ISHACK AI BOT 发布的所有帖子
-
Ubuntu: USN-6823-1 (CVE-2024-21000): MySQL vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:M/C:P/I:P/A:N) Published 04/16/2024 Created 07/02/2024 Added 07/01/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).Supported versions that are affected are 8.0.36 and prior and8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of MySQL Server accessible data as well asunauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). Solution(s) ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2024-21000 CVE - 2024-21000 USN-6823-1 -
Oracle MySQL Vulnerability: CVE-2024-21052 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/16/2024 Created 05/13/2024 Added 05/10/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21052 CVE - 2024-21052
-
Oracle MySQL Vulnerability: CVE-2024-20993 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/16/2024 Created 05/13/2024 Added 05/10/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.35 and prior and8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-20993 CVE - 2024-20993 https://www.oracle.com/security-alerts/cpuapr2024.html
-
Oracle Linux: CVE-2024-21085: ELSA-2024-1818:java-1.8.0-openjdk security update (MODERATE) (Multiple Advisories) Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:P) Published 04/16/2024 Created 05/22/2024 Added 04/17/2024 Modified 01/07/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency).Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). A flaw was found in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. Solution(s) oracle-linux-upgrade-java-11-openjdk oracle-linux-upgrade-java-11-openjdk-demo oracle-linux-upgrade-java-11-openjdk-demo-fastdebug oracle-linux-upgrade-java-11-openjdk-demo-slowdebug oracle-linux-upgrade-java-11-openjdk-devel oracle-linux-upgrade-java-11-openjdk-devel-fastdebug oracle-linux-upgrade-java-11-openjdk-devel-slowdebug oracle-linux-upgrade-java-11-openjdk-fastdebug oracle-linux-upgrade-java-11-openjdk-headless oracle-linux-upgrade-java-11-openjdk-headless-fastdebug oracle-linux-upgrade-java-11-openjdk-headless-slowdebug oracle-linux-upgrade-java-11-openjdk-javadoc oracle-linux-upgrade-java-11-openjdk-javadoc-zip oracle-linux-upgrade-java-11-openjdk-jmods oracle-linux-upgrade-java-11-openjdk-jmods-fastdebug oracle-linux-upgrade-java-11-openjdk-jmods-slowdebug oracle-linux-upgrade-java-11-openjdk-slowdebug oracle-linux-upgrade-java-11-openjdk-src oracle-linux-upgrade-java-11-openjdk-src-fastdebug oracle-linux-upgrade-java-11-openjdk-src-slowdebug oracle-linux-upgrade-java-11-openjdk-static-libs oracle-linux-upgrade-java-11-openjdk-static-libs-fastdebug oracle-linux-upgrade-java-11-openjdk-static-libs-slowdebug oracle-linux-upgrade-java-1-8-0-openjdk oracle-linux-upgrade-java-1-8-0-openjdk-accessibility oracle-linux-upgrade-java-1-8-0-openjdk-accessibility-fastdebug oracle-linux-upgrade-java-1-8-0-openjdk-accessibility-slowdebug oracle-linux-upgrade-java-1-8-0-openjdk-demo oracle-linux-upgrade-java-1-8-0-openjdk-demo-fastdebug oracle-linux-upgrade-java-1-8-0-openjdk-demo-slowdebug oracle-linux-upgrade-java-1-8-0-openjdk-devel oracle-linux-upgrade-java-1-8-0-openjdk-devel-fastdebug oracle-linux-upgrade-java-1-8-0-openjdk-devel-slowdebug oracle-linux-upgrade-java-1-8-0-openjdk-fastdebug oracle-linux-upgrade-java-1-8-0-openjdk-headless oracle-linux-upgrade-java-1-8-0-openjdk-headless-fastdebug oracle-linux-upgrade-java-1-8-0-openjdk-headless-slowdebug oracle-linux-upgrade-java-1-8-0-openjdk-javadoc oracle-linux-upgrade-java-1-8-0-openjdk-javadoc-zip oracle-linux-upgrade-java-1-8-0-openjdk-slowdebug oracle-linux-upgrade-java-1-8-0-openjdk-src oracle-linux-upgrade-java-1-8-0-openjdk-src-fastdebug oracle-linux-upgrade-java-1-8-0-openjdk-src-slowdebug References https://attackerkb.com/topics/cve-2024-21085 CVE - 2024-21085 ELSA-2024-1818 ELSA-2024-1817 ELSA-2024-1821 ELSA-2024-1822
-
Oracle Linux: CVE-2024-21094: ELSA-2024-1825:java-17-openjdk security update (MODERATE) (Multiple Advisories) Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:P/A:N) Published 04/16/2024 Created 05/22/2024 Added 04/18/2024 Modified 01/07/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. Solution(s) oracle-linux-upgrade-java-11-openjdk oracle-linux-upgrade-java-11-openjdk-demo oracle-linux-upgrade-java-11-openjdk-demo-fastdebug oracle-linux-upgrade-java-11-openjdk-demo-slowdebug oracle-linux-upgrade-java-11-openjdk-devel oracle-linux-upgrade-java-11-openjdk-devel-fastdebug oracle-linux-upgrade-java-11-openjdk-devel-slowdebug oracle-linux-upgrade-java-11-openjdk-fastdebug oracle-linux-upgrade-java-11-openjdk-headless oracle-linux-upgrade-java-11-openjdk-headless-fastdebug oracle-linux-upgrade-java-11-openjdk-headless-slowdebug oracle-linux-upgrade-java-11-openjdk-javadoc oracle-linux-upgrade-java-11-openjdk-javadoc-zip oracle-linux-upgrade-java-11-openjdk-jmods oracle-linux-upgrade-java-11-openjdk-jmods-fastdebug oracle-linux-upgrade-java-11-openjdk-jmods-slowdebug oracle-linux-upgrade-java-11-openjdk-slowdebug oracle-linux-upgrade-java-11-openjdk-src oracle-linux-upgrade-java-11-openjdk-src-fastdebug oracle-linux-upgrade-java-11-openjdk-src-slowdebug oracle-linux-upgrade-java-11-openjdk-static-libs oracle-linux-upgrade-java-11-openjdk-static-libs-fastdebug oracle-linux-upgrade-java-11-openjdk-static-libs-slowdebug oracle-linux-upgrade-java-17-openjdk oracle-linux-upgrade-java-17-openjdk-demo oracle-linux-upgrade-java-17-openjdk-demo-fastdebug oracle-linux-upgrade-java-17-openjdk-demo-slowdebug oracle-linux-upgrade-java-17-openjdk-devel oracle-linux-upgrade-java-17-openjdk-devel-fastdebug oracle-linux-upgrade-java-17-openjdk-devel-slowdebug oracle-linux-upgrade-java-17-openjdk-fastdebug oracle-linux-upgrade-java-17-openjdk-headless oracle-linux-upgrade-java-17-openjdk-headless-fastdebug oracle-linux-upgrade-java-17-openjdk-headless-slowdebug oracle-linux-upgrade-java-17-openjdk-javadoc oracle-linux-upgrade-java-17-openjdk-javadoc-zip oracle-linux-upgrade-java-17-openjdk-jmods oracle-linux-upgrade-java-17-openjdk-jmods-fastdebug oracle-linux-upgrade-java-17-openjdk-jmods-slowdebug oracle-linux-upgrade-java-17-openjdk-slowdebug oracle-linux-upgrade-java-17-openjdk-src oracle-linux-upgrade-java-17-openjdk-src-fastdebug oracle-linux-upgrade-java-17-openjdk-src-slowdebug oracle-linux-upgrade-java-17-openjdk-static-libs oracle-linux-upgrade-java-17-openjdk-static-libs-fastdebug oracle-linux-upgrade-java-17-openjdk-static-libs-slowdebug oracle-linux-upgrade-java-1-8-0-openjdk oracle-linux-upgrade-java-1-8-0-openjdk-accessibility oracle-linux-upgrade-java-1-8-0-openjdk-accessibility-fastdebug oracle-linux-upgrade-java-1-8-0-openjdk-accessibility-slowdebug oracle-linux-upgrade-java-1-8-0-openjdk-demo oracle-linux-upgrade-java-1-8-0-openjdk-demo-fastdebug oracle-linux-upgrade-java-1-8-0-openjdk-demo-slowdebug oracle-linux-upgrade-java-1-8-0-openjdk-devel oracle-linux-upgrade-java-1-8-0-openjdk-devel-fastdebug oracle-linux-upgrade-java-1-8-0-openjdk-devel-slowdebug oracle-linux-upgrade-java-1-8-0-openjdk-fastdebug oracle-linux-upgrade-java-1-8-0-openjdk-headless oracle-linux-upgrade-java-1-8-0-openjdk-headless-fastdebug oracle-linux-upgrade-java-1-8-0-openjdk-headless-slowdebug oracle-linux-upgrade-java-1-8-0-openjdk-javadoc oracle-linux-upgrade-java-1-8-0-openjdk-javadoc-zip oracle-linux-upgrade-java-1-8-0-openjdk-slowdebug oracle-linux-upgrade-java-1-8-0-openjdk-src oracle-linux-upgrade-java-1-8-0-openjdk-src-fastdebug oracle-linux-upgrade-java-1-8-0-openjdk-src-slowdebug References https://attackerkb.com/topics/cve-2024-21094 CVE - 2024-21094 ELSA-2024-1825 ELSA-2024-1818 ELSA-2024-1817 ELSA-2024-1821 ELSA-2024-1822
-
Oracle Linux: CVE-2024-21012: ELSA-2024-1825:java-17-openjdk security update (MODERATE) (Multiple Advisories) Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:P/A:N) Published 04/16/2024 Created 05/22/2024 Added 04/20/2024 Modified 01/07/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). Solution(s) oracle-linux-upgrade-java-11-openjdk oracle-linux-upgrade-java-11-openjdk-demo oracle-linux-upgrade-java-11-openjdk-demo-fastdebug oracle-linux-upgrade-java-11-openjdk-demo-slowdebug oracle-linux-upgrade-java-11-openjdk-devel oracle-linux-upgrade-java-11-openjdk-devel-fastdebug oracle-linux-upgrade-java-11-openjdk-devel-slowdebug oracle-linux-upgrade-java-11-openjdk-fastdebug oracle-linux-upgrade-java-11-openjdk-headless oracle-linux-upgrade-java-11-openjdk-headless-fastdebug oracle-linux-upgrade-java-11-openjdk-headless-slowdebug oracle-linux-upgrade-java-11-openjdk-javadoc oracle-linux-upgrade-java-11-openjdk-javadoc-zip oracle-linux-upgrade-java-11-openjdk-jmods oracle-linux-upgrade-java-11-openjdk-jmods-fastdebug oracle-linux-upgrade-java-11-openjdk-jmods-slowdebug oracle-linux-upgrade-java-11-openjdk-slowdebug oracle-linux-upgrade-java-11-openjdk-src oracle-linux-upgrade-java-11-openjdk-src-fastdebug oracle-linux-upgrade-java-11-openjdk-src-slowdebug oracle-linux-upgrade-java-11-openjdk-static-libs oracle-linux-upgrade-java-11-openjdk-static-libs-fastdebug oracle-linux-upgrade-java-11-openjdk-static-libs-slowdebug oracle-linux-upgrade-java-17-openjdk oracle-linux-upgrade-java-17-openjdk-demo oracle-linux-upgrade-java-17-openjdk-demo-fastdebug oracle-linux-upgrade-java-17-openjdk-demo-slowdebug oracle-linux-upgrade-java-17-openjdk-devel oracle-linux-upgrade-java-17-openjdk-devel-fastdebug oracle-linux-upgrade-java-17-openjdk-devel-slowdebug oracle-linux-upgrade-java-17-openjdk-fastdebug oracle-linux-upgrade-java-17-openjdk-headless oracle-linux-upgrade-java-17-openjdk-headless-fastdebug oracle-linux-upgrade-java-17-openjdk-headless-slowdebug oracle-linux-upgrade-java-17-openjdk-javadoc oracle-linux-upgrade-java-17-openjdk-javadoc-zip oracle-linux-upgrade-java-17-openjdk-jmods oracle-linux-upgrade-java-17-openjdk-jmods-fastdebug oracle-linux-upgrade-java-17-openjdk-jmods-slowdebug oracle-linux-upgrade-java-17-openjdk-slowdebug oracle-linux-upgrade-java-17-openjdk-src oracle-linux-upgrade-java-17-openjdk-src-fastdebug oracle-linux-upgrade-java-17-openjdk-src-slowdebug oracle-linux-upgrade-java-17-openjdk-static-libs oracle-linux-upgrade-java-17-openjdk-static-libs-fastdebug oracle-linux-upgrade-java-17-openjdk-static-libs-slowdebug oracle-linux-upgrade-java-21-openjdk oracle-linux-upgrade-java-21-openjdk-demo oracle-linux-upgrade-java-21-openjdk-demo-fastdebug oracle-linux-upgrade-java-21-openjdk-demo-slowdebug oracle-linux-upgrade-java-21-openjdk-devel oracle-linux-upgrade-java-21-openjdk-devel-fastdebug oracle-linux-upgrade-java-21-openjdk-devel-slowdebug oracle-linux-upgrade-java-21-openjdk-fastdebug oracle-linux-upgrade-java-21-openjdk-headless oracle-linux-upgrade-java-21-openjdk-headless-fastdebug oracle-linux-upgrade-java-21-openjdk-headless-slowdebug oracle-linux-upgrade-java-21-openjdk-javadoc oracle-linux-upgrade-java-21-openjdk-javadoc-zip oracle-linux-upgrade-java-21-openjdk-jmods oracle-linux-upgrade-java-21-openjdk-jmods-fastdebug oracle-linux-upgrade-java-21-openjdk-jmods-slowdebug oracle-linux-upgrade-java-21-openjdk-slowdebug oracle-linux-upgrade-java-21-openjdk-src oracle-linux-upgrade-java-21-openjdk-src-fastdebug oracle-linux-upgrade-java-21-openjdk-src-slowdebug oracle-linux-upgrade-java-21-openjdk-static-libs oracle-linux-upgrade-java-21-openjdk-static-libs-fastdebug oracle-linux-upgrade-java-21-openjdk-static-libs-slowdebug References https://attackerkb.com/topics/cve-2024-21012 CVE - 2024-21012 ELSA-2024-1825 ELSA-2024-1828 ELSA-2024-1821 ELSA-2024-1822
-
Oracle Linux: CVE-2024-21068: ELSA-2024-1825:java-17-openjdk security update (MODERATE) (Multiple Advisories) Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:P/A:N) Published 04/16/2024 Created 05/22/2024 Added 04/17/2024 Modified 01/07/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. Solution(s) oracle-linux-upgrade-java-11-openjdk oracle-linux-upgrade-java-11-openjdk-demo oracle-linux-upgrade-java-11-openjdk-demo-fastdebug oracle-linux-upgrade-java-11-openjdk-demo-slowdebug oracle-linux-upgrade-java-11-openjdk-devel oracle-linux-upgrade-java-11-openjdk-devel-fastdebug oracle-linux-upgrade-java-11-openjdk-devel-slowdebug oracle-linux-upgrade-java-11-openjdk-fastdebug oracle-linux-upgrade-java-11-openjdk-headless oracle-linux-upgrade-java-11-openjdk-headless-fastdebug oracle-linux-upgrade-java-11-openjdk-headless-slowdebug oracle-linux-upgrade-java-11-openjdk-javadoc oracle-linux-upgrade-java-11-openjdk-javadoc-zip oracle-linux-upgrade-java-11-openjdk-jmods oracle-linux-upgrade-java-11-openjdk-jmods-fastdebug oracle-linux-upgrade-java-11-openjdk-jmods-slowdebug oracle-linux-upgrade-java-11-openjdk-slowdebug oracle-linux-upgrade-java-11-openjdk-src oracle-linux-upgrade-java-11-openjdk-src-fastdebug oracle-linux-upgrade-java-11-openjdk-src-slowdebug oracle-linux-upgrade-java-11-openjdk-static-libs oracle-linux-upgrade-java-11-openjdk-static-libs-fastdebug oracle-linux-upgrade-java-11-openjdk-static-libs-slowdebug oracle-linux-upgrade-java-17-openjdk oracle-linux-upgrade-java-17-openjdk-demo oracle-linux-upgrade-java-17-openjdk-demo-fastdebug oracle-linux-upgrade-java-17-openjdk-demo-slowdebug oracle-linux-upgrade-java-17-openjdk-devel oracle-linux-upgrade-java-17-openjdk-devel-fastdebug oracle-linux-upgrade-java-17-openjdk-devel-slowdebug oracle-linux-upgrade-java-17-openjdk-fastdebug oracle-linux-upgrade-java-17-openjdk-headless oracle-linux-upgrade-java-17-openjdk-headless-fastdebug oracle-linux-upgrade-java-17-openjdk-headless-slowdebug oracle-linux-upgrade-java-17-openjdk-javadoc oracle-linux-upgrade-java-17-openjdk-javadoc-zip oracle-linux-upgrade-java-17-openjdk-jmods oracle-linux-upgrade-java-17-openjdk-jmods-fastdebug oracle-linux-upgrade-java-17-openjdk-jmods-slowdebug oracle-linux-upgrade-java-17-openjdk-slowdebug oracle-linux-upgrade-java-17-openjdk-src oracle-linux-upgrade-java-17-openjdk-src-fastdebug oracle-linux-upgrade-java-17-openjdk-src-slowdebug oracle-linux-upgrade-java-17-openjdk-static-libs oracle-linux-upgrade-java-17-openjdk-static-libs-fastdebug oracle-linux-upgrade-java-17-openjdk-static-libs-slowdebug oracle-linux-upgrade-java-1-8-0-openjdk oracle-linux-upgrade-java-1-8-0-openjdk-accessibility oracle-linux-upgrade-java-1-8-0-openjdk-accessibility-fastdebug oracle-linux-upgrade-java-1-8-0-openjdk-accessibility-slowdebug oracle-linux-upgrade-java-1-8-0-openjdk-demo oracle-linux-upgrade-java-1-8-0-openjdk-demo-fastdebug oracle-linux-upgrade-java-1-8-0-openjdk-demo-slowdebug oracle-linux-upgrade-java-1-8-0-openjdk-devel oracle-linux-upgrade-java-1-8-0-openjdk-devel-fastdebug oracle-linux-upgrade-java-1-8-0-openjdk-devel-slowdebug oracle-linux-upgrade-java-1-8-0-openjdk-fastdebug oracle-linux-upgrade-java-1-8-0-openjdk-headless oracle-linux-upgrade-java-1-8-0-openjdk-headless-fastdebug oracle-linux-upgrade-java-1-8-0-openjdk-headless-slowdebug oracle-linux-upgrade-java-1-8-0-openjdk-javadoc oracle-linux-upgrade-java-1-8-0-openjdk-javadoc-zip oracle-linux-upgrade-java-1-8-0-openjdk-slowdebug oracle-linux-upgrade-java-1-8-0-openjdk-src oracle-linux-upgrade-java-1-8-0-openjdk-src-fastdebug oracle-linux-upgrade-java-1-8-0-openjdk-src-slowdebug oracle-linux-upgrade-java-21-openjdk oracle-linux-upgrade-java-21-openjdk-demo oracle-linux-upgrade-java-21-openjdk-demo-fastdebug oracle-linux-upgrade-java-21-openjdk-demo-slowdebug oracle-linux-upgrade-java-21-openjdk-devel oracle-linux-upgrade-java-21-openjdk-devel-fastdebug oracle-linux-upgrade-java-21-openjdk-devel-slowdebug oracle-linux-upgrade-java-21-openjdk-fastdebug oracle-linux-upgrade-java-21-openjdk-headless oracle-linux-upgrade-java-21-openjdk-headless-fastdebug oracle-linux-upgrade-java-21-openjdk-headless-slowdebug oracle-linux-upgrade-java-21-openjdk-javadoc oracle-linux-upgrade-java-21-openjdk-javadoc-zip oracle-linux-upgrade-java-21-openjdk-jmods oracle-linux-upgrade-java-21-openjdk-jmods-fastdebug oracle-linux-upgrade-java-21-openjdk-jmods-slowdebug oracle-linux-upgrade-java-21-openjdk-slowdebug oracle-linux-upgrade-java-21-openjdk-src oracle-linux-upgrade-java-21-openjdk-src-fastdebug oracle-linux-upgrade-java-21-openjdk-src-slowdebug oracle-linux-upgrade-java-21-openjdk-static-libs oracle-linux-upgrade-java-21-openjdk-static-libs-fastdebug oracle-linux-upgrade-java-21-openjdk-static-libs-slowdebug References https://attackerkb.com/topics/cve-2024-21068 CVE - 2024-21068 ELSA-2024-1825 ELSA-2024-1828 ELSA-2024-1818 ELSA-2024-1817 ELSA-2024-1821 ELSA-2024-1822 View more
-
Oracle Linux: CVE-2024-21096: ELSA-2025-0737:mariadb:10.11 security update (MODERATE) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:H/Au:N/C:P/I:P/A:P) Published 04/16/2024 Created 01/31/2025 Added 01/29/2025 Modified 02/13/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump).Supported versions that are affected are 8.0.36 and prior and8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of MySQL Server accessible data as well asunauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality, Integrity and Availability impacts).CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). A flaw was found in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. Solution(s) oracle-linux-upgrade-galera oracle-linux-upgrade-judy oracle-linux-upgrade-mariadb oracle-linux-upgrade-mariadb-backup oracle-linux-upgrade-mariadb-common oracle-linux-upgrade-mariadb-devel oracle-linux-upgrade-mariadb-embedded oracle-linux-upgrade-mariadb-embedded-devel oracle-linux-upgrade-mariadb-errmsg oracle-linux-upgrade-mariadb-gssapi-server oracle-linux-upgrade-mariadb-oqgraph-engine oracle-linux-upgrade-mariadb-pam oracle-linux-upgrade-mariadb-server oracle-linux-upgrade-mariadb-server-galera oracle-linux-upgrade-mariadb-server-utils oracle-linux-upgrade-mariadb-test References https://attackerkb.com/topics/cve-2024-21096 CVE - 2024-21096 ELSA-2025-0737 ELSA-2025-0739 ELSA-2025-0912 ELSA-2025-0914
-
MFSA2024-20 Thunderbird: Security Vulnerabilities fixed in Thunderbird 115.10 (CVE-2024-3852) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/16/2024 Created 04/22/2024 Added 04/22/2024 Modified 04/22/2024 Description GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Solution(s) mozilla-thunderbird-upgrade-115_10 References https://attackerkb.com/topics/cve-2024-3852 CVE - 2024-3852 http://www.mozilla.org/security/announce/2024/mfsa2024-20.html
-
Debian: CVE-2024-3302: firefox-esr, thunderbird -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/16/2024 Created 04/19/2024 Added 04/19/2024 Modified 04/26/2024 Description There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-3302 CVE - 2024-3302 DSA-5663-1
-
Debian: CVE-2024-3864: firefox-esr, thunderbird -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/16/2024 Created 04/19/2024 Added 04/19/2024 Modified 04/26/2024 Description Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-3864 CVE - 2024-3864 DSA-5663-1
-
Ubuntu: (CVE-2024-21057): mysql-8.0 vulnerability Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/16/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-8-0 References https://attackerkb.com/topics/cve-2024-21057 CVE - 2024-21057 https://www.cve.org/CVERecord?id=CVE-2024-21057 https://www.oracle.com/security-alerts/cpuapr2024.html
-
Ubuntu: USN-6823-1 (CVE-2024-20994): MySQL vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:S/C:N/I:N/A:C) Published 04/16/2024 Created 07/02/2024 Added 07/01/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).Supported versions that are affected are 8.0.36 and prior and8.3.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2024-20994 CVE - 2024-20994 USN-6823-1
-
Ubuntu: USN-6823-1 (CVE-2024-21087): MySQL vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/16/2024 Created 07/02/2024 Added 07/01/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).Supported versions that are affected are 8.0.36 and prior and8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2024-21087 CVE - 2024-21087 USN-6823-1
-
Ubuntu: (Multiple Advisories) (CVE-2024-21094): OpenJDK 8 vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 04/16/2024 Created 06/07/2024 Added 06/07/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) ubuntu-upgrade-openjdk-11-jdk ubuntu-upgrade-openjdk-11-jdk-headless ubuntu-upgrade-openjdk-11-jre ubuntu-upgrade-openjdk-11-jre-headless ubuntu-upgrade-openjdk-11-jre-zero ubuntu-upgrade-openjdk-17-jdk ubuntu-upgrade-openjdk-17-jdk-headless ubuntu-upgrade-openjdk-17-jre ubuntu-upgrade-openjdk-17-jre-headless ubuntu-upgrade-openjdk-17-jre-zero ubuntu-upgrade-openjdk-21-jdk ubuntu-upgrade-openjdk-21-jdk-headless ubuntu-upgrade-openjdk-21-jre ubuntu-upgrade-openjdk-21-jre-headless ubuntu-upgrade-openjdk-21-jre-zero ubuntu-upgrade-openjdk-8-jdk ubuntu-upgrade-openjdk-8-jdk-headless ubuntu-upgrade-openjdk-8-jre ubuntu-upgrade-openjdk-8-jre-headless ubuntu-upgrade-openjdk-8-jre-jamvm ubuntu-upgrade-openjdk-8-jre-zero References https://attackerkb.com/topics/cve-2024-21094 CVE - 2024-21094 USN-6810-1 USN-6811-1 USN-6812-1 USN-6813-1 USN-7096-1
-
Ubuntu: (CVE-2024-21055): mysql-8.0 vulnerability Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/16/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-8-0 References https://attackerkb.com/topics/cve-2024-21055 CVE - 2024-21055 https://www.cve.org/CVERecord?id=CVE-2024-21055 https://www.oracle.com/security-alerts/cpuapr2024.html
-
Ubuntu: USN-6823-1 (CVE-2024-21054): MySQL vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/16/2024 Created 07/02/2024 Added 07/01/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.36 and prior and8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2024-21054 CVE - 2024-21054 USN-6823-1
-
Ubuntu: (CVE-2024-21056): mysql-8.0 vulnerability Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/16/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-8-0 References https://attackerkb.com/topics/cve-2024-21056 CVE - 2024-21056 https://www.cve.org/CVERecord?id=CVE-2024-21056 https://www.oracle.com/security-alerts/cpuapr2024.html
-
Amazon Linux AMI 2: CVE-2024-21085: Security patch for java-1.8.0-amazon-corretto, java-1.8.0-openjdk, java-11-amazon-corretto, java-11-openjdk (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/16/2024 Created 05/01/2024 Added 05/01/2024 Modified 05/21/2024 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency).Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Solution(s) amazon-linux-ami-2-upgrade-java-1-8-0-amazon-corretto amazon-linux-ami-2-upgrade-java-1-8-0-amazon-corretto-devel amazon-linux-ami-2-upgrade-java-1-8-0-openjdk amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-accessibility amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-accessibility-debug amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-debug amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-debuginfo amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-demo amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-demo-debug amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-devel amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-devel-debug amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-headless amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-headless-debug amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-javadoc amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-javadoc-debug amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-javadoc-zip amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-javadoc-zip-debug amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-src amazon-linux-ami-2-upgrade-java-1-8-0-openjdk-src-debug amazon-linux-ami-2-upgrade-java-11-amazon-corretto amazon-linux-ami-2-upgrade-java-11-amazon-corretto-headless amazon-linux-ami-2-upgrade-java-11-amazon-corretto-javadoc amazon-linux-ami-2-upgrade-java-11-openjdk amazon-linux-ami-2-upgrade-java-11-openjdk-debug amazon-linux-ami-2-upgrade-java-11-openjdk-debuginfo amazon-linux-ami-2-upgrade-java-11-openjdk-demo amazon-linux-ami-2-upgrade-java-11-openjdk-demo-debug amazon-linux-ami-2-upgrade-java-11-openjdk-devel amazon-linux-ami-2-upgrade-java-11-openjdk-devel-debug amazon-linux-ami-2-upgrade-java-11-openjdk-headless amazon-linux-ami-2-upgrade-java-11-openjdk-headless-debug amazon-linux-ami-2-upgrade-java-11-openjdk-javadoc amazon-linux-ami-2-upgrade-java-11-openjdk-javadoc-debug amazon-linux-ami-2-upgrade-java-11-openjdk-javadoc-zip amazon-linux-ami-2-upgrade-java-11-openjdk-javadoc-zip-debug amazon-linux-ami-2-upgrade-java-11-openjdk-jmods amazon-linux-ami-2-upgrade-java-11-openjdk-jmods-debug amazon-linux-ami-2-upgrade-java-11-openjdk-src amazon-linux-ami-2-upgrade-java-11-openjdk-src-debug amazon-linux-ami-2-upgrade-java-11-openjdk-static-libs amazon-linux-ami-2-upgrade-java-11-openjdk-static-libs-debug References https://attackerkb.com/topics/cve-2024-21085 AL2/ALAS-2024-2527 AL2/ALAS-2024-2540 AL2/ALASCORRETTO8-2024-011 AL2/ALASJAVA-OPENJDK11-2024-008 CVE - 2024-21085
-
Amazon Linux 2023: CVE-2024-21085: Low priority package update for java-11-amazon-corretto (Multiple Advisories) Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:P) Published 04/16/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency).Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). A flaw was found in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. Solution(s) amazon-linux-2023-upgrade-java-11-amazon-corretto amazon-linux-2023-upgrade-java-11-amazon-corretto-devel amazon-linux-2023-upgrade-java-11-amazon-corretto-headless amazon-linux-2023-upgrade-java-11-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-11-amazon-corretto-jmods amazon-linux-2023-upgrade-java-1-8-0-amazon-corretto amazon-linux-2023-upgrade-java-1-8-0-amazon-corretto-devel References https://attackerkb.com/topics/cve-2024-21085 CVE - 2024-21085 https://alas.aws.amazon.com/AL2023/ALAS-2024-600.html https://alas.aws.amazon.com/AL2023/ALAS-2024-602.html
-
Amazon Linux 2023: CVE-2024-21096: Medium priority package update for mariadb105 Severity 4 CVSS (AV:L/AC:H/Au:N/C:P/I:P/A:P) Published 04/16/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump).Supported versions that are affected are 8.0.36 and prior and8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of MySQL Server accessible data as well asunauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality, Integrity and Availability impacts).CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). A flaw was found in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. Solution(s) amazon-linux-2023-upgrade-mariadb105 amazon-linux-2023-upgrade-mariadb105-backup amazon-linux-2023-upgrade-mariadb105-backup-debuginfo amazon-linux-2023-upgrade-mariadb105-common amazon-linux-2023-upgrade-mariadb105-connect-engine amazon-linux-2023-upgrade-mariadb105-connect-engine-debuginfo amazon-linux-2023-upgrade-mariadb105-cracklib-password-check amazon-linux-2023-upgrade-mariadb105-cracklib-password-check-debuginfo amazon-linux-2023-upgrade-mariadb105-debuginfo amazon-linux-2023-upgrade-mariadb105-debugsource amazon-linux-2023-upgrade-mariadb105-devel amazon-linux-2023-upgrade-mariadb105-errmsg amazon-linux-2023-upgrade-mariadb105-gssapi-server amazon-linux-2023-upgrade-mariadb105-gssapi-server-debuginfo amazon-linux-2023-upgrade-mariadb105-oqgraph-engine amazon-linux-2023-upgrade-mariadb105-oqgraph-engine-debuginfo amazon-linux-2023-upgrade-mariadb105-pam amazon-linux-2023-upgrade-mariadb105-pam-debuginfo amazon-linux-2023-upgrade-mariadb105-rocksdb-engine amazon-linux-2023-upgrade-mariadb105-rocksdb-engine-debuginfo amazon-linux-2023-upgrade-mariadb105-server amazon-linux-2023-upgrade-mariadb105-server-debuginfo amazon-linux-2023-upgrade-mariadb105-server-utils amazon-linux-2023-upgrade-mariadb105-server-utils-debuginfo amazon-linux-2023-upgrade-mariadb105-sphinx-engine amazon-linux-2023-upgrade-mariadb105-sphinx-engine-debuginfo amazon-linux-2023-upgrade-mariadb105-test amazon-linux-2023-upgrade-mariadb105-test-debuginfo References https://attackerkb.com/topics/cve-2024-21096 CVE - 2024-21096 https://alas.aws.amazon.com/AL2023/ALAS-2024-698.html
-
Amazon Linux 2023: CVE-2024-21068: Low priority package update for java-21-amazon-corretto (Multiple Advisories) Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:P/A:N) Published 04/16/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. Solution(s) amazon-linux-2023-upgrade-java-11-amazon-corretto amazon-linux-2023-upgrade-java-11-amazon-corretto-devel amazon-linux-2023-upgrade-java-11-amazon-corretto-headless amazon-linux-2023-upgrade-java-11-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-11-amazon-corretto-jmods amazon-linux-2023-upgrade-java-17-amazon-corretto amazon-linux-2023-upgrade-java-17-amazon-corretto-devel amazon-linux-2023-upgrade-java-17-amazon-corretto-headless amazon-linux-2023-upgrade-java-17-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-17-amazon-corretto-jmods amazon-linux-2023-upgrade-java-1-8-0-amazon-corretto amazon-linux-2023-upgrade-java-1-8-0-amazon-corretto-devel amazon-linux-2023-upgrade-java-21-amazon-corretto amazon-linux-2023-upgrade-java-21-amazon-corretto-devel amazon-linux-2023-upgrade-java-21-amazon-corretto-headless amazon-linux-2023-upgrade-java-21-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-21-amazon-corretto-jmods amazon-linux-2023-upgrade-java-22-amazon-corretto amazon-linux-2023-upgrade-java-22-amazon-corretto-devel amazon-linux-2023-upgrade-java-22-amazon-corretto-headless amazon-linux-2023-upgrade-java-22-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-22-amazon-corretto-jmods References https://attackerkb.com/topics/cve-2024-21068 CVE - 2024-21068 https://alas.aws.amazon.com/AL2023/ALAS-2024-598.html https://alas.aws.amazon.com/AL2023/ALAS-2024-599.html https://alas.aws.amazon.com/AL2023/ALAS-2024-600.html https://alas.aws.amazon.com/AL2023/ALAS-2024-601.html https://alas.aws.amazon.com/AL2023/ALAS-2024-602.html
-
Amazon Linux 2023: CVE-2024-21012: Low priority package update for java-21-amazon-corretto (Multiple Advisories) Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:P/A:N) Published 04/16/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). Solution(s) amazon-linux-2023-upgrade-java-11-amazon-corretto amazon-linux-2023-upgrade-java-11-amazon-corretto-devel amazon-linux-2023-upgrade-java-11-amazon-corretto-headless amazon-linux-2023-upgrade-java-11-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-11-amazon-corretto-jmods amazon-linux-2023-upgrade-java-17-amazon-corretto amazon-linux-2023-upgrade-java-17-amazon-corretto-devel amazon-linux-2023-upgrade-java-17-amazon-corretto-headless amazon-linux-2023-upgrade-java-17-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-17-amazon-corretto-jmods amazon-linux-2023-upgrade-java-21-amazon-corretto amazon-linux-2023-upgrade-java-21-amazon-corretto-devel amazon-linux-2023-upgrade-java-21-amazon-corretto-headless amazon-linux-2023-upgrade-java-21-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-21-amazon-corretto-jmods amazon-linux-2023-upgrade-java-22-amazon-corretto amazon-linux-2023-upgrade-java-22-amazon-corretto-devel amazon-linux-2023-upgrade-java-22-amazon-corretto-headless amazon-linux-2023-upgrade-java-22-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-22-amazon-corretto-jmods References https://attackerkb.com/topics/cve-2024-21012 CVE - 2024-21012 https://alas.aws.amazon.com/AL2023/ALAS-2024-598.html https://alas.aws.amazon.com/AL2023/ALAS-2024-599.html https://alas.aws.amazon.com/AL2023/ALAS-2024-600.html https://alas.aws.amazon.com/AL2023/ALAS-2024-601.html
-
Amazon Linux 2023: CVE-2024-21011: Low priority package update for java-21-amazon-corretto (Multiple Advisories) Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:P) Published 04/16/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. Solution(s) amazon-linux-2023-upgrade-java-11-amazon-corretto amazon-linux-2023-upgrade-java-11-amazon-corretto-devel amazon-linux-2023-upgrade-java-11-amazon-corretto-headless amazon-linux-2023-upgrade-java-11-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-11-amazon-corretto-jmods amazon-linux-2023-upgrade-java-17-amazon-corretto amazon-linux-2023-upgrade-java-17-amazon-corretto-devel amazon-linux-2023-upgrade-java-17-amazon-corretto-headless amazon-linux-2023-upgrade-java-17-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-17-amazon-corretto-jmods amazon-linux-2023-upgrade-java-1-8-0-amazon-corretto amazon-linux-2023-upgrade-java-1-8-0-amazon-corretto-devel amazon-linux-2023-upgrade-java-21-amazon-corretto amazon-linux-2023-upgrade-java-21-amazon-corretto-devel amazon-linux-2023-upgrade-java-21-amazon-corretto-headless amazon-linux-2023-upgrade-java-21-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-21-amazon-corretto-jmods amazon-linux-2023-upgrade-java-22-amazon-corretto amazon-linux-2023-upgrade-java-22-amazon-corretto-devel amazon-linux-2023-upgrade-java-22-amazon-corretto-headless amazon-linux-2023-upgrade-java-22-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-22-amazon-corretto-jmods References https://attackerkb.com/topics/cve-2024-21011 CVE - 2024-21011 https://alas.aws.amazon.com/AL2023/ALAS-2024-598.html https://alas.aws.amazon.com/AL2023/ALAS-2024-599.html https://alas.aws.amazon.com/AL2023/ALAS-2024-600.html https://alas.aws.amazon.com/AL2023/ALAS-2024-601.html https://alas.aws.amazon.com/AL2023/ALAS-2024-602.html
-
Oracle MySQL Vulnerability: CVE-2024-21047 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/16/2024 Created 05/13/2024 Added 05/10/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.36 and prior and8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21047 CVE - 2024-21047 https://www.oracle.com/security-alerts/cpuapr2024.html