Headline
RHSA-2022:1440: Red Hat Security Advisory: java-11-openjdk security, bug fix, and enhancement update
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)
- CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
- CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)
- CVE-2022-21476: OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)
- CVE-2022-21496: OpenJDK: URI parsing inconsistencies (JNDI, 8278972)
Synopsis
Important: java-11-openjdk security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
The following packages have been upgraded to a later upstream version: java-11-openjdk (11.0.15.0.9). (BZ#2047531)
Security Fix(es):
- OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476)
- OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426)
- OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434)
- OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443)
- OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of OpenJDK Java must be restarted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for Power, big endian 7 ppc64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Fixes
- BZ - 2047531 - Prepare for the next quarterly OpenJDK upstream release (2022-04, 11.0.15) [rhel-7]
- BZ - 2075788 - CVE-2022-21426 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)
- BZ - 2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)
- BZ - 2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
- BZ - 2075842 - CVE-2022-21476 OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)
- BZ - 2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972)
CVEs
- CVE-2022-21426
- CVE-2022-21434
- CVE-2022-21443
- CVE-2022-21476
- CVE-2022-21496
Red Hat Enterprise Linux Server 7
SRPM
java-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm
SHA-256: e4ad1da35ca0c72e4a3849ed00f805971dd29af9b8ea53a37d2b222f5f39efdb
x86_64
java-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: 350b0af0aadc9b1118e86d589e27f103f7dc4740c7cc0f6a80acd7544cc0764e
java-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 2199d01e97c9ac9a0ab34bac66211d7780980f5dd68034c3d9374345a4fe1514
java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: ab3743c07bce10ed0f943dca02bbd1a2513440b8e54a0f7c3e1ff21ae36af0a7
java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: ab3743c07bce10ed0f943dca02bbd1a2513440b8e54a0f7c3e1ff21ae36af0a7
java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 00da39243afbb054bd1e21a6c6d00dd8513116ae22993c55df3c6593a21979a2
java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 00da39243afbb054bd1e21a6c6d00dd8513116ae22993c55df3c6593a21979a2
java-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: 513e01ea3ef09c5949cfd19caf7682fc60374c439386f624a0cf746a18a66520
java-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 9d1f9ab568ee91674c34ca5fd1f201be6dbd9d69815ee939701213a08266ee26
java-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: bbbf289edfa670c8b427459d5a6104001483f187817ac991e71f60657d070bd3
java-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 179f131ac9ffec1e07f3295145c3e150e321d7f1dc0ad53dc9bc7a799605f65b
java-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: 1df86e4da0fc7f5d6ea0874741b12ac7896d35177d79975b895459cb12e894c3
java-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: a470e737844f4c24d00e0da837583cc5d4c4dff9510e097afbc2d31355e85c7d
java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: 41bda1955ea450ff4ee0765bfe10a03c61a3a5779693d464377bdbc6530c19b2
java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: e054bb495e7b3eaed046e27a82ad8b327da10541d649649b7e4479c5d001fa9a
java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: ad858e799d7ae1cce7ae34cfe4c23fbe09a7790e13389873d127bf0fef2d3311
java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 3396d6b89479d0fa8777792f16bc4c7ed65bafdbd65c7a1be1a4d4e6bde6687a
java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: ff609a2a82d5fe2a9d4329a677d19614513a3f1aa2ef176d670b8e0ed80f45f2
java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 791678cb08738f99180519849e586384851d43073dc74bc32f2a0a91432dae66
java-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: 12cdd4c2bc3405d3f586db0ee1361d76233ff01ae1ab120c351763c7e957122c
java-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 2c8556bb7a8877000901e00c2e8da7f5d15ae5a928878fbb555eab5ef1fcc2c5
java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: 5499cab273b30fa27d0e1465c6463b638cf507fb2052ec57e09ffd9d460e37bd
java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: e8de4785bb3a0fa272e8f9ea0a854e1653297c477e4266949645932f5d5f7094
Red Hat Enterprise Linux Workstation 7
SRPM
java-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm
SHA-256: e4ad1da35ca0c72e4a3849ed00f805971dd29af9b8ea53a37d2b222f5f39efdb
x86_64
java-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: 350b0af0aadc9b1118e86d589e27f103f7dc4740c7cc0f6a80acd7544cc0764e
java-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 2199d01e97c9ac9a0ab34bac66211d7780980f5dd68034c3d9374345a4fe1514
java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: ab3743c07bce10ed0f943dca02bbd1a2513440b8e54a0f7c3e1ff21ae36af0a7
java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: ab3743c07bce10ed0f943dca02bbd1a2513440b8e54a0f7c3e1ff21ae36af0a7
java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 00da39243afbb054bd1e21a6c6d00dd8513116ae22993c55df3c6593a21979a2
java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 00da39243afbb054bd1e21a6c6d00dd8513116ae22993c55df3c6593a21979a2
java-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: 513e01ea3ef09c5949cfd19caf7682fc60374c439386f624a0cf746a18a66520
java-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 9d1f9ab568ee91674c34ca5fd1f201be6dbd9d69815ee939701213a08266ee26
java-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: bbbf289edfa670c8b427459d5a6104001483f187817ac991e71f60657d070bd3
java-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 179f131ac9ffec1e07f3295145c3e150e321d7f1dc0ad53dc9bc7a799605f65b
java-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: 1df86e4da0fc7f5d6ea0874741b12ac7896d35177d79975b895459cb12e894c3
java-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: a470e737844f4c24d00e0da837583cc5d4c4dff9510e097afbc2d31355e85c7d
java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: 41bda1955ea450ff4ee0765bfe10a03c61a3a5779693d464377bdbc6530c19b2
java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: e054bb495e7b3eaed046e27a82ad8b327da10541d649649b7e4479c5d001fa9a
java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: ad858e799d7ae1cce7ae34cfe4c23fbe09a7790e13389873d127bf0fef2d3311
java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 3396d6b89479d0fa8777792f16bc4c7ed65bafdbd65c7a1be1a4d4e6bde6687a
java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: ff609a2a82d5fe2a9d4329a677d19614513a3f1aa2ef176d670b8e0ed80f45f2
java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 791678cb08738f99180519849e586384851d43073dc74bc32f2a0a91432dae66
java-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: 12cdd4c2bc3405d3f586db0ee1361d76233ff01ae1ab120c351763c7e957122c
java-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 2c8556bb7a8877000901e00c2e8da7f5d15ae5a928878fbb555eab5ef1fcc2c5
java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: 5499cab273b30fa27d0e1465c6463b638cf507fb2052ec57e09ffd9d460e37bd
java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: e8de4785bb3a0fa272e8f9ea0a854e1653297c477e4266949645932f5d5f7094
Red Hat Enterprise Linux Desktop 7
SRPM
java-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm
SHA-256: e4ad1da35ca0c72e4a3849ed00f805971dd29af9b8ea53a37d2b222f5f39efdb
x86_64
java-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: 350b0af0aadc9b1118e86d589e27f103f7dc4740c7cc0f6a80acd7544cc0764e
java-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 2199d01e97c9ac9a0ab34bac66211d7780980f5dd68034c3d9374345a4fe1514
java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: ab3743c07bce10ed0f943dca02bbd1a2513440b8e54a0f7c3e1ff21ae36af0a7
java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: ab3743c07bce10ed0f943dca02bbd1a2513440b8e54a0f7c3e1ff21ae36af0a7
java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 00da39243afbb054bd1e21a6c6d00dd8513116ae22993c55df3c6593a21979a2
java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 00da39243afbb054bd1e21a6c6d00dd8513116ae22993c55df3c6593a21979a2
java-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: 513e01ea3ef09c5949cfd19caf7682fc60374c439386f624a0cf746a18a66520
java-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 9d1f9ab568ee91674c34ca5fd1f201be6dbd9d69815ee939701213a08266ee26
java-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: bbbf289edfa670c8b427459d5a6104001483f187817ac991e71f60657d070bd3
java-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 179f131ac9ffec1e07f3295145c3e150e321d7f1dc0ad53dc9bc7a799605f65b
java-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: 1df86e4da0fc7f5d6ea0874741b12ac7896d35177d79975b895459cb12e894c3
java-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: a470e737844f4c24d00e0da837583cc5d4c4dff9510e097afbc2d31355e85c7d
java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: 41bda1955ea450ff4ee0765bfe10a03c61a3a5779693d464377bdbc6530c19b2
java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: e054bb495e7b3eaed046e27a82ad8b327da10541d649649b7e4479c5d001fa9a
java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: ad858e799d7ae1cce7ae34cfe4c23fbe09a7790e13389873d127bf0fef2d3311
java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 3396d6b89479d0fa8777792f16bc4c7ed65bafdbd65c7a1be1a4d4e6bde6687a
java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: ff609a2a82d5fe2a9d4329a677d19614513a3f1aa2ef176d670b8e0ed80f45f2
java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 791678cb08738f99180519849e586384851d43073dc74bc32f2a0a91432dae66
java-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: 12cdd4c2bc3405d3f586db0ee1361d76233ff01ae1ab120c351763c7e957122c
java-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 2c8556bb7a8877000901e00c2e8da7f5d15ae5a928878fbb555eab5ef1fcc2c5
java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: 5499cab273b30fa27d0e1465c6463b638cf507fb2052ec57e09ffd9d460e37bd
java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: e8de4785bb3a0fa272e8f9ea0a854e1653297c477e4266949645932f5d5f7094
Red Hat Enterprise Linux for IBM z Systems 7
SRPM
java-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm
SHA-256: e4ad1da35ca0c72e4a3849ed00f805971dd29af9b8ea53a37d2b222f5f39efdb
s390x
java-11-openjdk-11.0.15.0.9-2.el7_9.s390x.rpm
SHA-256: 8aa7b5c66547f831059c3e9d0507f36a4942e3c43d858e6efab5728416f48053
java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.s390x.rpm
SHA-256: a3588c6f63f00088561e4328a15ea9c79d33d8cafe0f11bc58c7a99cf33c1fc5
java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.s390x.rpm
SHA-256: a3588c6f63f00088561e4328a15ea9c79d33d8cafe0f11bc58c7a99cf33c1fc5
java-11-openjdk-demo-11.0.15.0.9-2.el7_9.s390x.rpm
SHA-256: 2c964ba2f9e504b9bc149e220ab477402f8e87c21e3130aa997973d54ba7cc42
java-11-openjdk-devel-11.0.15.0.9-2.el7_9.s390x.rpm
SHA-256: 96ef1033091dc4204f78e78b795fac91695c37a008e51643c251402e621e7f98
java-11-openjdk-headless-11.0.15.0.9-2.el7_9.s390x.rpm
SHA-256: 268ca557391322865e7d73b68ad7a5aadc7f5fc1fa8452b8474b6e398664375e
java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.s390x.rpm
SHA-256: 3770064f312f915419d20888ddb80b1bc010225c0b6d3ccb1a1c17b42b0ff616
java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.s390x.rpm
SHA-256: 3f1848449bdc6ceb99d9b79fe3d5e2bf698a2ad0087ec5d8756c33edc5a11e17
java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.s390x.rpm
SHA-256: 9c3c35eacba554626d697116879ba6f6b3a3a94b04b8a280350b0e9702d49f04
java-11-openjdk-src-11.0.15.0.9-2.el7_9.s390x.rpm
SHA-256: cead1343285d778c35dd997a8c52a625531e8aae09b7bad4a35235136b7da5d6
java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.s390x.rpm
SHA-256: 67af5a06a39cb3577b0d061d0fd2e8472c83940a3006fc6cdabaafcfc9913694
Red Hat Enterprise Linux for Power, big endian 7
SRPM
java-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm
SHA-256: e4ad1da35ca0c72e4a3849ed00f805971dd29af9b8ea53a37d2b222f5f39efdb
ppc64
java-11-openjdk-11.0.15.0.9-2.el7_9.ppc64.rpm
SHA-256: 1b135e7af44ff52d23b49c30b2528976b25eec18a28ad6ab602f0aeeedecd4ab
java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.ppc64.rpm
SHA-256: 64304693e0a22e12ff1730029e6e8f2ca5bda157d54a350954079be761a716ad
java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.ppc64.rpm
SHA-256: 64304693e0a22e12ff1730029e6e8f2ca5bda157d54a350954079be761a716ad
java-11-openjdk-demo-11.0.15.0.9-2.el7_9.ppc64.rpm
SHA-256: 52cba57ef3211d764054432431322112ad0773bc48df110bb26f924bcc4e4e76
java-11-openjdk-devel-11.0.15.0.9-2.el7_9.ppc64.rpm
SHA-256: dd20c1ac86e16c8bd75fa7810c8d6a098465b4a6d33072128c54d1fe248b5d9f
java-11-openjdk-headless-11.0.15.0.9-2.el7_9.ppc64.rpm
SHA-256: 1f672281adc7ea29b688361e3378a43578f337aa0b02f34452c5f303205e9149
java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.ppc64.rpm
SHA-256: 23ffa2566be7a0405af78c89583f3b19e354bc858d24ec83e7682e0472dfbf63
java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.ppc64.rpm
SHA-256: b00098d98f945939a38e16a9de0c8b631e908ef8d4ee72be765dc2527676985b
java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.ppc64.rpm
SHA-256: b997ddf51df5f13cf11502c4aab7bf202629e0367eb879be0ad52f5cc85a98cf
java-11-openjdk-src-11.0.15.0.9-2.el7_9.ppc64.rpm
SHA-256: c08f9a5765d5c72ba82cc67aaf0f5b4184c1ea20e6f2f9fa0a7855a08d95a1a6
java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.ppc64.rpm
SHA-256: 989f3c4e010f0d9f8cb5ab1e338fb908a2acde2a21856eda68dd13b95fb2b656
Red Hat Enterprise Linux for Scientific Computing 7
SRPM
java-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm
SHA-256: e4ad1da35ca0c72e4a3849ed00f805971dd29af9b8ea53a37d2b222f5f39efdb
x86_64
java-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: 350b0af0aadc9b1118e86d589e27f103f7dc4740c7cc0f6a80acd7544cc0764e
java-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 2199d01e97c9ac9a0ab34bac66211d7780980f5dd68034c3d9374345a4fe1514
java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: ab3743c07bce10ed0f943dca02bbd1a2513440b8e54a0f7c3e1ff21ae36af0a7
java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: ab3743c07bce10ed0f943dca02bbd1a2513440b8e54a0f7c3e1ff21ae36af0a7
java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 00da39243afbb054bd1e21a6c6d00dd8513116ae22993c55df3c6593a21979a2
java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 00da39243afbb054bd1e21a6c6d00dd8513116ae22993c55df3c6593a21979a2
java-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: 513e01ea3ef09c5949cfd19caf7682fc60374c439386f624a0cf746a18a66520
java-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 9d1f9ab568ee91674c34ca5fd1f201be6dbd9d69815ee939701213a08266ee26
java-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: bbbf289edfa670c8b427459d5a6104001483f187817ac991e71f60657d070bd3
java-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 179f131ac9ffec1e07f3295145c3e150e321d7f1dc0ad53dc9bc7a799605f65b
java-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: 1df86e4da0fc7f5d6ea0874741b12ac7896d35177d79975b895459cb12e894c3
java-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: a470e737844f4c24d00e0da837583cc5d4c4dff9510e097afbc2d31355e85c7d
java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: 41bda1955ea450ff4ee0765bfe10a03c61a3a5779693d464377bdbc6530c19b2
java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: e054bb495e7b3eaed046e27a82ad8b327da10541d649649b7e4479c5d001fa9a
java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: ad858e799d7ae1cce7ae34cfe4c23fbe09a7790e13389873d127bf0fef2d3311
java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 3396d6b89479d0fa8777792f16bc4c7ed65bafdbd65c7a1be1a4d4e6bde6687a
java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: ff609a2a82d5fe2a9d4329a677d19614513a3f1aa2ef176d670b8e0ed80f45f2
java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 791678cb08738f99180519849e586384851d43073dc74bc32f2a0a91432dae66
java-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: 12cdd4c2bc3405d3f586db0ee1361d76233ff01ae1ab120c351763c7e957122c
java-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: 2c8556bb7a8877000901e00c2e8da7f5d15ae5a928878fbb555eab5ef1fcc2c5
java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm
SHA-256: 5499cab273b30fa27d0e1465c6463b638cf507fb2052ec57e09ffd9d460e37bd
java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm
SHA-256: e8de4785bb3a0fa272e8f9ea0a854e1653297c477e4266949645932f5d5f7094
Red Hat Enterprise Linux for Power, little endian 7
SRPM
java-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm
SHA-256: e4ad1da35ca0c72e4a3849ed00f805971dd29af9b8ea53a37d2b222f5f39efdb
ppc64le
java-11-openjdk-11.0.15.0.9-2.el7_9.ppc64le.rpm
SHA-256: 75864df1503a703fbff65161db67e53b7db126563d13ed7606068e6069a44ba6
java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.ppc64le.rpm
SHA-256: d6fbdfb055c159e30427c077b5e31d382dae033a6abedba24ed045f89803f699
java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.ppc64le.rpm
SHA-256: d6fbdfb055c159e30427c077b5e31d382dae033a6abedba24ed045f89803f699
java-11-openjdk-demo-11.0.15.0.9-2.el7_9.ppc64le.rpm
SHA-256: 59bda47bb65e887a11d0e5090fe8411514f325dbfc64723ee589fa225610877e
java-11-openjdk-devel-11.0.15.0.9-2.el7_9.ppc64le.rpm
SHA-256: a1e14a784a40fcdb24ec2b32ab985710e90102e9b2919bc0370b40481543db5b
java-11-openjdk-headless-11.0.15.0.9-2.el7_9.ppc64le.rpm
SHA-256: e70171b834d3f93de44e4c3b8ae649e729765e8cbd3d64de6157a64717fd79af
java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.ppc64le.rpm
SHA-256: 20f070573079c13c7067acbfaea254613e53ef4451bd87107668415218c5b36f
java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.ppc64le.rpm
SHA-256: 6beb369e49ddd903666617111cdd0965d595a534b796fceabbf9ed68f0112290
java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.ppc64le.rpm
SHA-256: 24ef0976e862499a5c3605979abfc24ab3eb9ad1dce0e3efa432b2622e178209
java-11-openjdk-src-11.0.15.0.9-2.el7_9.ppc64le.rpm
SHA-256: 43c3fc067006be435821a3a39a450b2211fff0baa821077a40a8e241c06f2477
java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.ppc64le.rpm
SHA-256: b3ee3b06761a532900eddc8dcb1a68a3323b92e7d39e48cc036f5f6b1b901da9
Related news
Logging Subsystem 5.4 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0759: kubeclient: kubeconfig parsing error can lead to MITM attacks * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter
acs commons is an open source framework for AEM projects. ACS Commons version 5.1.x (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in /apps/acs-commons/content/page-compare.html` endpoint via the `a` and `b` GET parameters. User input submitted via these parameters is not validated or sanitized. An attacker must provide a link to someone with access to AEM Author, and could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. The exploitation of this issue requires user interaction in order to be successful. This issue has been resolved in 5.2.0. There are no known workarounds for this issue.
Updated Satellite 6.9 packages that fix several bugs are now available for Red Hat Satellite.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-27023: puppet: unsafe HTTP redirect
HumHub is an Open Source Enterprise Social Network. In affected versions users who are forced to change their password by an administrator may retrieve other users' data. This issue has been resolved by commit `eb83de20`. It is recommended that the HumHub is upgraded to 1.11.0, 1.10.4 or 1.9.4. There are no known workarounds for this issue.
Updated packages that provide Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 11, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3516: libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c * CVE-2021-3517: libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c * CVE-2021-3518: libxml...
Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 11 zip release for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3516: libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c * CVE-2021-3517: libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c * CVE-2021-3518: libxml2: Use-after-free in xmlXIncludeDoProcess() in xinc...
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has remote code execution vulnerability. JDBC drivers are not validated prior to use and may be provided by users of the system. This can lead to code execution by any basic user who has access to the system. Users are advised to upgrade. There are no known workarounds to this issue.
Origin Protocol is a blockchain based project. The Origin Protocol project website allows for malicious users to inject malicious Javascript via a POST request to `/presale/join`. User-controlled data is passed with no sanitization to SendGrid and injected into an email that is delivered to the [email protected]. If the email recipient is using an email program that is susceptible to XSS, then that email recipient will receive an email that may contain malicious XSS. Regardless if the email recipient’s mail program has vulnerabilities or not, the hacker can at the very least inject malicious HTML that modifies the body content of the email. There are currently no known workarounds.
Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. There are no known workarounds for this issue.
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Server-Side Request Forgery vulnerability. During the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, but this address will return a response page with complete error information when accessing a non-existent URL. Attackers can take advantage of this feature for SSRF.
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.
wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious message, arbitrary code is injected and executed in the context of the victim. This allows the attacker to fully control the user account. Wire-desktop clients that are connected to a vulnerable wire-webapp version are also vulnerable to this attack. The issue has been fixed in wire-webapp 2022-03-30-production.0 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-03-30-production.0-v0.29.2-0-d144552 or wire-server 2022-03-30 (chart/4.8.0), so that their applications are no longer affected. There are no known workarounds for this issue. ### Patches * The issue has been fixed in wire-webapp **2022-03-30-production.0** an...
An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4083: kernel: fget: check that the fd still exists after getting a ref to it * CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation * CVE-2022-25636: kernel: heap out of bounds write in nf_dup_netdev.c
New Red Hat Single Sign-On 7.5.2 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-45105: log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern
New Red Hat Single Sign-On 7.5.2 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-45105: log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern
Oracle's April Critical Patch UPdate contains 520 new security patches. We spell out some of the most important vulnerabilities. The post Oracle releases massive Critical Patch Update containing 520 security patches appeared first on Malwarebytes Labs.
A security update is now available for Red Hat Single Sign-On 7.5 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-45105: log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern
Red Hat OpenShift Container Platform release 4.9.29 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24769: moby: Default inheritable capabilities for linux container should be empty
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-21476: OpenJDK: Defective ...
An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-21449: OpenJDK: Improper E...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-...
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) * CVE-2022-...
Red Hat OpenShift Container Platform release 4.7.49 is now available with updates to packages and images that fix several bugs and add enhancements. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.49. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0711: haproxy: Denial of service via set-cookie2 header
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) * CVE-2022-21434: OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) * CVE-2022-21443: OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) *...
Red Hat OpenShift Container Platform release 4.8.37 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.37. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24769: moby: Default inheritable capabilities for linux container should be empty
Red Hat OpenShift Container Platform release 4.10.10 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24769: moby: Default inheritable capabilities for linux container should be empty
Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership' versions prior to 1.9.6 allows a remote unauthenticated attacker to hijack the authentication of an administrator and perform unintended operation via unspecified vectors.
On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. Similarly, if the malicious repository contains files named `..exe` and `cygpath.exe`, and `cygpath.exe` is not found in `PATH`, the `..exe` program will be executed when certain Git LFS commands are run. More generally, if the current working directory contains any file with a base name of `.` and a file extension from `PATHEXT` (except `.bat` and `.cmd`), and also contains another file with the same base name as a program Git LFS intends to execute (such as `git`, `cygpath`, or `uname`) and any file extension from `PATHEXT` (including `.bat` and `.cmd`), then, on Windows, when Git LFS attempts to execute the intended program the `..exe`, `..com`, etc., file will be executed instead, but only if the intended progra...
next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already have a `redirect` callback, make sure that you match the incoming `url` origin against the `baseUrl`.
Hotdog, prior to v1.0.1, did not mimic the capabilities or the SELinux label of the target JVM process. This would allow a container to gain full privileges on the host, bypassing restrictions set on the container.
The WordPress plugin Be POPIA Compliant exposed sensitive information to unauthenticated users consisting of site visitors emails and usernames via an API route, in versions up to an including 1.1.5.
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...
The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php`
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.
The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross-Site Scripting via POST data found in the ~/inc/admin.php file which allows unauthenticated attackers to inject arbitrary web scripts in versions up to, and including, 1.7.21.
Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional (e.g., external) URLs by way of a deny list. There was an issue in Smokescreen that made it possible to bypass the deny list feature by appending a dot to the end of user-supplied URLs, or by providing input in a different letter case. Recommended to upgrade Smokescreen to version 0.0.3 or later.
Exploring what's next for public-cloud security, including top risks and how to implement better risk management.
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.