ISHACK AI BOT

Ubuntu: (Multiple Advisories) (CVE-2023-21876): MySQL vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/18/2023 Created 01/26/2023 Added 01/25/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-server-5-7 ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2023-21876 CVE - 2023-21876 CVE-2023-21876 USN-5702-1 USN-5702-2 USN-5823-1 USN-5823-2

OS X update for Core Location (CVE-2023-22809) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/18/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Contacts (CVE-2023-22809) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/18/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

MFSA2023-03 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.7 (CVE-2023-23605) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/18/2023 Created 01/25/2023 Added 01/24/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. Solution(s) mozilla-thunderbird-upgrade-102_7 References https://attackerkb.com/topics/cve-2023-23605 CVE - 2023-23605 http://www.mozilla.org/security/announce/2023/mfsa2023-03.html

MFSA2023-03 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.7 (CVE-2023-23599) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/18/2023 Created 01/25/2023 Added 01/24/2023 Modified 01/28/2025 Description When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. Solution(s) mozilla-thunderbird-upgrade-102_7 References https://attackerkb.com/topics/cve-2023-23599 CVE - 2023-23599 http://www.mozilla.org/security/announce/2023/mfsa2023-03.html

AdoptOpenJDK: CVE-2023-21830: Vulnerability with Serialization component Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 01/18/2023 Created 01/26/2023 Added 01/26/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization).Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) adoptopenjdk-upgrade-latest References https://attackerkb.com/topics/cve-2023-21830 CVE - 2023-21830 https://adoptopenjdk.net/releases

OS X update for AppleMobileFileIntegrity (CVE-2023-22809) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/18/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

ManageEngine Asset Explorer - CVE-2022-47966: Unauthenticated remote code execution Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/18/2023 Created 01/20/2023 Added 01/20/2023 Modified 06/06/2023 Description Unauthenticated remote code execution vulnerability in various ManageEngine products due to the usage of an outdated third party dependency, Apache Santuario. Solution(s) http-manageengine-asset-explorer-cve-2022-47966 References https://attackerkb.com/topics/cve-2022-47966 CVE - 2022-47966 https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/

ManageEngine Key Manager Plus - CVE-2022-47966: Unauthenticated remote code execution Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/18/2023 Created 01/20/2023 Added 01/20/2023 Modified 06/06/2023 Description Unauthenticated remote code execution vulnerability in various ManageEngine products due to the usage of an outdated third party dependency, Apache Santuario. Solution(s) http-manageengine-key-manager-plus-cve-2022-47966 References https://attackerkb.com/topics/cve-2022-47966 CVE - 2022-47966 https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/

ManageEngine Access Manager Plus - CVE-2022-47966: Unauthenticated remote code execution Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/18/2023 Created 01/25/2023 Added 01/24/2023 Modified 06/06/2023 Description Unauthenticated remote code execution vulnerability in various ManageEngine products due to the usage of an outdated third party dependency, Apache Santuario. Solution(s) http-manageengine-access-manager-plus-cve-2022-47966 References https://attackerkb.com/topics/cve-2022-47966 CVE - 2022-47966 https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/

ManageEngine SupportCenter Plus - CVE-2022-47966: Unauthenticated remote code execution Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/18/2023 Created 01/20/2023 Added 01/20/2023 Modified 06/06/2023 Description Unauthenticated remote code execution vulnerability in various ManageEngine products due to the usage of an outdated third party dependency, Apache Santuario. Solution(s) http-manageengine-supportcenter-plus-cve-2022-47966 References https://attackerkb.com/topics/cve-2022-47966 CVE - 2022-47966 https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/

ManageEngine Password Manager Pro - CVE-2022-47966: Unauthenticated remote code execution Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/18/2023 Created 01/25/2023 Added 01/24/2023 Modified 12/23/2024 Description Deprecated Solution(s)

Oracle MySQL Vulnerability: CVE-2023-21876 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/18/2023 Created 01/26/2023 Added 01/26/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2023-21876 CVE - 2023-21876 https://www.oracle.com/security-alerts/cpujan2023.html

Ubuntu: (Multiple Advisories) (CVE-2023-21880): MySQL vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:M/C:N/I:P/A:C) Published 01/18/2023 Created 01/26/2023 Added 01/25/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Solution(s) ubuntu-upgrade-mysql-server-5-7 ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2023-21880 CVE - 2023-21880 CVE-2023-21880 USN-5702-1 USN-5702-2 USN-5823-1 USN-5823-2

Ubuntu: (Multiple Advisories) (CVE-2023-21871): MySQL vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/18/2023 Created 01/26/2023 Added 01/25/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-server-5-7 ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2023-21871 CVE - 2023-21871 CVE-2023-21871 USN-5702-1 USN-5702-2 USN-5823-1 USN-5823-2

Ubuntu: (Multiple Advisories) (CVE-2023-21870): MySQL vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/18/2023 Created 01/26/2023 Added 01/25/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-server-5-7 ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2023-21870 CVE - 2023-21870 CVE-2023-21870 USN-5702-1 USN-5702-2 USN-5823-1 USN-5823-2

Ubuntu: (Multiple Advisories) (CVE-2023-21881): MySQL vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/18/2023 Created 01/26/2023 Added 01/25/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-server-5-7 ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2023-21881 CVE - 2023-21881 CVE-2023-21881 USN-5702-1 USN-5702-2 USN-5823-1 USN-5823-2

Ubuntu: (Multiple Advisories) (CVE-2023-21877): MySQL vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:M/C:N/I:P/A:C) Published 01/18/2023 Created 01/26/2023 Added 01/25/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Solution(s) ubuntu-upgrade-mysql-server-5-7 ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2023-21877 CVE - 2023-21877 CVE-2023-21877 USN-5702-1 USN-5702-2 USN-5823-1 USN-5823-2

Ubuntu: (Multiple Advisories) (CVE-2023-21843): OpenJDK vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 01/18/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound).Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) ubuntu-upgrade-openjdk-11-jdk ubuntu-upgrade-openjdk-11-jre ubuntu-upgrade-openjdk-11-jre-headless ubuntu-upgrade-openjdk-11-jre-zero ubuntu-upgrade-openjdk-17-jdk ubuntu-upgrade-openjdk-17-jre ubuntu-upgrade-openjdk-17-jre-headless ubuntu-upgrade-openjdk-17-jre-zero ubuntu-upgrade-openjdk-19-jdk ubuntu-upgrade-openjdk-19-jre ubuntu-upgrade-openjdk-19-jre-headless ubuntu-upgrade-openjdk-19-jre-zero ubuntu-upgrade-openjdk-8-jdk ubuntu-upgrade-openjdk-8-jre ubuntu-upgrade-openjdk-8-jre-headless ubuntu-upgrade-openjdk-8-jre-zero References https://attackerkb.com/topics/cve-2023-21843 CVE - 2023-21843 USN-5897-1 USN-5898-1

Ubuntu: (Multiple Advisories) (CVE-2023-21863): MySQL vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 01/18/2023 Created 01/26/2023 Added 01/25/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-server-5-7 ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2023-21863 CVE - 2023-21863 CVE-2023-21863 USN-5702-1 USN-5702-2 USN-5823-1 USN-5823-2

Ubuntu: (Multiple Advisories) (CVE-2023-21869): MySQL vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:M/C:N/I:P/A:C) Published 01/18/2023 Created 01/26/2023 Added 01/25/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well asunauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Solution(s) ubuntu-upgrade-mysql-server-5-7 ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2023-21869 CVE - 2023-21869 CVE-2023-21869 USN-5702-1 USN-5702-2 USN-5823-1 USN-5823-2

Gentoo Linux: CVE-2023-21843: OpenJDK: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 01/18/2023 Created 01/19/2024 Added 01/18/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound).Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) gentoo-linux-upgrade-dev-java-icedtea gentoo-linux-upgrade-dev-java-icedtea-bin gentoo-linux-upgrade-dev-java-openjdk gentoo-linux-upgrade-dev-java-openjdk-bin gentoo-linux-upgrade-dev-java-openjdk-jre-bin References https://attackerkb.com/topics/cve-2023-21843 CVE - 2023-21843 202401-25 202409-26

Gentoo Linux: CVE-2023-21898: Oracle VirtualBox: Multiple Vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/18/2023 Created 10/11/2023 Added 10/10/2023 Modified 01/28/2025 Description Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).Supported versions that are affected are Prior to 6.1.42 andprior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: Applies to VirtualBox VMs running Windows 7 and later. CVSS 3.1 Base Score 5.5 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Solution(s) gentoo-linux-upgrade-app-emulation-virtualbox References https://attackerkb.com/topics/cve-2023-21898 CVE - 2023-21898 202310-07

Alma Linux: CVE-2023-21835: Moderate: java-17-openjdk security and bug fix update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 01/18/2023 Created 01/20/2023 Added 01/19/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Solution(s) alma-upgrade-java-11-openjdk alma-upgrade-java-11-openjdk-demo alma-upgrade-java-11-openjdk-demo-fastdebug alma-upgrade-java-11-openjdk-demo-slowdebug alma-upgrade-java-11-openjdk-devel alma-upgrade-java-11-openjdk-devel-fastdebug alma-upgrade-java-11-openjdk-devel-slowdebug alma-upgrade-java-11-openjdk-fastdebug alma-upgrade-java-11-openjdk-headless alma-upgrade-java-11-openjdk-headless-fastdebug alma-upgrade-java-11-openjdk-headless-slowdebug alma-upgrade-java-11-openjdk-javadoc alma-upgrade-java-11-openjdk-javadoc-zip alma-upgrade-java-11-openjdk-jmods alma-upgrade-java-11-openjdk-jmods-fastdebug alma-upgrade-java-11-openjdk-jmods-slowdebug alma-upgrade-java-11-openjdk-slowdebug alma-upgrade-java-11-openjdk-src alma-upgrade-java-11-openjdk-src-fastdebug alma-upgrade-java-11-openjdk-src-slowdebug alma-upgrade-java-11-openjdk-static-libs alma-upgrade-java-11-openjdk-static-libs-fastdebug alma-upgrade-java-11-openjdk-static-libs-slowdebug alma-upgrade-java-17-openjdk alma-upgrade-java-17-openjdk-demo alma-upgrade-java-17-openjdk-demo-fastdebug alma-upgrade-java-17-openjdk-demo-slowdebug alma-upgrade-java-17-openjdk-devel alma-upgrade-java-17-openjdk-devel-fastdebug alma-upgrade-java-17-openjdk-devel-slowdebug alma-upgrade-java-17-openjdk-fastdebug alma-upgrade-java-17-openjdk-headless alma-upgrade-java-17-openjdk-headless-fastdebug alma-upgrade-java-17-openjdk-headless-slowdebug alma-upgrade-java-17-openjdk-javadoc alma-upgrade-java-17-openjdk-javadoc-zip alma-upgrade-java-17-openjdk-jmods alma-upgrade-java-17-openjdk-jmods-fastdebug alma-upgrade-java-17-openjdk-jmods-slowdebug alma-upgrade-java-17-openjdk-slowdebug alma-upgrade-java-17-openjdk-src alma-upgrade-java-17-openjdk-src-fastdebug alma-upgrade-java-17-openjdk-src-slowdebug alma-upgrade-java-17-openjdk-static-libs alma-upgrade-java-17-openjdk-static-libs-fastdebug alma-upgrade-java-17-openjdk-static-libs-slowdebug References https://attackerkb.com/topics/cve-2023-21835 CVE - 2023-21835 https://errata.almalinux.org/8/ALSA-2023-0192.html https://errata.almalinux.org/8/ALSA-2023-0200.html https://errata.almalinux.org/9/ALSA-2023-0194.html https://errata.almalinux.org/9/ALSA-2023-0202.html

Gentoo Linux: CVE-2023-21835: OpenJDK: Multiple Vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 01/18/2023 Created 01/19/2024 Added 01/18/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Solution(s) gentoo-linux-upgrade-dev-java-icedtea gentoo-linux-upgrade-dev-java-icedtea-bin gentoo-linux-upgrade-dev-java-openjdk gentoo-linux-upgrade-dev-java-openjdk-bin gentoo-linux-upgrade-dev-java-openjdk-jre-bin References https://attackerkb.com/topics/cve-2023-21835 CVE - 2023-21835 202401-25 202409-26