url: "https://bugzilla.suse.com/1158442", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-2933", }, { cve: "CVE-2019-2945", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2945", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2945", url: "https://www.suse.com/security/cve/CVE-2019-2945", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-2945", url: "https://bugzilla.suse.com/1154212", }, { category: "external", summary: "SUSE Bug 1158442 for CVE-2019-2945", url: "https://bugzilla.suse.com/1158442", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-2945", }, { cve: "CVE-2019-2949", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2949", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2949", url: "https://www.suse.com/security/cve/CVE-2019-2949", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-2949", url: "https://bugzilla.suse.com/1154212", }, { category: "external", summary: "SUSE Bug 1172277 for CVE-2019-2949", url: "https://bugzilla.suse.com/1172277", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-2949", }, { cve: "CVE-2019-2958", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2958", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2958", url: "https://www.suse.com/security/cve/CVE-2019-2958", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-2958", url: "https://bugzilla.suse.com/1154212", }, { category: "external", summary: "SUSE Bug 1158442 for CVE-2019-2958", url: "https://bugzilla.suse.com/1158442", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-2958", }, { cve: "CVE-2019-2962", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2962", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2962", url: "https://www.suse.com/security/cve/CVE-2019-2962", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-2962", url: "https://bugzilla.suse.com/1154212", }, { category: "external", summary: "SUSE Bug 1158442 for CVE-2019-2962", url: "https://bugzilla.suse.com/1158442", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-2962", }, { cve: "CVE-2019-2964", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2964", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2964", url: "https://www.suse.com/security/cve/CVE-2019-2964", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-2964", url: "https://bugzilla.suse.com/1154212", }, { category: "external", summary: "SUSE Bug 1158442 for CVE-2019-2964", url: "https://bugzilla.suse.com/1158442", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-2964", }, { cve: "CVE-2019-2973", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2973", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2973", url: "https://www.suse.com/security/cve/CVE-2019-2973", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-2973", url: "https://bugzilla.suse.com/1154212", }, { category: "external", summary: "SUSE Bug 1158442 for CVE-2019-2973", url: "https://bugzilla.suse.com/1158442", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-2973", }, { cve: "CVE-2019-2975", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2975", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2975", url: "https://www.suse.com/security/cve/CVE-2019-2975", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-2975", url: "https://bugzilla.suse.com/1154212", }, { category: "external", summary: "SUSE Bug 1158442 for CVE-2019-2975", url: "https://bugzilla.suse.com/1158442", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-2975", }, { cve: "CVE-2019-2978", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2978", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2978", url: "https://www.suse.com/security/cve/CVE-2019-2978", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-2978", url: "https://bugzilla.suse.com/1154212", }, { category: "external", summary: "SUSE Bug 1158442 for CVE-2019-2978", url: "https://bugzilla.suse.com/1158442", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-2978", }, { cve: "CVE-2019-2981", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2981", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2981", url: "https://www.suse.com/security/cve/CVE-2019-2981", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-2981", url: "https://bugzilla.suse.com/1154212", }, { category: "external", summary: "SUSE Bug 1158442 for CVE-2019-2981", url: "https://bugzilla.suse.com/1158442", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-2981", }, { cve: "CVE-2019-2983", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2983", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2983", url: "https://www.suse.com/security/cve/CVE-2019-2983", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-2983", url: "https://bugzilla.suse.com/1154212", }, { category: "external", summary: "SUSE Bug 1158442 for CVE-2019-2983", url: "https://bugzilla.suse.com/1158442", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-2983", }, { cve: "CVE-2019-2987", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2987", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2987", url: "https://www.suse.com/security/cve/CVE-2019-2987", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-2987", url: "https://bugzilla.suse.com/1154212", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-2987", }, { cve: "CVE-2019-2988", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2988", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2988", url: "https://www.suse.com/security/cve/CVE-2019-2988", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-2988", url: "https://bugzilla.suse.com/1154212", }, { category: "external", summary: "SUSE Bug 1158442 for CVE-2019-2988", url: "https://bugzilla.suse.com/1158442", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-2988", }, { cve: "CVE-2019-2989", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2989", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2989", url: "https://www.suse.com/security/cve/CVE-2019-2989", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-2989", url: "https://bugzilla.suse.com/1154212", }, { category: "external", summary: "SUSE Bug 1158442 for CVE-2019-2989", url: "https://bugzilla.suse.com/1158442", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-2989", }, { cve: "CVE-2019-2992", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2992", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2992", url: "https://www.suse.com/security/cve/CVE-2019-2992", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-2992", url: "https://bugzilla.suse.com/1154212", }, { category: "external", summary: "SUSE Bug 1158442 for CVE-2019-2992", url: "https://bugzilla.suse.com/1158442", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-2992", }, { cve: "CVE-2019-2999", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-2999", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-2999", url: "https://www.suse.com/security/cve/CVE-2019-2999", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-2999", url: "https://bugzilla.suse.com/1154212", }, { category: "external", summary: "SUSE Bug 1158442 for CVE-2019-2999", url: "https://bugzilla.suse.com/1158442", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-2999", }, { cve: "CVE-2019-7317", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-7317", }, ], notes: [ { category: "general", text: "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-7317", url: "https://www.suse.com/security/cve/CVE-2019-7317", }, { category: "external", summary: "SUSE Bug 1124211 for CVE-2019-7317", url: "https://bugzilla.suse.com/1124211", }, { category: "external", summary: "SUSE Bug 1135824 for CVE-2019-7317", url: "https://bugzilla.suse.com/1135824", }, { category: "external", summary: "SUSE Bug 1141780 for CVE-2019-7317", url: "https://bugzilla.suse.com/1141780", }, { category: "external", summary: "SUSE Bug 1147021 for CVE-2019-7317", url: "https://bugzilla.suse.com/1147021", }, { category: "external", summary: "SUSE Bug 1165297 for CVE-2019-7317", url: "https://bugzilla.suse.com/1165297", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-7317", }, { cve: "CVE-2020-14556", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14556", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14556", url: "https://www.suse.com/security/cve/CVE-2020-14556", }, { category: "external", summary: "SUSE Bug 1174157 for CVE-2020-14556", url: "https://bugzilla.suse.com/1174157", }, { category: "external", summary: "SUSE Bug 1175259 for CVE-2020-14556", url: "https://bugzilla.suse.com/1175259", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-14556", }, { cve: "CVE-2020-14577", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14577", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14577", url: "https://www.suse.com/security/cve/CVE-2020-14577", }, { category: "external", summary: "SUSE Bug 1174157 for CVE-2020-14577", url: "https://bugzilla.suse.com/1174157", }, { category: "external", summary: "SUSE Bug 1175259 for CVE-2020-14577", url: "https://bugzilla.suse.com/1175259", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-14577", }, { cve: "CVE-2020-14578", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14578", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14578", url: "https://www.suse.com/security/cve/CVE-2020-14578", }, { category: "external", summary: "SUSE Bug 1174157 for CVE-2020-14578", url: "https://bugzilla.suse.com/1174157", }, { category: "external", summary: "SUSE Bug 1175259 for CVE-2020-14578", url: "https://bugzilla.suse.com/1175259", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-14578", }, { cve: "CVE-2020-14579", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14579", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14579", url: "https://www.suse.com/security/cve/CVE-2020-14579", }, { category: "external", summary: "SUSE Bug 1174157 for CVE-2020-14579", url: "https://bugzilla.suse.com/1174157", }, { category: "external", summary: "SUSE Bug 1175259 for CVE-2020-14579", url: "https://bugzilla.suse.com/1175259", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-14579", }, { cve: "CVE-2020-14581", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14581", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14581", url: "https://www.suse.com/security/cve/CVE-2020-14581", }, { category: "external", summary: "SUSE Bug 1174157 for CVE-2020-14581", url: "https://bugzilla.suse.com/1174157", }, { category: "external", summary: "SUSE Bug 1175259 for CVE-2020-14581", url: "https://bugzilla.suse.com/1175259", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-14581", }, { cve: "CVE-2020-14583", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14583", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14583", url: "https://www.suse.com/security/cve/CVE-2020-14583", }, { category: "external", summary: "SUSE Bug 1174157 for CVE-2020-14583", url: "https://bugzilla.suse.com/1174157", }, { category: "external", summary: "SUSE Bug 1175259 for CVE-2020-14583", url: "https://bugzilla.suse.com/1175259", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-14583", }, { cve: "CVE-2020-14593", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14593", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14593", url: "https://www.suse.com/security/cve/CVE-2020-14593", }, { category: "external", summary: "SUSE Bug 1174157 for CVE-2020-14593", url: "https://bugzilla.suse.com/1174157", }, { category: "external", summary: "SUSE Bug 1175259 for CVE-2020-14593", url: "https://bugzilla.suse.com/1175259", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-14593", }, { cve: "CVE-2020-14621", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14621", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14621", url: "https://www.suse.com/security/cve/CVE-2020-14621", }, { category: "external", summary: "SUSE Bug 1174157 for CVE-2020-14621", url: "https://bugzilla.suse.com/1174157", }, { category: "external", summary: "SUSE Bug 1175259 for CVE-2020-14621", url: "https://bugzilla.suse.com/1175259", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-14621", }, { cve: "CVE-2020-14779", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14779", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14779", url: "https://www.suse.com/security/cve/CVE-2020-14779", }, { category: "external", summary: "SUSE Bug 1177943 for CVE-2020-14779", url: "https://bugzilla.suse.com/1177943", }, { category: "external", summary: "SUSE Bug 1180063 for CVE-2020-14779", url: "https://bugzilla.suse.com/1180063", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-14779", }, { cve: "CVE-2020-14781", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14781", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14781", url: "https://www.suse.com/security/cve/CVE-2020-14781", }, { category: "external", summary: "SUSE Bug 1177943 for CVE-2020-14781", url: "https://bugzilla.suse.com/1177943", }, { category: "external", summary: "SUSE Bug 1180063 for CVE-2020-14781", url: "https://bugzilla.suse.com/1180063", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-14781", }, { cve: "CVE-2020-14782", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14782", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14782", url: "https://www.suse.com/security/cve/CVE-2020-14782", }, { category: "external", summary: "SUSE Bug 1177943 for CVE-2020-14782", url: "https://bugzilla.suse.com/1177943", }, { category: "external", summary: "SUSE Bug 1180063 for CVE-2020-14782", url: "https://bugzilla.suse.com/1180063", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-14782", }, { cve: "CVE-2020-14792", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14792", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14792", url: "https://www.suse.com/security/cve/CVE-2020-14792", }, { category: "external", summary: "SUSE Bug 1177943 for CVE-2020-14792", url: "https://bugzilla.suse.com/1177943", }, { category: "external", summary: "SUSE Bug 1180063 for CVE-2020-14792", url: "https://bugzilla.suse.com/1180063", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-14792", }, { cve: "CVE-2020-14796", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14796", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14796", url: "https://www.suse.com/security/cve/CVE-2020-14796", }, { category: "external", summary: "SUSE Bug 1177943 for CVE-2020-14796", url: "https://bugzilla.suse.com/1177943", }, { category: "external", summary: "SUSE Bug 1180063 for CVE-2020-14796", url: "https://bugzilla.suse.com/1180063", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-14796", }, { cve: "CVE-2020-14797", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14797", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14797", url: "https://www.suse.com/security/cve/CVE-2020-14797", }, { category: "external", summary: "SUSE Bug 1177943 for CVE-2020-14797", url: "https://bugzilla.suse.com/1177943", }, { category: "external", summary: "SUSE Bug 1180063 for CVE-2020-14797", url: "https://bugzilla.suse.com/1180063", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-14797", }, { cve: "CVE-2020-14798", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14798", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14798", url: "https://www.suse.com/security/cve/CVE-2020-14798", }, { category: "external", summary: "SUSE Bug 1177943 for CVE-2020-14798", url: "https://bugzilla.suse.com/1177943", }, { category: "external", summary: "SUSE Bug 1180063 for CVE-2020-14798", url: "https://bugzilla.suse.com/1180063", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-14798", }, { cve: "CVE-2020-14803", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14803", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14803", url: "https://www.suse.com/security/cve/CVE-2020-14803", }, { category: "external", summary: "SUSE Bug 1177943 for CVE-2020-14803", url: "https://bugzilla.suse.com/1177943", }, { category: "external", summary: "SUSE Bug 1181239 for CVE-2020-14803", url: "https://bugzilla.suse.com/1181239", }, { category: "external", summary: "SUSE Bug 1182186 for CVE-2020-14803", url: "https://bugzilla.suse.com/1182186", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-14803", }, { cve: "CVE-2020-2583", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-2583", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-2583", url: "https://www.suse.com/security/cve/CVE-2020-2583", }, { category: "external", summary: "SUSE Bug 1160968 for CVE-2020-2583", url: "https://bugzilla.suse.com/1160968", }, { category: "external", summary: "SUSE Bug 1162972 for CVE-2020-2583", url: "https://bugzilla.suse.com/1162972", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-2583", }, { cve: "CVE-2020-2590", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-2590", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-2590", url: "https://www.suse.com/security/cve/CVE-2020-2590", }, { category: "external", summary: "SUSE Bug 1160968 for CVE-2020-2590", url: "https://bugzilla.suse.com/1160968", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-2590", }, { cve: "CVE-2020-2593", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-2593", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-2593", url: "https://www.suse.com/security/cve/CVE-2020-2593", }, { category: "external", summary: "SUSE Bug 1160968 for CVE-2020-2593", url: "https://bugzilla.suse.com/1160968", }, { category: "external", summary: "SUSE Bug 1162972 for CVE-2020-2593", url: "https://bugzilla.suse.com/1162972", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-2593", }, { cve: "CVE-2020-2601", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-2601", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-2601", url: "https://www.suse.com/security/cve/CVE-2020-2601", }, { category: "external", summary: "SUSE Bug 1160968 for CVE-2020-2601", url: "https://bugzilla.suse.com/1160968", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-2601", }, { cve: "CVE-2020-2604", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-2604", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-2604", url: "https://www.suse.com/security/cve/CVE-2020-2604", }, { category: "external", summary: "SUSE Bug 1160968 for CVE-2020-2604", url: "https://bugzilla.suse.com/1160968", }, { category: "external", summary: "SUSE Bug 1162972 for CVE-2020-2604", url: "https://bugzilla.suse.com/1162972", }, { category: "external", summary: "SUSE Bug 1165863 for CVE-2020-2604", url: "https://bugzilla.suse.com/1165863", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-2604", }, { cve: "CVE-2020-2654", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-2654", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-2654", url: "https://www.suse.com/security/cve/CVE-2020-2654", }, { category: "external", summary: "SUSE Bug 1160968 for CVE-2020-2654", url: "https://bugzilla.suse.com/1160968", }, { category: "external", summary: "SUSE Bug 1172277 for CVE-2020-2654", url: "https://bugzilla.suse.com/1172277", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-2654", }, { cve: "CVE-2020-2659", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-2659", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-2659", url: "https://www.suse.com/security/cve/CVE-2020-2659", }, { category: "external", summary: "SUSE Bug 1160968 for CVE-2020-2659", url: "https://bugzilla.suse.com/1160968", }, { category: "external", summary: "SUSE Bug 1162972 for CVE-2020-2659", url: "https://bugzilla.suse.com/1162972", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2020-2659", }, { cve: "CVE-2020-2754", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-2754", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-2754", url: "https://www.suse.com/security/cve/CVE-2020-2754", }, { category: "external", summary: "SUSE Bug 1169511 for CVE-2020-2754", url: "https://bugzilla.suse.com/1169511", }, { category: "external", summary: "SUSE Bug 1172277 for CVE-2020-2754", url: "https://bugzilla.suse.com/1172277", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-2754", }, { cve: "CVE-2020-2755", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-2755", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-2755", url: "https://www.suse.com/security/cve/CVE-2020-2755", }, { category: "external", summary: "SUSE Bug 1169511 for CVE-2020-2755", url: "https://bugzilla.suse.com/1169511", }, { category: "external", summary: "SUSE Bug 1172277 for CVE-2020-2755", url: "https://bugzilla.suse.com/1172277", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-2755", }, { cve: "CVE-2020-2756", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-2756", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-2756", url: "https://www.suse.com/security/cve/CVE-2020-2756", }, { category: "external", summary: "SUSE Bug 1169511 for CVE-2020-2756", url: "https://bugzilla.suse.com/1169511", }, { category: "external", summary: "SUSE Bug 1172277 for CVE-2020-2756", url: "https://bugzilla.suse.com/1172277", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-2756", }, { cve: "CVE-2020-2757", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-2757", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-2757", url: "https://www.suse.com/security/cve/CVE-2020-2757", }, { category: "external", summary: "SUSE Bug 1169511 for CVE-2020-2757", url: "https://bugzilla.suse.com/1169511", }, { category: "external", summary: "SUSE Bug 1172277 for CVE-2020-2757", url: "https://bugzilla.suse.com/1172277", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-2757", }, { cve: "CVE-2020-2773", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-2773", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-2773", url: "https://www.suse.com/security/cve/CVE-2020-2773", }, { category: "external", summary: "SUSE Bug 1169511 for CVE-2020-2773", url: "https://bugzilla.suse.com/1169511", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-2773", }, { cve: "CVE-2020-2781", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-2781", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-2781", url: "https://www.suse.com/security/cve/CVE-2020-2781", }, { category: "external", summary: "SUSE Bug 1169511 for CVE-2020-2781", url: "https://bugzilla.suse.com/1169511", }, { category: "external", summary: "SUSE Bug 1172277 for CVE-2020-2781", url: "https://bugzilla.suse.com/1172277", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-2781", }, { cve: "CVE-2020-2800", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-2800", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-2800", url: "https://www.suse.com/security/cve/CVE-2020-2800", }, { category: "external", summary: "SUSE Bug 1169511 for CVE-2020-2800", url: "https://bugzilla.suse.com/1169511", }, { category: "external", summary: "SUSE Bug 1172277 for CVE-2020-2800", url: "https://bugzilla.suse.com/1172277", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-2800", }, { cve: "CVE-2020-2803", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-2803", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-2803", url: "https://www.suse.com/security/cve/CVE-2020-2803", }, { category: "external", summary: "SUSE Bug 1169511 for CVE-2020-2803", url: "https://bugzilla.suse.com/1169511", }, { category: "external", summary: "SUSE Bug 1172277 for CVE-2020-2803", url: "https://bugzilla.suse.com/1172277", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-2803", }, { cve: "CVE-2020-2805", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-2805", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-2805", url: "https://www.suse.com/security/cve/CVE-2020-2805", }, { category: "external", summary: "SUSE Bug 1169511 for CVE-2020-2805", url: "https://bugzilla.suse.com/1169511", }, { category: "external", summary: "SUSE Bug 1172277 for CVE-2020-2805", url: "https://bugzilla.suse.com/1172277", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-2805", }, { cve: "CVE-2020-2830", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-2830", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-2830", url: "https://www.suse.com/security/cve/CVE-2020-2830", }, { category: "external", summary: "SUSE Bug 1169511 for CVE-2020-2830", url: "https://bugzilla.suse.com/1169511", }, { category: "external", summary: "SUSE Bug 1172277 for CVE-2020-2830", url: "https://bugzilla.suse.com/1172277", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-2830", }, { cve: "CVE-2021-2161", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-2161", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-2161", url: "https://www.suse.com/security/cve/CVE-2021-2161", }, { category: "external", summary: "SUSE Bug 1185056 for CVE-2021-2161", url: "https://bugzilla.suse.com/1185056", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-2161", }, { cve: "CVE-2021-2163", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-2163", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-2163", url: "https://www.suse.com/security/cve/CVE-2021-2163", }, { category: "external", summary: "SUSE Bug 1185055 for CVE-2021-2163", url: "https://bugzilla.suse.com/1185055", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-2163", }, { cve: "CVE-2021-2341", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-2341", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-2341", url: "https://www.suse.com/security/cve/CVE-2021-2341", }, { category: "external", summary: "SUSE Bug 1188564 for CVE-2021-2341", url: "https://bugzilla.suse.com/1188564", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2021-2341", }, { cve: "CVE-2021-2369", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-2369", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-2369", url: "https://www.suse.com/security/cve/CVE-2021-2369", }, { category: "external", summary: "SUSE Bug 1188565 for CVE-2021-2369", url: "https://bugzilla.suse.com/1188565", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-2369", }, { cve: "CVE-2021-2388", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-2388", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-2388", url: "https://www.suse.com/security/cve/CVE-2021-2388", }, { category: "external", summary: "SUSE Bug 1188566 for CVE-2021-2388", url: "https://bugzilla.suse.com/1188566", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2.x86_64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.aarch64", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.s390x", "openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-2388", }, ], }
ghsa-39x2-j579-v2v2
Vulnerability from github
Published
2022-05-13 01:17
Modified
2022-05-13 01:17
Severity ?
Details
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
{ affected: [], aliases: [ "CVE-2017-3512", ], database_specific: { cwe_ids: [], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2017-04-24T19:59:00Z", severity: "HIGH", }, details: "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", id: "GHSA-39x2-j579-v2v2", modified: "2022-05-13T01:17:03Z", published: "2022-05-13T01:17:03Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3512", }, { type: "WEB", url: "https://security.gentoo.org/glsa/201705-03", }, { type: "WEB", url: "https://security.gentoo.org/glsa/201707-01", }, { type: "WEB", url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", }, { type: "WEB", url: "http://www.securityfocus.com/bid/97727", }, { type: "WEB", url: "http://www.securitytracker.com/id/1038286", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", type: "CVSS_V3", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.