var-202004-1137
Vulnerability from variot
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2754, CVE-2020-2755). ========================================================================== Ubuntu Security Notice USN-4337-1 April 22, 2020
openjdk-8, openjdk-lts vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in OpenJDK.
Software Description: - openjdk-8: Open Source Java implementation - openjdk-lts: Open Source Java implementation
Details:
It was discovered that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted regular expression. (CVE-2020-2754, CVE-2020-2755)
It was discovered that OpenJDK incorrectly handled class descriptors and catching exceptions during object stream deserialization. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted serialized input. (CVE-2020-2756, CVE-2020-2757)
Bengt Jonsson, Juraj Somorovsky, Kostis Sagonas, Paul Fiterau Brostean and Robert Merget discovered that OpenJDK incorrectly handled certificate messages during TLS handshake. An attacker could possibly use this issue to bypass certificate verification and insert, edit or obtain sensitive information. This issue only affected OpenJDK 11. (CVE-2020-2767)
It was discovered that OpenJDK incorrectly handled exceptions thrown by unmarshalKeyInfo() and unmarshalXMLSignature(). An attacker could possibly use this issue to cause a denial of service while reading key info or XML signature data from XML input. (CVE-2020-2773)
Peter Dettman discovered that OpenJDK incorrectly handled SSLParameters in setAlgorithmConstraints(). An attacker could possibly use this issue to override the defined systems security policy and lead to the use of weak crypto algorithms that should be disabled. This issue only affected OpenJDK 11. (CVE-2020-2778)
Simone Bordet discovered that OpenJDK incorrectly re-used single null TLS sessions for new TLS connections. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-2781)
Dan Amodio discovered that OpenJDK did not restrict the use of CR and LF characters in values for HTTP headers. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2020-2800)
Nils Emmerich discovered that OpenJDK incorrectly checked boundaries or argument types. An attacker could possibly use this issue to bypass sandbox restrictions causing unspecified impact. (CVE-2020-2803, CVE-2020-2805)
It was discovered that OpenJDK incorrectly handled application data packets during TLS handshake. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11. (CVE-2020-2816)
It was discovered that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-2830)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.10: openjdk-11-jdk 11.0.7+10-2ubuntu2~19.10 openjdk-11-jre 11.0.7+10-2ubuntu2~19.10 openjdk-11-jre-headless 11.0.7+10-2ubuntu2~19.10 openjdk-11-jre-zero 11.0.7+10-2ubuntu2~19.10 openjdk-8-jdk 8u252-b09-1~19.10 openjdk-8-jre 8u252-b09-1~19.10 openjdk-8-jre-headless 8u252-b09-1~19.10 openjdk-8-jre-zero 8u252-b09-1~19.10
Ubuntu 18.04 LTS: openjdk-11-jdk 11.0.7+10-2ubuntu2~18.04 openjdk-11-jre 11.0.7+10-2ubuntu2~18.04 openjdk-11-jre-headless 11.0.7+10-2ubuntu2~18.04 openjdk-11-jre-zero 11.0.7+10-2ubuntu2~18.04 openjdk-8-jdk 8u252-b09-1~18.04 openjdk-8-jre 8u252-b09-1~18.04 openjdk-8-jre-headless 8u252-b09-1~18.04 openjdk-8-jre-zero 8u252-b09-1~18.04
Ubuntu 16.04 LTS: openjdk-8-jdk 8u252-b09-1~16.04 openjdk-8-jre 8u252-b09-1~16.04 openjdk-8-jre-headless 8u252-b09-1~16.04 openjdk-8-jre-jamvm 8u252-b09-1~16.04 openjdk-8-jre-zero 8u252-b09-1~16.04
This update uses a new upstream release, which includes additional bug fixes. 8.0) - aarch64, noarch, ppc64le, s390x, x86_64
-
8.0) - aarch64, ppc64le, s390x, x86_64
-
Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
- operator-framework/presto: /etc/passwd was given incorrect privileges (CVE-2019-19352)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For OpenShift Container Platform 4.4 see the following documentation, which will be updated shortly for release 4.4.3, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.4/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
1793281 - CVE-2019-19352 operator-framework/presto: /etc/passwd is given incorrect privileges
-
7) - x86_64
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: RHSA-2020:1512-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1512 Issue date: 2020-04-21 CVE Names: CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 =====================================================================
- Summary:
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64
- Description:
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Security Fix(es):
-
OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803)
-
OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805)
-
OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773)
-
OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781)
-
OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800)
-
OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830)
-
OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754)
-
OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755)
-
OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756)
-
OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of OpenJDK Java must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1823199 - CVE-2020-2754 OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) 1823200 - CVE-2020-2755 OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) 1823215 - CVE-2020-2756 OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) 1823216 - CVE-2020-2757 OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) 1823224 - CVE-2020-2773 OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) 1823527 - CVE-2020-2800 OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) 1823542 - CVE-2020-2830 OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) 1823694 - CVE-2020-2803 OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) 1823844 - CVE-2020-2805 OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) 1823960 - CVE-2020-2781 OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.src.rpm
x86_64: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el7_8.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el7_8.noarch.rpm
x86_64: java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.src.rpm
x86_64: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el7_8.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el7_8.noarch.rpm
x86_64: java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.src.rpm
ppc64: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.ppc64.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.ppc64.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.ppc64.rpm
ppc64le: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.ppc64le.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.ppc64le.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.ppc64le.rpm
s390x: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.s390x.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.s390x.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.s390x.rpm
x86_64: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el7_8.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el7_8.noarch.rpm
ppc64: java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.ppc64.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.ppc64.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.ppc64.rpm
ppc64le: java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.ppc64le.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.ppc64le.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.ppc64le.rpm
s390x: java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.s390x.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.s390x.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.s390x.rpm
x86_64: java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.src.rpm
x86_64: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el7_8.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el7_8.noarch.rpm
x86_64: java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-2754 https://access.redhat.com/security/cve/CVE-2020-2755 https://access.redhat.com/security/cve/CVE-2020-2756 https://access.redhat.com/security/cve/CVE-2020-2757 https://access.redhat.com/security/cve/CVE-2020-2773 https://access.redhat.com/security/cve/CVE-2020-2781 https://access.redhat.com/security/cve/CVE-2020-2800 https://access.redhat.com/security/cve/CVE-2020-2803 https://access.redhat.com/security/cve/CVE-2020-2805 https://access.redhat.com/security/cve/CVE-2020-2830 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXp7Zs9zjgjWX9erEAQijNg//Wv9fjFvkxHC42Hd5YcN8qnGcf6gdOYDW pAv6Tv6q9pstko1bcUZYa0V01XejJYe/5uAADu3QGe1aMihI0VMjXrlFULW1laNS QTRtsnzTac5Gm3cJZKDXIv1ITI+fgGBWOvwN9lketAQtO5su+JbPTPQ4S0rBy55D gAVa8RVPi6qQt85HmXDrrpaAI2N8EFVkJBpC9ZRRFtI5wTv//bVx29Qw/sthlN3N qXwO8KZI44Xbe+vb6QpGcNkly+Dh7CdeVFV1OVkqx8eOVA8Cj45NAeBgP1W8n2VQ zt0GiKCbrV49e2AsBgmK49/J3N2L9xalsHSn54+6N02rcjf4dseV5flz5/unSIDc gPqFCTRbGZcIdjFbilvsklGBVfBzXjw5SjUemMKYggXa+6L74O+kuH4TRZRXhmEX 70Kvn1w0ta8P1bxK0A6BM6ZnDo5f7jVIQipk2M/hw6SDzu7ZA5zbDRCg419AZ8qc syuuHWmdfpRRj0XlUw5eBfBUq8UL+huEfRvu85zBhvhTw/Pyu+T0nQ7iofSyqvob 2LlLyPV14RBOzGIWLqrt2tGBUYanKULxIdT+VtSu4gyuloGc84onSLTqU0Ucbc85 nxpY6nc9GxOYWCMDITnr4xiRXQuUuE5V4UVwsFlr+xsEYcsAXdPLzyXzw8S8sL+Z yPjQbJvoqgE= =5P5C -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4662-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 24, 2020 https://www.debian.org/security/faq
Package : openjdk-11 CVE ID : CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2767 CVE-2020-2773 CVE-2020-2778 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2816 CVE-2020-2830
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, insecure TLS handshakes, bypass of sandbox restrictions or HTTP response splitting attacks.
For the stable distribution (buster), these problems have been fixed in version 11.0.7+10-3~deb10u1.
We recommend that you upgrade your openjdk-11 packages.
For the detailed security status of openjdk-11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-11
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIyBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6i4QkACgkQEMKTtsN8 TjYOlg/3ZpduOWklosp1sS0za11zUYZHlql01d75lk2HS/u5sEVUNPyVcZ2iC8Bk zVBfqdJmfoODThzMVws1f9BhTvdaigPd+6stG3eVcU7kHS3IEpSAglKRK9220jDQ Euz2CXHV2trngO9C6oEg6OOB2wguKyeFT7VlMazyznmesIUr+BnmTpm/t97QOAhj +OyeXm3YdI7B8idZUNnUS42SKei+vaj1b/Dwi7Bv5YZUgIDAy8J6lRxUYi3EA/MT Lux7auJiMw9cIx5xqiIIW+3JmLrxXZQdvxWRsZtl5ATNwMf/PDjroWGj1eIRIa66 70dJ4FoY/yHdc4wnadBJKhWUgZbGDpVyclzRx8DBlqYxmJx0BVu10he1j8fMJnp1 72A/gHVtcHDuCLpskgYiJeUqkPq/nMEt85Q2NpnW61sGFJedGIQeAMGKLPsLCmz4 U8L2CaTvtnBFNN82P50rDCuFwKChOJ5OqKuZCBwX6hhJQqgPsSGE7wdUep0UFbm0 9qyEZ+Ph7v42+JcnP3O/Ow9i2Q+rkHcCu//jp+TaeyjZEaIurAAlMz9YN8Tp665n lXe0nmWPkY+oCDoEglH5GaLkft0lEOT8idGp3ccBhHsQGhyJAq2z0b9OBTUgidjY 99udJWsH8naHMBZL5aHmByQ/73mL/MB+oMRv15ypVrnL2B3KVQ== =/qDT -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1137",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openjdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "e-series santricity web services",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "openjdk",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.6"
},
{
"model": "openjdk",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.6"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.2"
},
{
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "7.3"
},
{
"model": "openjdk",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "13"
},
{
"model": "storagegrid",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.0.0"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.6"
},
{
"model": "e-series santricity os controller",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.0.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "threat intelligence exchange server",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "2.3.1"
},
{
"model": "e-series performance analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "openjdk",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.0.2"
},
{
"model": "plug-in for symantec netbackup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "e-series santricity os controller",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.60.1"
},
{
"model": "threat intelligence exchange server",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "3.0.0"
},
{
"model": "openjdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14"
},
{
"model": "snapmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.10"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.5"
},
{
"model": "santricity unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "storagegrid",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.0.4"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "threat intelligence exchange server",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "2.0.0"
},
{
"model": "threat intelligence exchange server",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "2.3.1"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "7-mode transition tool",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "openjdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7"
},
{
"model": "storagegrid",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-2830"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update_251:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:1.8.0:update_241:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.8.0:update241:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update251:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.0.6",
"versionStartIncluding": "11",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.0.2",
"versionStartIncluding": "13",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0.4",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionStartIncluding": "7.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
"cpe_name": [],
"versionStartIncluding": "9.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.60.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.3.1",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:hotfix1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:hotfix2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-2830"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "157350"
},
{
"db": "PACKETSTORM",
"id": "157351"
},
{
"db": "PACKETSTORM",
"id": "157349"
},
{
"db": "PACKETSTORM",
"id": "157550"
},
{
"db": "PACKETSTORM",
"id": "157549"
},
{
"db": "PACKETSTORM",
"id": "157777"
},
{
"db": "PACKETSTORM",
"id": "157319"
},
{
"db": "PACKETSTORM",
"id": "157778"
}
],
"trust": 0.8
},
"cve": "CVE-2020-2830",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-2830",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.1,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-2830",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-2830",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-2830",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-2830"
},
{
"db": "NVD",
"id": "CVE-2020-2830"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). \n(CVE-2020-2754, CVE-2020-2755). ==========================================================================\nUbuntu Security Notice USN-4337-1\nApril 22, 2020\n\nopenjdk-8, openjdk-lts vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenJDK. \n\nSoftware Description:\n- openjdk-8: Open Source Java implementation\n- openjdk-lts: Open Source Java implementation\n\nDetails:\n\nIt was discovered that OpenJDK incorrectly handled certain regular\nexpressions. An attacker could possibly use this issue to cause a denial of\nservice while processing a specially crafted regular expression. \n(CVE-2020-2754, CVE-2020-2755)\n\nIt was discovered that OpenJDK incorrectly handled class descriptors and\ncatching exceptions during object stream deserialization. An attacker could\npossibly use this issue to cause a denial of service while processing a\nspecially crafted serialized input. (CVE-2020-2756, CVE-2020-2757)\n\nBengt Jonsson, Juraj Somorovsky, Kostis Sagonas, Paul Fiterau Brostean and\nRobert Merget discovered that OpenJDK incorrectly handled certificate messages\nduring TLS handshake. An attacker could possibly use this issue to bypass\ncertificate verification and insert, edit or obtain sensitive information. This\nissue only affected OpenJDK 11. (CVE-2020-2767)\n\nIt was discovered that OpenJDK incorrectly handled exceptions thrown by\nunmarshalKeyInfo() and unmarshalXMLSignature(). An attacker could possibly use\nthis issue to cause a denial of service while reading key info or XML signature\ndata from XML input. (CVE-2020-2773)\n\nPeter Dettman discovered that OpenJDK incorrectly handled SSLParameters in\nsetAlgorithmConstraints(). An attacker could possibly use this issue to\noverride the defined systems security policy and lead to the use of weak\ncrypto algorithms that should be disabled. This issue only affected\nOpenJDK 11. (CVE-2020-2778)\n\nSimone Bordet discovered that OpenJDK incorrectly re-used single null TLS\nsessions for new TLS connections. A remote attacker could possibly use this\nissue to cause a denial of service. (CVE-2020-2781)\n\nDan Amodio discovered that OpenJDK did not restrict the use of CR and LF\ncharacters in values for HTTP headers. An attacker could possibly use this\nissue to insert, edit or obtain sensitive information. (CVE-2020-2800)\n\nNils Emmerich discovered that OpenJDK incorrectly checked boundaries or\nargument types. An attacker could possibly use this issue to bypass sandbox\nrestrictions causing unspecified impact. (CVE-2020-2803, CVE-2020-2805)\n\nIt was discovered that OpenJDK incorrectly handled application data packets\nduring TLS handshake. An attacker could possibly use this issue to insert,\nedit or obtain sensitive information. This issue only affected OpenJDK 11. \n(CVE-2020-2816)\n\nIt was discovered that OpenJDK incorrectly handled certain regular\nexpressions. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2020-2830)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 19.10:\n openjdk-11-jdk 11.0.7+10-2ubuntu2~19.10\n openjdk-11-jre 11.0.7+10-2ubuntu2~19.10\n openjdk-11-jre-headless 11.0.7+10-2ubuntu2~19.10\n openjdk-11-jre-zero 11.0.7+10-2ubuntu2~19.10\n openjdk-8-jdk 8u252-b09-1~19.10\n openjdk-8-jre 8u252-b09-1~19.10\n openjdk-8-jre-headless 8u252-b09-1~19.10\n openjdk-8-jre-zero 8u252-b09-1~19.10\n\nUbuntu 18.04 LTS:\n openjdk-11-jdk 11.0.7+10-2ubuntu2~18.04\n openjdk-11-jre 11.0.7+10-2ubuntu2~18.04\n openjdk-11-jre-headless 11.0.7+10-2ubuntu2~18.04\n openjdk-11-jre-zero 11.0.7+10-2ubuntu2~18.04\n openjdk-8-jdk 8u252-b09-1~18.04\n openjdk-8-jre 8u252-b09-1~18.04\n openjdk-8-jre-headless 8u252-b09-1~18.04\n openjdk-8-jre-zero 8u252-b09-1~18.04\n\nUbuntu 16.04 LTS:\n openjdk-8-jdk 8u252-b09-1~16.04\n openjdk-8-jre 8u252-b09-1~16.04\n openjdk-8-jre-headless 8u252-b09-1~16.04\n openjdk-8-jre-jamvm 8u252-b09-1~16.04\n openjdk-8-jre-zero 8u252-b09-1~16.04\n\nThis update uses a new upstream release, which includes additional bug\nfixes. 8.0) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. 8.0) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSecurity Fix(es):\n\n* operator-framework/presto: /etc/passwd was given incorrect privileges\n(CVE-2019-19352)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor OpenShift Container Platform 4.4 see the following documentation, which\nwill be updated shortly for release 4.4.3, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.4/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n1793281 - CVE-2019-19352 operator-framework/presto: /etc/passwd is given incorrect privileges\n\n5. 7) - x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: java-1.8.0-openjdk security update\nAdvisory ID: RHSA-2020:1512-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:1512\nIssue date: 2020-04-21\nCVE Names: CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 \n CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 \n CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 \n CVE-2020-2830 \n=====================================================================\n\n1. Summary:\n\nAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise\nLinux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64\n\n3. Description:\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit. \n\nSecurity Fix(es):\n\n* OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841)\n(CVE-2020-2803)\n\n* OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries,\n8235274) (CVE-2020-2805)\n\n* OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and\nDOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773)\n\n* OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)\n(CVE-2020-2781)\n\n* OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP\nServer, 8234825) (CVE-2020-2800)\n\n* OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201)\n(CVE-2020-2830)\n\n* OpenJDK: Misplaced regular expression syntax error check in RegExpScanner\n(Scripting, 8223898) (CVE-2020-2754)\n\n* OpenJDK: Incorrect handling of empty string nodes in regular expression\nParser (Scripting, 8223904) (CVE-2020-2755)\n\n* OpenJDK: Incorrect handling of references to uninitialized class\ndescriptors during deserialization (Serialization, 8224541) (CVE-2020-2756)\n\n* OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass\n(Serialization, 8224549) (CVE-2020-2757)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of OpenJDK Java must be restarted for this update to\ntake effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1823199 - CVE-2020-2754 OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898)\n1823200 - CVE-2020-2755 OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904)\n1823215 - CVE-2020-2756 OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541)\n1823216 - CVE-2020-2757 OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549)\n1823224 - CVE-2020-2773 OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415)\n1823527 - CVE-2020-2800 OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825)\n1823542 - CVE-2020-2830 OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201)\n1823694 - CVE-2020-2803 OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841)\n1823844 - CVE-2020-2805 OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274)\n1823960 - CVE-2020-2781 OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.src.rpm\n\nx86_64:\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\njava-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el7_8.noarch.rpm\njava-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el7_8.noarch.rpm\n\nx86_64:\njava-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.src.rpm\n\nx86_64:\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\njava-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el7_8.noarch.rpm\njava-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el7_8.noarch.rpm\n\nx86_64:\njava-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.src.rpm\n\nppc64:\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.ppc64.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.ppc64.rpm\njava-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.ppc64.rpm\njava-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.ppc64.rpm\n\nppc64le:\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.ppc64le.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.ppc64le.rpm\njava-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.ppc64le.rpm\njava-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.ppc64le.rpm\n\ns390x:\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.s390x.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.s390x.rpm\njava-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.s390x.rpm\njava-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.s390x.rpm\n\nx86_64:\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\njava-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el7_8.noarch.rpm\njava-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el7_8.noarch.rpm\n\nppc64:\njava-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.ppc64.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.ppc64.rpm\njava-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.ppc64.rpm\njava-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.ppc64.rpm\n\nppc64le:\njava-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.ppc64le.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.ppc64le.rpm\njava-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.ppc64le.rpm\njava-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.ppc64le.rpm\n\ns390x:\njava-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.s390x.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.s390x.rpm\njava-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.s390x.rpm\njava-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.s390x.rpm\n\nx86_64:\njava-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.src.rpm\n\nx86_64:\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\njava-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el7_8.noarch.rpm\njava-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el7_8.noarch.rpm\n\nx86_64:\njava-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-2754\nhttps://access.redhat.com/security/cve/CVE-2020-2755\nhttps://access.redhat.com/security/cve/CVE-2020-2756\nhttps://access.redhat.com/security/cve/CVE-2020-2757\nhttps://access.redhat.com/security/cve/CVE-2020-2773\nhttps://access.redhat.com/security/cve/CVE-2020-2781\nhttps://access.redhat.com/security/cve/CVE-2020-2800\nhttps://access.redhat.com/security/cve/CVE-2020-2803\nhttps://access.redhat.com/security/cve/CVE-2020-2805\nhttps://access.redhat.com/security/cve/CVE-2020-2830\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXp7Zs9zjgjWX9erEAQijNg//Wv9fjFvkxHC42Hd5YcN8qnGcf6gdOYDW\npAv6Tv6q9pstko1bcUZYa0V01XejJYe/5uAADu3QGe1aMihI0VMjXrlFULW1laNS\nQTRtsnzTac5Gm3cJZKDXIv1ITI+fgGBWOvwN9lketAQtO5su+JbPTPQ4S0rBy55D\ngAVa8RVPi6qQt85HmXDrrpaAI2N8EFVkJBpC9ZRRFtI5wTv//bVx29Qw/sthlN3N\nqXwO8KZI44Xbe+vb6QpGcNkly+Dh7CdeVFV1OVkqx8eOVA8Cj45NAeBgP1W8n2VQ\nzt0GiKCbrV49e2AsBgmK49/J3N2L9xalsHSn54+6N02rcjf4dseV5flz5/unSIDc\ngPqFCTRbGZcIdjFbilvsklGBVfBzXjw5SjUemMKYggXa+6L74O+kuH4TRZRXhmEX\n70Kvn1w0ta8P1bxK0A6BM6ZnDo5f7jVIQipk2M/hw6SDzu7ZA5zbDRCg419AZ8qc\nsyuuHWmdfpRRj0XlUw5eBfBUq8UL+huEfRvu85zBhvhTw/Pyu+T0nQ7iofSyqvob\n2LlLyPV14RBOzGIWLqrt2tGBUYanKULxIdT+VtSu4gyuloGc84onSLTqU0Ucbc85\nnxpY6nc9GxOYWCMDITnr4xiRXQuUuE5V4UVwsFlr+xsEYcsAXdPLzyXzw8S8sL+Z\nyPjQbJvoqgE=\n=5P5C\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4662-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nApril 24, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-11\nCVE ID : CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 \n CVE-2020-2767 CVE-2020-2773 CVE-2020-2778 CVE-2020-2781 \n CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2816 \n CVE-2020-2830\n\nSeveral vulnerabilities have been discovered in the OpenJDK Java\nruntime, resulting in denial of service, insecure TLS handshakes, bypass\nof sandbox restrictions or HTTP response splitting attacks. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 11.0.7+10-3~deb10u1. \n\nWe recommend that you upgrade your openjdk-11 packages. \n\nFor the detailed security status of openjdk-11 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openjdk-11\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIyBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6i4QkACgkQEMKTtsN8\nTjYOlg/3ZpduOWklosp1sS0za11zUYZHlql01d75lk2HS/u5sEVUNPyVcZ2iC8Bk\nzVBfqdJmfoODThzMVws1f9BhTvdaigPd+6stG3eVcU7kHS3IEpSAglKRK9220jDQ\nEuz2CXHV2trngO9C6oEg6OOB2wguKyeFT7VlMazyznmesIUr+BnmTpm/t97QOAhj\n+OyeXm3YdI7B8idZUNnUS42SKei+vaj1b/Dwi7Bv5YZUgIDAy8J6lRxUYi3EA/MT\nLux7auJiMw9cIx5xqiIIW+3JmLrxXZQdvxWRsZtl5ATNwMf/PDjroWGj1eIRIa66\n70dJ4FoY/yHdc4wnadBJKhWUgZbGDpVyclzRx8DBlqYxmJx0BVu10he1j8fMJnp1\n72A/gHVtcHDuCLpskgYiJeUqkPq/nMEt85Q2NpnW61sGFJedGIQeAMGKLPsLCmz4\nU8L2CaTvtnBFNN82P50rDCuFwKChOJ5OqKuZCBwX6hhJQqgPsSGE7wdUep0UFbm0\n9qyEZ+Ph7v42+JcnP3O/Ow9i2Q+rkHcCu//jp+TaeyjZEaIurAAlMz9YN8Tp665n\nlXe0nmWPkY+oCDoEglH5GaLkft0lEOT8idGp3ccBhHsQGhyJAq2z0b9OBTUgidjY\n99udJWsH8naHMBZL5aHmByQ/73mL/MB+oMRv15ypVrnL2B3KVQ==\n=/qDT\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-2830"
},
{
"db": "VULMON",
"id": "CVE-2020-2830"
},
{
"db": "PACKETSTORM",
"id": "157363"
},
{
"db": "PACKETSTORM",
"id": "157350"
},
{
"db": "PACKETSTORM",
"id": "157351"
},
{
"db": "PACKETSTORM",
"id": "157349"
},
{
"db": "PACKETSTORM",
"id": "157550"
},
{
"db": "PACKETSTORM",
"id": "157549"
},
{
"db": "PACKETSTORM",
"id": "157777"
},
{
"db": "PACKETSTORM",
"id": "157319"
},
{
"db": "PACKETSTORM",
"id": "157778"
},
{
"db": "PACKETSTORM",
"id": "168805"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-2830",
"trust": 2.1
},
{
"db": "MCAFEE",
"id": "SB10318",
"trust": 1.1
},
{
"db": "VULMON",
"id": "CVE-2020-2830",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157363",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157350",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157351",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157349",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157550",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157549",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157777",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157319",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157778",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168805",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-2830"
},
{
"db": "PACKETSTORM",
"id": "157363"
},
{
"db": "PACKETSTORM",
"id": "157350"
},
{
"db": "PACKETSTORM",
"id": "157351"
},
{
"db": "PACKETSTORM",
"id": "157349"
},
{
"db": "PACKETSTORM",
"id": "157550"
},
{
"db": "PACKETSTORM",
"id": "157549"
},
{
"db": "PACKETSTORM",
"id": "157777"
},
{
"db": "PACKETSTORM",
"id": "157319"
},
{
"db": "PACKETSTORM",
"id": "157778"
},
{
"db": "PACKETSTORM",
"id": "168805"
},
{
"db": "NVD",
"id": "CVE-2020-2830"
}
]
},
"id": "VAR-202004-1137",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.27142859
},
"last_update_date": "2023-11-07T21:49:03.694000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Red Hat: Important: java-1.7.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201508 - security advisory"
},
{
"title": "Red Hat: Important: java-1.7.1-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202238 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201515 - security advisory"
},
{
"title": "Red Hat: Important: java-1.7.1-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202236 - security advisory"
},
{
"title": "Red Hat: Important: java-1.7.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201507 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202239 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201512 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201516 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201506 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202241 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202237 - security advisory"
},
{
"title": "Red Hat: Important: java-11-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201514 - security advisory"
},
{
"title": "Red Hat: Important: java-11-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201517 - security advisory"
},
{
"title": "Red Hat: Important: java-11-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201509 - security advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.4.3 hadoop-container security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201938 - security advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.4.3 presto-container security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201942 - security advisory"
},
{
"title": "Ubuntu Security Notice: openjdk-8, openjdk-lts vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4337-1"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1365",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2020-1365"
},
{
"title": "Amazon Linux AMI: ALAS-2023-1809",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2023-1809"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1424",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2020-1424"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1421",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2020-1421"
},
{
"title": "Debian Security Advisories: DSA-4662-1 openjdk-11 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=fcc7953c1496c4d2bf29bdda0aeb34d3"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1410",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2020-1410"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-111"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-108"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities in OpenJDK version 11 affect IBM InfoSphere Information Server",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=04093f22959e96a7bb3ed8715aa18c0e"
},
{
"title": "IBM: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2ec7385c474071281be069b54d841de6"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-2830"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-2830"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "https://usn.ubuntu.com/4337-1/"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2020/dsa-4662"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/l7vhc4ew36kzeidq56rpcwbzcqelffkn/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ckav6kffaeanxan73aftgu7z6ynrwcxq/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nyhhhzrhxcbgrhge5up7ueb4iz2qx536/"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202006-22"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10318"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2830"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2781"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2800"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2754"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2757"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2805"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2756"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2803"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2773"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-2757"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-2805"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2755"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-2830"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-2800"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-2756"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-2781"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-2803"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-2754"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-2755"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-2773"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2778"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2767"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2816"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.4/updating/updating-cluster"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2654"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-2654"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1508"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.7+10-2ubuntu2~18.04"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-8/8u252-b09-1~19.10"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-8/8u252-b09-1~16.04"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4337-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.7+10-2ubuntu2~19.10"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-8/8u252-b09-1~18.04"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2767"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1517"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19354"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19354"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19352"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2238"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-2949"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2949"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2237"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/openjdk-11"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-2830"
},
{
"db": "PACKETSTORM",
"id": "157363"
},
{
"db": "PACKETSTORM",
"id": "157350"
},
{
"db": "PACKETSTORM",
"id": "157351"
},
{
"db": "PACKETSTORM",
"id": "157349"
},
{
"db": "PACKETSTORM",
"id": "157550"
},
{
"db": "PACKETSTORM",
"id": "157549"
},
{
"db": "PACKETSTORM",
"id": "157777"
},
{
"db": "PACKETSTORM",
"id": "157319"
},
{
"db": "PACKETSTORM",
"id": "157778"
},
{
"db": "PACKETSTORM",
"id": "168805"
},
{
"db": "NVD",
"id": "CVE-2020-2830"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-2830"
},
{
"db": "PACKETSTORM",
"id": "157363"
},
{
"db": "PACKETSTORM",
"id": "157350"
},
{
"db": "PACKETSTORM",
"id": "157351"
},
{
"db": "PACKETSTORM",
"id": "157349"
},
{
"db": "PACKETSTORM",
"id": "157550"
},
{
"db": "PACKETSTORM",
"id": "157549"
},
{
"db": "PACKETSTORM",
"id": "157777"
},
{
"db": "PACKETSTORM",
"id": "157319"
},
{
"db": "PACKETSTORM",
"id": "157778"
},
{
"db": "PACKETSTORM",
"id": "168805"
},
{
"db": "NVD",
"id": "CVE-2020-2830"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-15T00:00:00",
"db": "VULMON",
"id": "CVE-2020-2830"
},
{
"date": "2020-04-23T19:25:55",
"db": "PACKETSTORM",
"id": "157363"
},
{
"date": "2020-04-22T15:11:05",
"db": "PACKETSTORM",
"id": "157350"
},
{
"date": "2020-04-22T15:11:12",
"db": "PACKETSTORM",
"id": "157351"
},
{
"date": "2020-04-22T15:10:56",
"db": "PACKETSTORM",
"id": "157349"
},
{
"date": "2020-05-04T17:29:03",
"db": "PACKETSTORM",
"id": "157550"
},
{
"date": "2020-05-04T17:28:54",
"db": "PACKETSTORM",
"id": "157549"
},
{
"date": "2020-05-20T15:59:55",
"db": "PACKETSTORM",
"id": "157777"
},
{
"date": "2020-04-21T14:17:02",
"db": "PACKETSTORM",
"id": "157319"
},
{
"date": "2020-05-20T16:01:07",
"db": "PACKETSTORM",
"id": "157778"
},
{
"date": "2020-04-28T19:12:00",
"db": "PACKETSTORM",
"id": "168805"
},
{
"date": "2020-04-15T14:15:00",
"db": "NVD",
"id": "CVE-2020-2830"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2020-2830"
},
{
"date": "2022-06-30T20:07:00",
"db": "NVD",
"id": "CVE-2020-2830"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu Security Notice USN-4337-1",
"sources": [
{
"db": "PACKETSTORM",
"id": "157363"
}
],
"trust": 0.1
}
}