ISHACK AI BOT

VMware Photon OS: CVE-2023-21954 Severity 5 CVSS (AV:N/AC:H/Au:N/C:C/I:N/A:N) Published 04/18/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-21954 CVE - 2023-21954

VMware Photon OS: CVE-2023-21930 Severity 7 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:N) Published 04/18/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well asunauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-21930 CVE - 2023-21930

Alpine Linux: CVE-2023-21938: Vulnerability in Multiple Components Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 04/18/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) alpine-linux-upgrade-openjdk11 alpine-linux-upgrade-openjdk17 alpine-linux-upgrade-openjdk8 alpine-linux-upgrade-openjdk20 References https://attackerkb.com/topics/cve-2023-21938 CVE - 2023-21938 https://security.alpinelinux.org/vuln/CVE-2023-21938

Alpine Linux: CVE-2023-21939: Vulnerability in Multiple Components Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 04/18/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing).Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) alpine-linux-upgrade-openjdk11 alpine-linux-upgrade-openjdk17 alpine-linux-upgrade-openjdk8 alpine-linux-upgrade-openjdk20 References https://attackerkb.com/topics/cve-2023-21939 CVE - 2023-21939 https://security.alpinelinux.org/vuln/CVE-2023-21939

Debian: CVE-2023-21968: openjdk-11, openjdk-17 -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 04/18/2023 Created 06/19/2023 Added 06/19/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) debian-upgrade-openjdk-11 debian-upgrade-openjdk-17 References https://attackerkb.com/topics/cve-2023-21968 CVE - 2023-21968 DSA-5430-1

Debian: CVE-2023-21938: openjdk-11, openjdk-17 -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 04/18/2023 Created 06/19/2023 Added 06/19/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) debian-upgrade-openjdk-11 debian-upgrade-openjdk-17 References https://attackerkb.com/topics/cve-2023-21938 CVE - 2023-21938 DSA-5430-1

CentOS Linux: CVE-2023-21968: Important: java-11-openjdk security update (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 04/18/2023 Created 05/05/2023 Added 04/20/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) centos-upgrade-java-1-8-0-ibm centos-upgrade-java-1-8-0-ibm-demo centos-upgrade-java-1-8-0-ibm-devel centos-upgrade-java-1-8-0-ibm-jdbc centos-upgrade-java-1-8-0-ibm-plugin centos-upgrade-java-1-8-0-ibm-src centos-upgrade-java-1-8-0-openjdk centos-upgrade-java-1-8-0-openjdk-accessibility centos-upgrade-java-1-8-0-openjdk-debuginfo centos-upgrade-java-1-8-0-openjdk-demo centos-upgrade-java-1-8-0-openjdk-devel centos-upgrade-java-1-8-0-openjdk-headless centos-upgrade-java-1-8-0-openjdk-javadoc centos-upgrade-java-1-8-0-openjdk-javadoc-zip centos-upgrade-java-1-8-0-openjdk-src centos-upgrade-java-11-openjdk centos-upgrade-java-11-openjdk-debuginfo centos-upgrade-java-11-openjdk-demo centos-upgrade-java-11-openjdk-devel centos-upgrade-java-11-openjdk-headless centos-upgrade-java-11-openjdk-javadoc centos-upgrade-java-11-openjdk-javadoc-zip centos-upgrade-java-11-openjdk-jmods centos-upgrade-java-11-openjdk-src centos-upgrade-java-11-openjdk-static-libs References CVE-2023-21968

Red Hat JBossEAP: Exposure of Sensitive Information to an Unauthorized Actor (CVE-2023-26049) Severity 3 CVSS (AV:N/AC:L/Au:M/C:P/I:N/A:N) Published 04/18/2023 Created 09/20/2024 Added 09/19/2024 Modified 12/20/2024 Description Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.. A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. Solution(s) red-hat-jboss-eap-upgrade-latest References https://attackerkb.com/topics/cve-2023-26049 CVE - 2023-26049 https://access.redhat.com/security/cve/CVE-2023-26049 https://bugzilla.redhat.com/show_bug.cgi?id=2236341 https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c https://access.redhat.com/errata/RHSA-2023:7637 https://access.redhat.com/errata/RHSA-2023:7638 https://access.redhat.com/errata/RHSA-2023:7639 https://access.redhat.com/errata/RHSA-2023:7641 View more

CentOS Linux: CVE-2023-21930: Important: java-11-openjdk security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 04/18/2023 Created 05/05/2023 Added 04/20/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well asunauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). Solution(s) centos-upgrade-java-1-8-0-ibm centos-upgrade-java-1-8-0-ibm-demo centos-upgrade-java-1-8-0-ibm-devel centos-upgrade-java-1-8-0-ibm-jdbc centos-upgrade-java-1-8-0-ibm-plugin centos-upgrade-java-1-8-0-ibm-src centos-upgrade-java-1-8-0-openjdk centos-upgrade-java-1-8-0-openjdk-accessibility centos-upgrade-java-1-8-0-openjdk-debuginfo centos-upgrade-java-1-8-0-openjdk-demo centos-upgrade-java-1-8-0-openjdk-devel centos-upgrade-java-1-8-0-openjdk-headless centos-upgrade-java-1-8-0-openjdk-javadoc centos-upgrade-java-1-8-0-openjdk-javadoc-zip centos-upgrade-java-1-8-0-openjdk-src centos-upgrade-java-11-openjdk centos-upgrade-java-11-openjdk-debuginfo centos-upgrade-java-11-openjdk-demo centos-upgrade-java-11-openjdk-devel centos-upgrade-java-11-openjdk-headless centos-upgrade-java-11-openjdk-javadoc centos-upgrade-java-11-openjdk-javadoc-zip centos-upgrade-java-11-openjdk-jmods centos-upgrade-java-11-openjdk-src centos-upgrade-java-11-openjdk-static-libs References CVE-2023-21930

CentOS Linux: CVE-2023-21938: Important: java-11-openjdk security update (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 04/18/2023 Created 05/05/2023 Added 04/20/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) centos-upgrade-java-1-8-0-ibm centos-upgrade-java-1-8-0-ibm-demo centos-upgrade-java-1-8-0-ibm-devel centos-upgrade-java-1-8-0-ibm-jdbc centos-upgrade-java-1-8-0-ibm-plugin centos-upgrade-java-1-8-0-ibm-src centos-upgrade-java-1-8-0-openjdk centos-upgrade-java-1-8-0-openjdk-accessibility centos-upgrade-java-1-8-0-openjdk-debuginfo centos-upgrade-java-1-8-0-openjdk-demo centos-upgrade-java-1-8-0-openjdk-devel centos-upgrade-java-1-8-0-openjdk-headless centos-upgrade-java-1-8-0-openjdk-javadoc centos-upgrade-java-1-8-0-openjdk-javadoc-zip centos-upgrade-java-1-8-0-openjdk-src centos-upgrade-java-11-openjdk centos-upgrade-java-11-openjdk-debuginfo centos-upgrade-java-11-openjdk-demo centos-upgrade-java-11-openjdk-devel centos-upgrade-java-11-openjdk-headless centos-upgrade-java-11-openjdk-javadoc centos-upgrade-java-11-openjdk-javadoc-zip centos-upgrade-java-11-openjdk-jmods centos-upgrade-java-11-openjdk-src centos-upgrade-java-11-openjdk-static-libs References CVE-2023-21938

Red Hat: CVE-2023-21920: mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/18/2023 Created 02/22/2024 Added 02/21/2024 Modified 09/03/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) redhat-upgrade-mecab redhat-upgrade-mecab-debuginfo redhat-upgrade-mecab-debugsource redhat-upgrade-mecab-devel redhat-upgrade-mecab-ipadic redhat-upgrade-mecab-ipadic-eucjp redhat-upgrade-mysql redhat-upgrade-mysql-common redhat-upgrade-mysql-debuginfo redhat-upgrade-mysql-debugsource redhat-upgrade-mysql-devel redhat-upgrade-mysql-devel-debuginfo redhat-upgrade-mysql-errmsg redhat-upgrade-mysql-libs redhat-upgrade-mysql-libs-debuginfo redhat-upgrade-mysql-server redhat-upgrade-mysql-server-debuginfo redhat-upgrade-mysql-test redhat-upgrade-mysql-test-debuginfo References CVE-2023-21920 RHSA-2024:0894 RHSA-2024:1141

CentOS Linux: CVE-2023-21939: Important: java-11-openjdk security update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 04/18/2023 Created 05/05/2023 Added 04/20/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing).Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) centos-upgrade-java-1-8-0-ibm centos-upgrade-java-1-8-0-ibm-demo centos-upgrade-java-1-8-0-ibm-devel centos-upgrade-java-1-8-0-ibm-jdbc centos-upgrade-java-1-8-0-ibm-plugin centos-upgrade-java-1-8-0-ibm-src centos-upgrade-java-1-8-0-openjdk centos-upgrade-java-1-8-0-openjdk-accessibility centos-upgrade-java-1-8-0-openjdk-debuginfo centos-upgrade-java-1-8-0-openjdk-demo centos-upgrade-java-1-8-0-openjdk-devel centos-upgrade-java-1-8-0-openjdk-headless centos-upgrade-java-1-8-0-openjdk-javadoc centos-upgrade-java-1-8-0-openjdk-javadoc-zip centos-upgrade-java-1-8-0-openjdk-src centos-upgrade-java-11-openjdk centos-upgrade-java-11-openjdk-debuginfo centos-upgrade-java-11-openjdk-demo centos-upgrade-java-11-openjdk-devel centos-upgrade-java-11-openjdk-headless centos-upgrade-java-11-openjdk-javadoc centos-upgrade-java-11-openjdk-javadoc-zip centos-upgrade-java-11-openjdk-jmods centos-upgrade-java-11-openjdk-src centos-upgrade-java-11-openjdk-static-libs References CVE-2023-21939

Red Hat: CVE-2023-21982: mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/18/2023 Created 02/22/2024 Added 02/21/2024 Modified 09/03/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) redhat-upgrade-mecab redhat-upgrade-mecab-debuginfo redhat-upgrade-mecab-debugsource redhat-upgrade-mecab-devel redhat-upgrade-mecab-ipadic redhat-upgrade-mecab-ipadic-eucjp redhat-upgrade-mysql redhat-upgrade-mysql-common redhat-upgrade-mysql-debuginfo redhat-upgrade-mysql-debugsource redhat-upgrade-mysql-devel redhat-upgrade-mysql-devel-debuginfo redhat-upgrade-mysql-errmsg redhat-upgrade-mysql-libs redhat-upgrade-mysql-libs-debuginfo redhat-upgrade-mysql-server redhat-upgrade-mysql-server-debuginfo redhat-upgrade-mysql-test redhat-upgrade-mysql-test-debuginfo References CVE-2023-21982 RHSA-2024:0894 RHSA-2024:1141

Alma Linux: CVE-2023-21920: Moderate: mysql:8.0 security update (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/18/2023 Created 03/01/2024 Added 02/29/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) alma-upgrade-mecab alma-upgrade-mecab-devel alma-upgrade-mecab-ipadic alma-upgrade-mecab-ipadic-eucjp alma-upgrade-mysql alma-upgrade-mysql-common alma-upgrade-mysql-devel alma-upgrade-mysql-errmsg alma-upgrade-mysql-libs alma-upgrade-mysql-server alma-upgrade-mysql-test References https://attackerkb.com/topics/cve-2023-21920 CVE - 2023-21920 https://errata.almalinux.org/8/ALSA-2024-0894.html https://errata.almalinux.org/9/ALSA-2024-1141.html

Red Hat: CVE-2023-21933: mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/18/2023 Created 02/22/2024 Added 02/21/2024 Modified 09/03/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) redhat-upgrade-mecab redhat-upgrade-mecab-debuginfo redhat-upgrade-mecab-debugsource redhat-upgrade-mecab-devel redhat-upgrade-mecab-ipadic redhat-upgrade-mecab-ipadic-eucjp redhat-upgrade-mysql redhat-upgrade-mysql-common redhat-upgrade-mysql-debuginfo redhat-upgrade-mysql-debugsource redhat-upgrade-mysql-devel redhat-upgrade-mysql-devel-debuginfo redhat-upgrade-mysql-errmsg redhat-upgrade-mysql-libs redhat-upgrade-mysql-libs-debuginfo redhat-upgrade-mysql-server redhat-upgrade-mysql-server-debuginfo redhat-upgrade-mysql-test redhat-upgrade-mysql-test-debuginfo References CVE-2023-21933 RHSA-2024:0894 RHSA-2024:1141

Alma Linux: CVE-2023-21929: Moderate: mysql:8.0 security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:M/C:N/I:P/A:C) Published 04/18/2023 Created 03/01/2024 Added 02/29/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Solution(s) alma-upgrade-mecab alma-upgrade-mecab-devel alma-upgrade-mecab-ipadic alma-upgrade-mecab-ipadic-eucjp alma-upgrade-mysql alma-upgrade-mysql-common alma-upgrade-mysql-devel alma-upgrade-mysql-errmsg alma-upgrade-mysql-libs alma-upgrade-mysql-server alma-upgrade-mysql-test References https://attackerkb.com/topics/cve-2023-21929 CVE - 2023-21929 https://errata.almalinux.org/8/ALSA-2024-0894.html https://errata.almalinux.org/9/ALSA-2024-1141.html

Alma Linux: CVE-2023-21980: Moderate: mysql:8.0 security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:H/Au:S/C:C/I:C/A:C) Published 04/18/2023 Created 03/01/2024 Added 02/29/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs).Supported versions that are affected are 5.7.41 and prior and8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). Solution(s) alma-upgrade-mecab alma-upgrade-mecab-devel alma-upgrade-mecab-ipadic alma-upgrade-mecab-ipadic-eucjp alma-upgrade-mysql alma-upgrade-mysql-common alma-upgrade-mysql-devel alma-upgrade-mysql-errmsg alma-upgrade-mysql-libs alma-upgrade-mysql-server alma-upgrade-mysql-test References https://attackerkb.com/topics/cve-2023-21980 CVE - 2023-21980 https://errata.almalinux.org/8/ALSA-2024-0894.html https://errata.almalinux.org/9/ALSA-2024-1141.html

IBM AIX: java_jul2023_advisory (CVE-2023-21968): Multiple vulnerabilities in IBM Java SDK affect AIX Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 04/18/2023 Created 07/27/2023 Added 07/27/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) ibm-aix-java_jul2023_advisory References https://attackerkb.com/topics/cve-2023-21968 CVE - 2023-21968 https://aix.software.ibm.com/aix/efixes/security/java_jul2023_advisory.asc

IBM AIX: java_jul2023_advisory (CVE-2023-21937): Multiple vulnerabilities in IBM Java SDK affect AIX Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 04/18/2023 Created 07/27/2023 Added 07/27/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) ibm-aix-java_jul2023_advisory References https://attackerkb.com/topics/cve-2023-21937 CVE - 2023-21937 https://aix.software.ibm.com/aix/efixes/security/java_jul2023_advisory.asc

CentOS Linux: CVE-2023-21937: Important: java-11-openjdk security update (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 04/18/2023 Created 05/05/2023 Added 04/20/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) centos-upgrade-java-1-8-0-ibm centos-upgrade-java-1-8-0-ibm-demo centos-upgrade-java-1-8-0-ibm-devel centos-upgrade-java-1-8-0-ibm-jdbc centos-upgrade-java-1-8-0-ibm-plugin centos-upgrade-java-1-8-0-ibm-src centos-upgrade-java-1-8-0-openjdk centos-upgrade-java-1-8-0-openjdk-accessibility centos-upgrade-java-1-8-0-openjdk-debuginfo centos-upgrade-java-1-8-0-openjdk-demo centos-upgrade-java-1-8-0-openjdk-devel centos-upgrade-java-1-8-0-openjdk-headless centos-upgrade-java-1-8-0-openjdk-javadoc centos-upgrade-java-1-8-0-openjdk-javadoc-zip centos-upgrade-java-1-8-0-openjdk-src centos-upgrade-java-11-openjdk centos-upgrade-java-11-openjdk-debuginfo centos-upgrade-java-11-openjdk-demo centos-upgrade-java-11-openjdk-devel centos-upgrade-java-11-openjdk-headless centos-upgrade-java-11-openjdk-javadoc centos-upgrade-java-11-openjdk-javadoc-zip centos-upgrade-java-11-openjdk-jmods centos-upgrade-java-11-openjdk-src centos-upgrade-java-11-openjdk-static-libs References CVE-2023-21937

CentOS Linux: CVE-2023-21954: Important: java-11-openjdk security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 04/18/2023 Created 05/05/2023 Added 04/20/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Solution(s) centos-upgrade-java-1-8-0-openjdk centos-upgrade-java-1-8-0-openjdk-accessibility centos-upgrade-java-1-8-0-openjdk-debuginfo centos-upgrade-java-1-8-0-openjdk-demo centos-upgrade-java-1-8-0-openjdk-devel centos-upgrade-java-1-8-0-openjdk-headless centos-upgrade-java-1-8-0-openjdk-javadoc centos-upgrade-java-1-8-0-openjdk-javadoc-zip centos-upgrade-java-1-8-0-openjdk-src centos-upgrade-java-11-openjdk centos-upgrade-java-11-openjdk-debuginfo centos-upgrade-java-11-openjdk-demo centos-upgrade-java-11-openjdk-devel centos-upgrade-java-11-openjdk-headless centos-upgrade-java-11-openjdk-javadoc centos-upgrade-java-11-openjdk-javadoc-zip centos-upgrade-java-11-openjdk-jmods centos-upgrade-java-11-openjdk-src centos-upgrade-java-11-openjdk-static-libs References CVE-2023-21954

FreeBSD: VID-F504A8D2-E105-11ED-85F6-84A93843EB75 (CVE-2023-21917): MySQL -- Multiple vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/18/2023 Created 05/05/2023 Added 04/23/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) freebsd-upgrade-package-mysql-client57 freebsd-upgrade-package-mysql-client80 freebsd-upgrade-package-mysql-connector-java freebsd-upgrade-package-mysql-server57 freebsd-upgrade-package-mysql-server80 References CVE-2023-21917

FreeBSD: VID-F504A8D2-E105-11ED-85F6-84A93843EB75 (CVE-2023-21977): MySQL -- Multiple vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/18/2023 Created 05/05/2023 Added 04/23/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) freebsd-upgrade-package-mysql-client57 freebsd-upgrade-package-mysql-client80 freebsd-upgrade-package-mysql-connector-java freebsd-upgrade-package-mysql-server57 freebsd-upgrade-package-mysql-server80 References CVE-2023-21977

FreeBSD: VID-F504A8D2-E105-11ED-85F6-84A93843EB75 (CVE-2023-21972): MySQL -- Multiple vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/18/2023 Created 05/05/2023 Added 04/23/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) freebsd-upgrade-package-mysql-client57 freebsd-upgrade-package-mysql-client80 freebsd-upgrade-package-mysql-connector-java freebsd-upgrade-package-mysql-server57 freebsd-upgrade-package-mysql-server80 References CVE-2023-21972

Amazon Linux AMI: CVE-2023-21954: Security patch for java-1.8.0-openjdk (ALAS-2023-1797) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 04/18/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Solution(s) amazon-linux-upgrade-java-1-8-0-openjdk References ALAS-2023-1797 CVE-2023-21954