cvelistv5 - CVE-2020-28928

CVE-2020-28928 (GCVE-0-2020-28928)

Vulnerability from cvelistv5

Published

2020-11-24 18:01

Modified

2024-08-04 16:48

Severity ?

CWE

Summary

In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).

References

URL

Tags

cve@mitre.org	http://www.openwall.com/lists/oss-security/2020/11/20/4	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.apache.org/thread.html/r2134abfe847bea7795f0e53756d10a47e6643f35ab8169df8b8a9eb1%40%3Cnotifications.apisix.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/r90b60cf49348e515257b4950900c1bd3ab95a960cf2469d919c7264e%40%3Cnotifications.apisix.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/ra63e8dc5137d952afc55dbbfa63be83304ecf842d1eab1ff3ebb29e2%40%3Cnotifications.apisix.apache.org%3E
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2020/11/msg00050.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKQ3RVSMVZNZNO4D65W2CZZ4DMYFZN2Q/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW27QVY7ERPTSGKS4KAWE5TU7EJWHKVQ/
cve@mitre.org	https://musl.libc.org/releases.html	Release Notes, Vendor Advisory
cve@mitre.org	https://www.oracle.com//security-alerts/cpujul2021.html	Patch, Third Party Advisory
cve@mitre.org	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2020/11/20/4	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r2134abfe847bea7795f0e53756d10a47e6643f35ab8169df8b8a9eb1%40%3Cnotifications.apisix.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r90b60cf49348e515257b4950900c1bd3ab95a960cf2469d919c7264e%40%3Cnotifications.apisix.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/ra63e8dc5137d952afc55dbbfa63be83304ecf842d1eab1ff3ebb29e2%40%3Cnotifications.apisix.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/11/msg00050.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKQ3RVSMVZNZNO4D65W2CZZ4DMYFZN2Q/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW27QVY7ERPTSGKS4KAWE5TU7EJWHKVQ/
af854a3a-2127-422b-91ae-364da2661108	https://musl.libc.org/releases.html	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com//security-alerts/cpujul2021.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:48:00.476Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://musl.libc.org/releases.html"
          },
          {
            "name": "[debian-lts-announce] 20201130 [SECURITY] [DLA 2474-1] musl security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00050.html"
          },
          {
            "name": "[apisix-notifications] 20210428 [GitHub] [apisix-docker] tao12345666333 opened a new pull request #166: fix: upgrade alpine version due to CVE-2020-28928",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra63e8dc5137d952afc55dbbfa63be83304ecf842d1eab1ff3ebb29e2%40%3Cnotifications.apisix.apache.org%3E"
          },
          {
            "name": "[apisix-notifications] 20210428 [apisix-docker] branch master updated: fix: upgrade alpine version due to CVE-2020-28928 (#166)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r90b60cf49348e515257b4950900c1bd3ab95a960cf2469d919c7264e%40%3Cnotifications.apisix.apache.org%3E"
          },
          {
            "name": "[apisix-notifications] 20210428 [GitHub] [apisix-docker] starsz merged pull request #166: fix: upgrade alpine version due to CVE-2020-28928",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2134abfe847bea7795f0e53756d10a47e6643f35ab8169df8b8a9eb1%40%3Cnotifications.apisix.apache.org%3E"
          },
          {
            "name": "FEDORA-2021-4892dbbf76",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW27QVY7ERPTSGKS4KAWE5TU7EJWHKVQ/"
          },
          {
            "name": "FEDORA-2021-0cf36f9134",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKQ3RVSMVZNZNO4D65W2CZZ4DMYFZN2Q/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/11/20/4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:39:43",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://musl.libc.org/releases.html"
        },
        {
          "name": "[debian-lts-announce] 20201130 [SECURITY] [DLA 2474-1] musl security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00050.html"
        },
        {
          "name": "[apisix-notifications] 20210428 [GitHub] [apisix-docker] tao12345666333 opened a new pull request #166: fix: upgrade alpine version due to CVE-2020-28928",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra63e8dc5137d952afc55dbbfa63be83304ecf842d1eab1ff3ebb29e2%40%3Cnotifications.apisix.apache.org%3E"
        },
        {
          "name": "[apisix-notifications] 20210428 [apisix-docker] branch master updated: fix: upgrade alpine version due to CVE-2020-28928 (#166)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r90b60cf49348e515257b4950900c1bd3ab95a960cf2469d919c7264e%40%3Cnotifications.apisix.apache.org%3E"
        },
        {
          "name": "[apisix-notifications] 20210428 [GitHub] [apisix-docker] starsz merged pull request #166: fix: upgrade alpine version due to CVE-2020-28928",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2134abfe847bea7795f0e53756d10a47e6643f35ab8169df8b8a9eb1%40%3Cnotifications.apisix.apache.org%3E"
        },
        {
          "name": "FEDORA-2021-4892dbbf76",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW27QVY7ERPTSGKS4KAWE5TU7EJWHKVQ/"
        },
        {
          "name": "FEDORA-2021-0cf36f9134",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKQ3RVSMVZNZNO4D65W2CZZ4DMYFZN2Q/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/11/20/4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-28928",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://musl.libc.org/releases.html",
              "refsource": "MISC",
              "url": "https://musl.libc.org/releases.html"
            },
            {
              "name": "[debian-lts-announce] 20201130 [SECURITY] [DLA 2474-1] musl security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00050.html"
            },
            {
              "name": "[apisix-notifications] 20210428 [GitHub] [apisix-docker] tao12345666333 opened a new pull request #166: fix: upgrade alpine version due to CVE-2020-28928",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra63e8dc5137d952afc55dbbfa63be83304ecf842d1eab1ff3ebb29e2@%3Cnotifications.apisix.apache.org%3E"
            },
            {
              "name": "[apisix-notifications] 20210428 [apisix-docker] branch master updated: fix: upgrade alpine version due to CVE-2020-28928 (#166)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r90b60cf49348e515257b4950900c1bd3ab95a960cf2469d919c7264e@%3Cnotifications.apisix.apache.org%3E"
            },
            {
              "name": "[apisix-notifications] 20210428 [GitHub] [apisix-docker] starsz merged pull request #166: fix: upgrade alpine version due to CVE-2020-28928",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2134abfe847bea7795f0e53756d10a47e6643f35ab8169df8b8a9eb1@%3Cnotifications.apisix.apache.org%3E"
            },
            {
              "name": "FEDORA-2021-4892dbbf76",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW27QVY7ERPTSGKS4KAWE5TU7EJWHKVQ/"
            },
            {
              "name": "FEDORA-2021-0cf36f9134",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKQ3RVSMVZNZNO4D65W2CZZ4DMYFZN2Q/"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2020/11/20/4",
              "refsource": "CONFIRM",
              "url": "http://www.openwall.com/lists/oss-security/2020/11/20/4"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-28928",
    "datePublished": "2020-11-24T18:01:05",
    "dateReserved": "2020-11-18T00:00:00",
    "dateUpdated": "2024-08-04T16:48:00.476Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-28928\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-11-24T18:15:12.207\",\"lastModified\":\"2024-11-21T05:23:18.907\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).\"},{\"lang\":\"es\",\"value\":\"En musl libc versiones hasta 1.2.1, wcsnrtombs maneja inapropiadamente combinaciones particulares de tama\u00f1o de b\u00fafer de destino y l\u00edmite de caracteres de origen, como es demostrado por un acceso de escritura no v\u00e1lido (desbordamiento de b\u00fafer)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:musl-libc:musl:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.2.1\",\"matchCriteriaId\":\"24878E16-7EC0-4225-B0A5-8CE6FE8827C6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:20.3.2:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"C21EB1C3-3251-4B99-9D5F-E4E089E2EC62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:21.1.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"CA0CBB5F-6CA5-4DFC-97A3-05643F8885DB\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2020/11/20/4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r2134abfe847bea7795f0e53756d10a47e6643f35ab8169df8b8a9eb1%40%3Cnotifications.apisix.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r90b60cf49348e515257b4950900c1bd3ab95a960cf2469d919c7264e%40%3Cnotifications.apisix.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/ra63e8dc5137d952afc55dbbfa63be83304ecf842d1eab1ff3ebb29e2%40%3Cnotifications.apisix.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/11/msg00050.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKQ3RVSMVZNZNO4D65W2CZZ4DMYFZN2Q/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW27QVY7ERPTSGKS4KAWE5TU7EJWHKVQ/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://musl.libc.org/releases.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2020/11/20/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r2134abfe847bea7795f0e53756d10a47e6643f35ab8169df8b8a9eb1%40%3Cnotifications.apisix.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r90b60cf49348e515257b4950900c1bd3ab95a960cf2469d919c7264e%40%3Cnotifications.apisix.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ra63e8dc5137d952afc55dbbfa63be83304ecf842d1eab1ff3ebb29e2%40%3Cnotifications.apisix.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/11/msg00050.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKQ3RVSMVZNZNO4D65W2CZZ4DMYFZN2Q/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW27QVY7ERPTSGKS4KAWE5TU7EJWHKVQ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://musl.libc.org/releases.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

WID-SEC-W-2022-0464

Vulnerability from csaf_certbund

Published

2021-07-20 22:00

Modified

2024-09-29 22:00

Summary

Oracle Java SE: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).

Angriff

Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme

- Hardware Appliance - Linux - Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Hardware Appliance\n- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0464 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-0464.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0464 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0464"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - July 2021 - Appendix Oracle Java SE vom 2021-07-20",
        "url": "https://www.oracle.com/security-alerts/cpujul2021.html#AppendixJAVA"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2776 vom 2021-07-21",
        "url": "https://access.redhat.com/errata/RHSA-2021:2776"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2781 vom 2021-07-21",
        "url": "https://access.redhat.com/errata/RHSA-2021:2781"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2782 vom 2021-07-21",
        "url": "https://access.redhat.com/errata/RHSA-2021:2782"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2783 vom 2021-07-21",
        "url": "https://access.redhat.com/errata/RHSA-2021:2783"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2784 vom 2021-07-21",
        "url": "https://access.redhat.com/errata/RHSA-2021:2784"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-202107-53 vom 2021-07-22",
        "url": "https://security.archlinux.org/ASA-202107-53"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2845 vom 2021-07-21",
        "url": "https://access.redhat.com/errata/RHSA-2021:2845"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2775 vom 2021-07-21",
        "url": "https://access.redhat.com/errata/RHSA-2021:2775"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-2845 vom 2021-07-22",
        "url": "https://linux.oracle.com/errata/ELSA-2021-2845.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-2784 vom 2021-07-22",
        "url": "https://linux.oracle.com/errata/ELSA-2021-2784.html"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-202107-54 vom 2021-07-22",
        "url": "https://security.archlinux.org/ASA-202107-54"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2774 vom 2021-07-21",
        "url": "https://access.redhat.com/errata/RHSA-2021:2774"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2021-1692 vom 2021-07-21",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2021-1692.html"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2021:2784 vom 2021-07-22",
        "url": "https://lists.centos.org/pipermail/centos-announce/2021-July/048345.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-2781 vom 2021-07-22",
        "url": "http://linux.oracle.com/errata/ELSA-2021-2781.html"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-202107-66 vom 2021-07-22",
        "url": "https://security.archlinux.org/ASA-202107-66"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2777 vom 2021-07-22",
        "url": "https://access.redhat.com/errata/RHSA-2021:2777"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2778 vom 2021-07-22",
        "url": "https://access.redhat.com/errata/RHSA-2021:2778"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2779 vom 2021-07-22",
        "url": "https://access.redhat.com/errata/RHSA-2021:2779"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-202107-65 vom 2021-07-22",
        "url": "https://security.archlinux.org/ASA-202107-65"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2780 vom 2021-07-22",
        "url": "https://access.redhat.com/errata/RHSA-2021:2780"
      },
      {
        "category": "external",
        "summary": "OpenJDK Vulnerability Advisory",
        "url": "https://openjdk.java.net/groups/vulnerability/advisories/2021-07-20"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-2776 vom 2021-07-22",
        "url": "http://linux.oracle.com/errata/ELSA-2021-2776.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4946 vom 2021-07-30",
        "url": "https://www.debian.org/security/2021/dsa-4946"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2021-1695 vom 2021-08-06",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2021-1695.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2613-1 vom 2021-08-05",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009254.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2737 vom 2021-08-09",
        "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00011.html"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2021:2845 vom 2021-08-11",
        "url": "https://lists.centos.org/pipermail/centos-announce/2021-August/048348.html"
      },
      {
        "category": "external",
        "summary": "AVAYA Security Advisory ASA-2021-102 vom 2021-08-10",
        "url": "https://downloads.avaya.com/css/P8/documents/101076999"
      },
      {
        "category": "external",
        "summary": "AVAYA Security Advisory ASA-2021-095 vom 2021-08-11",
        "url": "https://downloads.avaya.com/css/P8/documents/101077014"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2798-1 vom 2021-08-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009324.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2797-1 vom 2021-08-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009315.html"
      },
      {
        "category": "external",
        "summary": "AVAYA Security Advisory ASA-2021-101 vom 2021-08-25",
        "url": "https://downloads.avaya.com/css/P8/documents/101077242"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3292 vom 2021-08-30",
        "url": "https://access.redhat.com/errata/RHSA-2021:3292"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3293 vom 2021-08-30",
        "url": "https://access.redhat.com/errata/RHSA-2021:3293"
      },
      {
        "category": "external",
        "summary": "Hitachi Vulnerability Information HITACHI-SEC-2021-129 vom 2021-09-03",
        "url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-129/index.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2952-1 vom 2021-09-03",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009404.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2021-1528 vom 2021-09-08",
        "url": "https://alas.aws.amazon.com/ALAS-2021-1528.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:3007-1 vom 2021-09-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009422.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:4089 vom 2021-11-02",
        "url": "https://access.redhat.com/errata/RHSA-2021:4089"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5202-1 vom 2021-12-17",
        "url": "https://ubuntu.com/security/notices/USN-5202-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:14875-1 vom 2022-01-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-January/010014.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:0108-1 vom 2022-01-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-January/010012.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:0107-1 vom 2022-01-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-January/010011.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:14876-1 vom 2022-01-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-January/010022.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:0166-1 vom 2022-01-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-January/010052.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6552314 vom 2022-02-04",
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-october-2021-affects-ibm-infosphere-information-server-cve-2021-35578-cve-2021-35564/"
      },
      {
        "category": "external",
        "summary": "Brocade Security Advisory BSA-2022-1836 vom 2022-06-24",
        "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1836"
      },
      {
        "category": "external",
        "summary": "Brocade Security Advisory BSA-2022-1835 vom 2022-06-24",
        "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1835"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202209-05 vom 2022-09-07",
        "url": "https://security.gentoo.org/glsa/202209-05"
      },
      {
        "category": "external",
        "summary": "Trellix Knowledge Center",
        "url": "https://kcm.trellix.com/corporate/index?page=content\u0026id=SB10366"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202409-26 vom 2024-09-28",
        "url": "https://security.gentoo.org/glsa/202409-26"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Java SE: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-09-29T22:00:00.000+00:00",
      "generator": {
        "date": "2024-09-30T08:18:09.208+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2022-0464",
      "initial_release_date": "2021-07-20T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2021-07-20T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2021-07-21T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Arch Linux, Red Hat, Oracle Linux und Amazon aufgenommen"
        },
        {
          "date": "2021-07-22T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von CentOS, Oracle Linux, Arch Linux und Red Hat aufgenommen"
        },
        {
          "date": "2021-07-25T22:00:00.000+00:00",
          "number": "4",
          "summary": "Referenz(en) aufgenommen: FEDORA-2021-ADE03666C0, FEDORA-2021-D20D6712BC, FEDORA-2021-E6B0792D75, FEDORA-2021-4581CCB97D"
        },
        {
          "date": "2021-08-01T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-08-05T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Amazon und SUSE aufgenommen"
        },
        {
          "date": "2021-08-09T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-08-11T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von CentOS und AVAYA aufgenommen"
        },
        {
          "date": "2021-08-12T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von AVAYA aufgenommen"
        },
        {
          "date": "2021-08-22T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-08-26T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von AVAYA aufgenommen"
        },
        {
          "date": "2021-08-29T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-09-02T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von HITACHI aufgenommen"
        },
        {
          "date": "2021-09-05T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-09-08T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2021-09-09T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-11-01T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-12-16T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2022-01-18T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-01-24T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-02-03T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2022-06-26T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von BROCADE aufgenommen"
        },
        {
          "date": "2022-09-06T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Gentoo aufgenommen"
        },
        {
          "date": "2022-10-30T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2024-09-29T22:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von Gentoo aufgenommen"
        }
      ],
      "status": "final",
      "version": "25"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Avaya Aura Application Enablement Services",
            "product": {
              "name": "Avaya Aura Application Enablement Services",
              "product_id": "T015516",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_application_enablement_services:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Device Services",
            "product": {
              "name": "Avaya Aura Device Services",
              "product_id": "T015517",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_device_services:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Experience Portal",
            "product": {
              "name": "Avaya Aura Experience Portal",
              "product_id": "T015519",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_experience_portal:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Session Manager",
            "product": {
              "name": "Avaya Aura Session Manager",
              "product_id": "T015127",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:session_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura System Manager",
            "product": {
              "name": "Avaya Aura System Manager",
              "product_id": "T015518",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_system_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Breeze Platform",
            "product": {
              "name": "Avaya Breeze Platform",
              "product_id": "T015823",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:breeze_platform:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya CMS",
            "product": {
              "name": "Avaya CMS",
              "product_id": "997",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:call_management_system_server:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Session Border Controller",
            "product": {
              "name": "Avaya Session Border Controller",
              "product_id": "T015520",
              "product_identification_helper": {
                "cpe": "cpe:/h:avaya:session_border_controller:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Avaya"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cv2.2.0.2",
                "product": {
                  "name": "Broadcom Brocade SANnav \u003cv2.2.0.2",
                  "product_id": "T023628"
                }
              },
              {
                "category": "product_version",
                "name": "v2.2.0.2",
                "product": {
                  "name": "Broadcom Brocade SANnav v2.2.0.2",
                  "product_id": "T023628-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:broadcom:brocade_sannav:v2.2.0.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Brocade SANnav"
          }
        ],
        "category": "vendor",
        "name": "Broadcom"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Hitachi Command Suite",
            "product": {
              "name": "Hitachi Command Suite",
              "product_id": "T010951",
              "product_identification_helper": {
                "cpe": "cpe:/a:hitachi:command_suite:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Hitachi Configuration Manager",
            "product": {
              "name": "Hitachi Configuration Manager",
              "product_id": "T020304",
              "product_identification_helper": {
                "cpe": "cpe:/a:hitachi:configuration_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Hitachi Ops Center",
            "product": {
              "name": "Hitachi Ops Center",
              "product_id": "T017562",
              "product_identification_helper": {
                "cpe": "cpe:/a:hitachi:ops_center:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Hitachi"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM InfoSphere Information Server",
            "product": {
              "name": "IBM InfoSphere Information Server",
              "product_id": "T019995",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:infosphere_information_server:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Arch Linux",
            "product": {
              "name": "Open Source Arch Linux",
              "product_id": "T013312",
              "product_identification_helper": {
                "cpe": "cpe:/o:archlinux:archlinux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Open Source CentOS",
            "product": {
              "name": "Open Source CentOS",
              "product_id": "1727",
              "product_identification_helper": {
                "cpe": "cpe:/o:centos:centos:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "21.1.0",
                "product": {
                  "name": "Oracle Java SE 21.1.0",
                  "product_id": "T019902",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:21.1.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "11.0.11",
                "product": {
                  "name": "Oracle Java SE 11.0.11",
                  "product_id": "T019903",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:11.0.11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Oracle Graal VM Enterprise Edition 20.3.2",
                "product": {
                  "name": "Oracle Java SE Oracle Graal VM Enterprise Edition 20.3.2",
                  "product_id": "T019933",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:oracle_graal_vm_enterprise_edition_20.3.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7u301",
                "product": {
                  "name": "Oracle Java SE 7u301",
                  "product_id": "T019934",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:7u301"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8u291",
                "product": {
                  "name": "Oracle Java SE 8u291",
                  "product_id": "T019935",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:8u291"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "16.0.1",
                "product": {
                  "name": "Oracle Java SE 16.0.1",
                  "product_id": "T019936",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:16.0.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Java SE"
          },
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.10 CU 11",
                "product": {
                  "name": "Trellix ePolicy Orchestrator \u003c5.10 CU 11",
                  "product_id": "T024888"
                }
              },
              {
                "category": "product_version",
                "name": "5.10 CU 11",
                "product": {
                  "name": "Trellix ePolicy Orchestrator 5.10 CU 11",
                  "product_id": "T024888-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:trellix:epolicy_orchestrator:5.10_update_14"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ePolicy Orchestrator"
          }
        ],
        "category": "vendor",
        "name": "Trellix"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-28928",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HOCH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015823",
          "T010951",
          "T015127",
          "T004914",
          "T015520",
          "T019995",
          "T019933",
          "T019935",
          "T020304",
          "997",
          "T019934",
          "T024888",
          "T019936",
          "398363",
          "T015519",
          "T015518",
          "T015517",
          "T015516",
          "T013312",
          "T012167",
          "T017562",
          "T023628",
          "2951",
          "T002207",
          "T000126",
          "T019902",
          "T019903",
          "1727"
        ]
      },
      "release_date": "2021-07-20T22:00:00.000+00:00",
      "title": "CVE-2020-28928"
    },
    {
      "cve": "CVE-2021-2341",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HOCH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015823",
          "T010951",
          "T015127",
          "T004914",
          "T015520",
          "T019995",
          "T019933",
          "T019935",
          "T020304",
          "997",
          "T019934",
          "T024888",
          "T019936",
          "398363",
          "T015519",
          "T015518",
          "T015517",
          "T015516",
          "T013312",
          "T012167",
          "T017562",
          "T023628",
          "2951",
          "T002207",
          "T000126",
          "T019902",
          "T019903",
          "1727"
        ]
      },
      "release_date": "2021-07-20T22:00:00.000+00:00",
      "title": "CVE-2021-2341"
    },
    {
      "cve": "CVE-2021-2369",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HOCH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015823",
          "T010951",
          "T015127",
          "T004914",
          "T015520",
          "T019995",
          "T019933",
          "T019935",
          "T020304",
          "997",
          "T019934",
          "T024888",
          "T019936",
          "398363",
          "T015519",
          "T015518",
          "T015517",
          "T015516",
          "T013312",
          "T012167",
          "T017562",
          "T023628",
          "2951",
          "T002207",
          "T000126",
          "T019902",
          "T019903",
          "1727"
        ]
      },
      "release_date": "2021-07-20T22:00:00.000+00:00",
      "title": "CVE-2021-2369"
    },
    {
      "cve": "CVE-2021-2388",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HOCH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015823",
          "T010951",
          "T015127",
          "T004914",
          "T015520",
          "T019995",
          "T019933",
          "T019935",
          "T020304",
          "997",
          "T019934",
          "T024888",
          "T019936",
          "398363",
          "T015519",
          "T015518",
          "T015517",
          "T015516",
          "T013312",
          "T012167",
          "T017562",
          "T023628",
          "2951",
          "T002207",
          "T000126",
          "T019902",
          "T019903",
          "1727"
        ]
      },
      "release_date": "2021-07-20T22:00:00.000+00:00",
      "title": "CVE-2021-2388"
    },
    {
      "cve": "CVE-2021-2432",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HOCH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015823",
          "T010951",
          "T015127",
          "T004914",
          "T015520",
          "T019995",
          "T019933",
          "T019935",
          "T020304",
          "997",
          "T019934",
          "T024888",
          "T019936",
          "398363",
          "T015519",
          "T015518",
          "T015517",
          "T015516",
          "T013312",
          "T012167",
          "T017562",
          "T023628",
          "2951",
          "T002207",
          "T000126",
          "T019902",
          "T019903",
          "1727"
        ]
      },
      "release_date": "2021-07-20T22:00:00.000+00:00",
      "title": "CVE-2021-2432"
    },
    {
      "cve": "CVE-2021-29921",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HOCH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015823",
          "T010951",
          "T015127",
          "T004914",
          "T015520",
          "T019995",
          "T019933",
          "T019935",
          "T020304",
          "997",
          "T019934",
          "T024888",
          "T019936",
          "398363",
          "T015519",
          "T015518",
          "T015517",
          "T015516",
          "T013312",
          "T012167",
          "T017562",
          "T023628",
          "2951",
          "T002207",
          "T000126",
          "T019902",
          "T019903",
          "1727"
        ]
      },
      "release_date": "2021-07-20T22:00:00.000+00:00",
      "title": "CVE-2021-29921"
    }
  ]
}

wid-sec-w-2022-0464

Vulnerability from csaf_certbund

Published

2021-07-20 22:00

Modified

2024-09-29 22:00

Summary

Oracle Java SE: Mehrere Schwachstellen

Notes

Produktbeschreibung

Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).

Angriff

Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme

- Hardware Appliance - Linux - Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Hardware Appliance\n- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0464 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-0464.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0464 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0464"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - July 2021 - Appendix Oracle Java SE vom 2021-07-20",
        "url": "https://www.oracle.com/security-alerts/cpujul2021.html#AppendixJAVA"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2776 vom 2021-07-21",
        "url": "https://access.redhat.com/errata/RHSA-2021:2776"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2781 vom 2021-07-21",
        "url": "https://access.redhat.com/errata/RHSA-2021:2781"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2782 vom 2021-07-21",
        "url": "https://access.redhat.com/errata/RHSA-2021:2782"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2783 vom 2021-07-21",
        "url": "https://access.redhat.com/errata/RHSA-2021:2783"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2784 vom 2021-07-21",
        "url": "https://access.redhat.com/errata/RHSA-2021:2784"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-202107-53 vom 2021-07-22",
        "url": "https://security.archlinux.org/ASA-202107-53"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2845 vom 2021-07-21",
        "url": "https://access.redhat.com/errata/RHSA-2021:2845"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2775 vom 2021-07-21",
        "url": "https://access.redhat.com/errata/RHSA-2021:2775"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-2845 vom 2021-07-22",
        "url": "https://linux.oracle.com/errata/ELSA-2021-2845.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-2784 vom 2021-07-22",
        "url": "https://linux.oracle.com/errata/ELSA-2021-2784.html"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-202107-54 vom 2021-07-22",
        "url": "https://security.archlinux.org/ASA-202107-54"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2774 vom 2021-07-21",
        "url": "https://access.redhat.com/errata/RHSA-2021:2774"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2021-1692 vom 2021-07-21",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2021-1692.html"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2021:2784 vom 2021-07-22",
        "url": "https://lists.centos.org/pipermail/centos-announce/2021-July/048345.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-2781 vom 2021-07-22",
        "url": "http://linux.oracle.com/errata/ELSA-2021-2781.html"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-202107-66 vom 2021-07-22",
        "url": "https://security.archlinux.org/ASA-202107-66"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2777 vom 2021-07-22",
        "url": "https://access.redhat.com/errata/RHSA-2021:2777"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2778 vom 2021-07-22",
        "url": "https://access.redhat.com/errata/RHSA-2021:2778"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2779 vom 2021-07-22",
        "url": "https://access.redhat.com/errata/RHSA-2021:2779"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-202107-65 vom 2021-07-22",
        "url": "https://security.archlinux.org/ASA-202107-65"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2780 vom 2021-07-22",
        "url": "https://access.redhat.com/errata/RHSA-2021:2780"
      },
      {
        "category": "external",
        "summary": "OpenJDK Vulnerability Advisory",
        "url": "https://openjdk.java.net/groups/vulnerability/advisories/2021-07-20"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-2776 vom 2021-07-22",
        "url": "http://linux.oracle.com/errata/ELSA-2021-2776.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4946 vom 2021-07-30",
        "url": "https://www.debian.org/security/2021/dsa-4946"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2021-1695 vom 2021-08-06",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2021-1695.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2613-1 vom 2021-08-05",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009254.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2737 vom 2021-08-09",
        "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00011.html"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2021:2845 vom 2021-08-11",
        "url": "https://lists.centos.org/pipermail/centos-announce/2021-August/048348.html"
      },
      {
        "category": "external",
        "summary": "AVAYA Security Advisory ASA-2021-102 vom 2021-08-10",
        "url": "https://downloads.avaya.com/css/P8/documents/101076999"
      },
      {
        "category": "external",
        "summary": "AVAYA Security Advisory ASA-2021-095 vom 2021-08-11",
        "url": "https://downloads.avaya.com/css/P8/documents/101077014"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2798-1 vom 2021-08-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009324.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2797-1 vom 2021-08-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009315.html"
      },
      {
        "category": "external",
        "summary": "AVAYA Security Advisory ASA-2021-101 vom 2021-08-25",
        "url": "https://downloads.avaya.com/css/P8/documents/101077242"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3292 vom 2021-08-30",
        "url": "https://access.redhat.com/errata/RHSA-2021:3292"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3293 vom 2021-08-30",
        "url": "https://access.redhat.com/errata/RHSA-2021:3293"
      },
      {
        "category": "external",
        "summary": "Hitachi Vulnerability Information HITACHI-SEC-2021-129 vom 2021-09-03",
        "url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-129/index.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2952-1 vom 2021-09-03",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009404.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2021-1528 vom 2021-09-08",
        "url": "https://alas.aws.amazon.com/ALAS-2021-1528.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:3007-1 vom 2021-09-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009422.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:4089 vom 2021-11-02",
        "url": "https://access.redhat.com/errata/RHSA-2021:4089"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5202-1 vom 2021-12-17",
        "url": "https://ubuntu.com/security/notices/USN-5202-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:14875-1 vom 2022-01-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-January/010014.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:0108-1 vom 2022-01-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-January/010012.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:0107-1 vom 2022-01-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-January/010011.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:14876-1 vom 2022-01-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-January/010022.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:0166-1 vom 2022-01-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-January/010052.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6552314 vom 2022-02-04",
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-october-2021-affects-ibm-infosphere-information-server-cve-2021-35578-cve-2021-35564/"
      },
      {
        "category": "external",
        "summary": "Brocade Security Advisory BSA-2022-1836 vom 2022-06-24",
        "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1836"
      },
      {
        "category": "external",
        "summary": "Brocade Security Advisory BSA-2022-1835 vom 2022-06-24",
        "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1835"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202209-05 vom 2022-09-07",
        "url": "https://security.gentoo.org/glsa/202209-05"
      },
      {
        "category": "external",
        "summary": "Trellix Knowledge Center",
        "url": "https://kcm.trellix.com/corporate/index?page=content\u0026id=SB10366"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202409-26 vom 2024-09-28",
        "url": "https://security.gentoo.org/glsa/202409-26"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Java SE: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-09-29T22:00:00.000+00:00",
      "generator": {
        "date": "2024-09-30T08:18:09.208+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2022-0464",
      "initial_release_date": "2021-07-20T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2021-07-20T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2021-07-21T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Arch Linux, Red Hat, Oracle Linux und Amazon aufgenommen"
        },
        {
          "date": "2021-07-22T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von CentOS, Oracle Linux, Arch Linux und Red Hat aufgenommen"
        },
        {
          "date": "2021-07-25T22:00:00.000+00:00",
          "number": "4",
          "summary": "Referenz(en) aufgenommen: FEDORA-2021-ADE03666C0, FEDORA-2021-D20D6712BC, FEDORA-2021-E6B0792D75, FEDORA-2021-4581CCB97D"
        },
        {
          "date": "2021-08-01T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-08-05T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Amazon und SUSE aufgenommen"
        },
        {
          "date": "2021-08-09T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-08-11T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von CentOS und AVAYA aufgenommen"
        },
        {
          "date": "2021-08-12T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von AVAYA aufgenommen"
        },
        {
          "date": "2021-08-22T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-08-26T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von AVAYA aufgenommen"
        },
        {
          "date": "2021-08-29T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-09-02T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von HITACHI aufgenommen"
        },
        {
          "date": "2021-09-05T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-09-08T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2021-09-09T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-11-01T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-12-16T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2022-01-18T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-01-24T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-02-03T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2022-06-26T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von BROCADE aufgenommen"
        },
        {
          "date": "2022-09-06T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Gentoo aufgenommen"
        },
        {
          "date": "2022-10-30T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2024-09-29T22:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von Gentoo aufgenommen"
        }
      ],
      "status": "final",
      "version": "25"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Avaya Aura Application Enablement Services",
            "product": {
              "name": "Avaya Aura Application Enablement Services",
              "product_id": "T015516",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_application_enablement_services:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Device Services",
            "product": {
              "name": "Avaya Aura Device Services",
              "product_id": "T015517",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_device_services:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Experience Portal",
            "product": {
              "name": "Avaya Aura Experience Portal",
              "product_id": "T015519",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_experience_portal:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Session Manager",
            "product": {
              "name": "Avaya Aura Session Manager",
              "product_id": "T015127",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:session_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura System Manager",
            "product": {
              "name": "Avaya Aura System Manager",
              "product_id": "T015518",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_system_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Breeze Platform",
            "product": {
              "name": "Avaya Breeze Platform",
              "product_id": "T015823",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:breeze_platform:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya CMS",
            "product": {
              "name": "Avaya CMS",
              "product_id": "997",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:call_management_system_server:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Session Border Controller",
            "product": {
              "name": "Avaya Session Border Controller",
              "product_id": "T015520",
              "product_identification_helper": {
                "cpe": "cpe:/h:avaya:session_border_controller:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Avaya"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cv2.2.0.2",
                "product": {
                  "name": "Broadcom Brocade SANnav \u003cv2.2.0.2",
                  "product_id": "T023628"
                }
              },
              {
                "category": "product_version",
                "name": "v2.2.0.2",
                "product": {
                  "name": "Broadcom Brocade SANnav v2.2.0.2",
                  "product_id": "T023628-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:broadcom:brocade_sannav:v2.2.0.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Brocade SANnav"
          }
        ],
        "category": "vendor",
        "name": "Broadcom"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Hitachi Command Suite",
            "product": {
              "name": "Hitachi Command Suite",
              "product_id": "T010951",
              "product_identification_helper": {
                "cpe": "cpe:/a:hitachi:command_suite:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Hitachi Configuration Manager",
            "product": {
              "name": "Hitachi Configuration Manager",
              "product_id": "T020304",
              "product_identification_helper": {
                "cpe": "cpe:/a:hitachi:configuration_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Hitachi Ops Center",
            "product": {
              "name": "Hitachi Ops Center",
              "product_id": "T017562",
              "product_identification_helper": {
                "cpe": "cpe:/a:hitachi:ops_center:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Hitachi"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM InfoSphere Information Server",
            "product": {
              "name": "IBM InfoSphere Information Server",
              "product_id": "T019995",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:infosphere_information_server:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Arch Linux",
            "product": {
              "name": "Open Source Arch Linux",
              "product_id": "T013312",
              "product_identification_helper": {
                "cpe": "cpe:/o:archlinux:archlinux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Open Source CentOS",
            "product": {
              "name": "Open Source CentOS",
              "product_id": "1727",
              "product_identification_helper": {
                "cpe": "cpe:/o:centos:centos:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "21.1.0",
                "product": {
                  "name": "Oracle Java SE 21.1.0",
                  "product_id": "T019902",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:21.1.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "11.0.11",
                "product": {
                  "name": "Oracle Java SE 11.0.11",
                  "product_id": "T019903",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:11.0.11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Oracle Graal VM Enterprise Edition 20.3.2",
                "product": {
                  "name": "Oracle Java SE Oracle Graal VM Enterprise Edition 20.3.2",
                  "product_id": "T019933",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:oracle_graal_vm_enterprise_edition_20.3.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7u301",
                "product": {
                  "name": "Oracle Java SE 7u301",
                  "product_id": "T019934",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:7u301"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8u291",
                "product": {
                  "name": "Oracle Java SE 8u291",
                  "product_id": "T019935",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:8u291"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "16.0.1",
                "product": {
                  "name": "Oracle Java SE 16.0.1",
                  "product_id": "T019936",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:16.0.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Java SE"
          },
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.10 CU 11",
                "product": {
                  "name": "Trellix ePolicy Orchestrator \u003c5.10 CU 11",
                  "product_id": "T024888"
                }
              },
              {
                "category": "product_version",
                "name": "5.10 CU 11",
                "product": {
                  "name": "Trellix ePolicy Orchestrator 5.10 CU 11",
                  "product_id": "T024888-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:trellix:epolicy_orchestrator:5.10_update_14"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ePolicy Orchestrator"
          }
        ],
        "category": "vendor",
        "name": "Trellix"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-28928",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HOCH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015823",
          "T010951",
          "T015127",
          "T004914",
          "T015520",
          "T019995",
          "T019933",
          "T019935",
          "T020304",
          "997",
          "T019934",
          "T024888",
          "T019936",
          "398363",
          "T015519",
          "T015518",
          "T015517",
          "T015516",
          "T013312",
          "T012167",
          "T017562",
          "T023628",
          "2951",
          "T002207",
          "T000126",
          "T019902",
          "T019903",
          "1727"
        ]
      },
      "release_date": "2021-07-20T22:00:00.000+00:00",
      "title": "CVE-2020-28928"
    },
    {
      "cve": "CVE-2021-2341",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HOCH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015823",
          "T010951",
          "T015127",
          "T004914",
          "T015520",
          "T019995",
          "T019933",
          "T019935",
          "T020304",
          "997",
          "T019934",
          "T024888",
          "T019936",
          "398363",
          "T015519",
          "T015518",
          "T015517",
          "T015516",
          "T013312",
          "T012167",
          "T017562",
          "T023628",
          "2951",
          "T002207",
          "T000126",
          "T019902",
          "T019903",
          "1727"
        ]
      },
      "release_date": "2021-07-20T22:00:00.000+00:00",
      "title": "CVE-2021-2341"
    },
    {
      "cve": "CVE-2021-2369",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HOCH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015823",
          "T010951",
          "T015127",
          "T004914",
          "T015520",
          "T019995",
          "T019933",
          "T019935",
          "T020304",
          "997",
          "T019934",
          "T024888",
          "T019936",
          "398363",
          "T015519",
          "T015518",
          "T015517",
          "T015516",
          "T013312",
          "T012167",
          "T017562",
          "T023628",
          "2951",
          "T002207",
          "T000126",
          "T019902",
          "T019903",
          "1727"
        ]
      },
      "release_date": "2021-07-20T22:00:00.000+00:00",
      "title": "CVE-2021-2369"
    },
    {
      "cve": "CVE-2021-2388",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HOCH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015823",
          "T010951",
          "T015127",
          "T004914",
          "T015520",
          "T019995",
          "T019933",
          "T019935",
          "T020304",
          "997",
          "T019934",
          "T024888",
          "T019936",
          "398363",
          "T015519",
          "T015518",
          "T015517",
          "T015516",
          "T013312",
          "T012167",
          "T017562",
          "T023628",
          "2951",
          "T002207",
          "T000126",
          "T019902",
          "T019903",
          "1727"
        ]
      },
      "release_date": "2021-07-20T22:00:00.000+00:00",
      "title": "CVE-2021-2388"
    },
    {
      "cve": "CVE-2021-2432",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HOCH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015823",
          "T010951",
          "T015127",
          "T004914",
          "T015520",
          "T019995",
          "T019933",
          "T019935",
          "T020304",
          "997",
          "T019934",
          "T024888",
          "T019936",
          "398363",
          "T015519",
          "T015518",
          "T015517",
          "T015516",
          "T013312",
          "T012167",
          "T017562",
          "T023628",
          "2951",
          "T002207",
          "T000126",
          "T019902",
          "T019903",
          "1727"
        ]
      },
      "release_date": "2021-07-20T22:00:00.000+00:00",
      "title": "CVE-2021-2432"
    },
    {
      "cve": "CVE-2021-29921",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HOCH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T015823",
          "T010951",
          "T015127",
          "T004914",
          "T015520",
          "T019995",
          "T019933",
          "T019935",
          "T020304",
          "997",
          "T019934",
          "T024888",
          "T019936",
          "398363",
          "T015519",
          "T015518",
          "T015517",
          "T015516",
          "T013312",
          "T012167",
          "T017562",
          "T023628",
          "2951",
          "T002207",
          "T000126",
          "T019902",
          "T019903",
          "1727"
        ]
      },
      "release_date": "2021-07-20T22:00:00.000+00:00",
      "title": "CVE-2021-29921"
    }
  ]
}

fkie_cve-2020-28928

Vulnerability from fkie_nvd

Published

2020-11-24 18:15

Modified

2024-11-21 05:23

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).

References

URL	Tags
cve@mitre.org	http://www.openwall.com/lists/oss-security/2020/11/20/4	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.apache.org/thread.html/r2134abfe847bea7795f0e53756d10a47e6643f35ab8169df8b8a9eb1%40%3Cnotifications.apisix.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/r90b60cf49348e515257b4950900c1bd3ab95a960cf2469d919c7264e%40%3Cnotifications.apisix.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/ra63e8dc5137d952afc55dbbfa63be83304ecf842d1eab1ff3ebb29e2%40%3Cnotifications.apisix.apache.org%3E
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2020/11/msg00050.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKQ3RVSMVZNZNO4D65W2CZZ4DMYFZN2Q/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW27QVY7ERPTSGKS4KAWE5TU7EJWHKVQ/
cve@mitre.org	https://musl.libc.org/releases.html	Release Notes, Vendor Advisory
cve@mitre.org	https://www.oracle.com//security-alerts/cpujul2021.html	Patch, Third Party Advisory
cve@mitre.org	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2020/11/20/4	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r2134abfe847bea7795f0e53756d10a47e6643f35ab8169df8b8a9eb1%40%3Cnotifications.apisix.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r90b60cf49348e515257b4950900c1bd3ab95a960cf2469d919c7264e%40%3Cnotifications.apisix.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/ra63e8dc5137d952afc55dbbfa63be83304ecf842d1eab1ff3ebb29e2%40%3Cnotifications.apisix.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/11/msg00050.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKQ3RVSMVZNZNO4D65W2CZZ4DMYFZN2Q/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW27QVY7ERPTSGKS4KAWE5TU7EJWHKVQ/
af854a3a-2127-422b-91ae-364da2661108	https://musl.libc.org/releases.html	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com//security-alerts/cpujul2021.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
musl-libc	musl	*
debian	debian_linux	9.0
fedoraproject	fedora	33
fedoraproject	fedora	34
oracle	graalvm	20.3.2
oracle	graalvm	21.1.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:musl-libc:musl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "24878E16-7EC0-4225-B0A5-8CE6FE8827C6",
              "versionEndIncluding": "1.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C21EB1C3-3251-4B99-9D5F-E4E089E2EC62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.1.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "CA0CBB5F-6CA5-4DFC-97A3-05643F8885DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow)."
    },
    {
      "lang": "es",
      "value": "En musl libc versiones hasta 1.2.1, wcsnrtombs maneja inapropiadamente combinaciones particulares de tama\u00f1o de b\u00fafer de destino y l\u00edmite de caracteres de origen, como es demostrado por un acceso de escritura no v\u00e1lido (desbordamiento de b\u00fafer)"
    }
  ],
  "id": "CVE-2020-28928",
  "lastModified": "2024-11-21T05:23:18.907",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-11-24T18:15:12.207",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/11/20/4"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r2134abfe847bea7795f0e53756d10a47e6643f35ab8169df8b8a9eb1%40%3Cnotifications.apisix.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r90b60cf49348e515257b4950900c1bd3ab95a960cf2469d919c7264e%40%3Cnotifications.apisix.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/ra63e8dc5137d952afc55dbbfa63be83304ecf842d1eab1ff3ebb29e2%40%3Cnotifications.apisix.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00050.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKQ3RVSMVZNZNO4D65W2CZZ4DMYFZN2Q/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW27QVY7ERPTSGKS4KAWE5TU7EJWHKVQ/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://musl.libc.org/releases.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/11/20/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r2134abfe847bea7795f0e53756d10a47e6643f35ab8169df8b8a9eb1%40%3Cnotifications.apisix.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r90b60cf49348e515257b4950900c1bd3ab95a960cf2469d919c7264e%40%3Cnotifications.apisix.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ra63e8dc5137d952afc55dbbfa63be83304ecf842d1eab1ff3ebb29e2%40%3Cnotifications.apisix.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00050.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKQ3RVSMVZNZNO4D65W2CZZ4DMYFZN2Q/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW27QVY7ERPTSGKS4KAWE5TU7EJWHKVQ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://musl.libc.org/releases.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2021-AVI-557

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Oracle Java SE. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Oracle	Java SE	Java SE: 7u301, 8u291, 11.0.11, 16.0.1
	Oracle	Java SE	Oracle GraalVM Enterprise Edition: 20.3.2, 21.1.0

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpujul2021 du 20 juillet 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Java SE: 7u301, 8u291, 11.0.11, 16.0.1",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GraalVM Enterprise Edition: 20.3.2, 21.1.0",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-2341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
    },
    {
      "name": "CVE-2021-2432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2432"
    },
    {
      "name": "CVE-2021-2369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
    },
    {
      "name": "CVE-2021-29921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29921"
    },
    {
      "name": "CVE-2021-2388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
    },
    {
      "name": "CVE-2020-28928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28928"
    }
  ],
  "initial_release_date": "2021-07-21T00:00:00",
  "last_revision_date": "2021-07-21T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-557",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Java SE.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni\nde service, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java SE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2021 du 20 juillet 2021",
      "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
    }
  ]
}

CERTFR-2024-AVI-0297

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Juniper. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cloud Native Router versions antérieures à 23.4
cRPD versions antérieures à 23.4R1
Paragon Active Assurance versions antérieures à 4.2.1
Paragon Active Assurance versions antérieures à 4.3.0
Junos OS gamme EX4300 versions antérieures à 20.4R3-S10, 21.2R3-S7 et 21.4R3-S6
Junos OS gammes QFX5000 Series, EX4400 Series, EX4100 Series et EX4650 Series versions antérieures à 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3 et 23.2R1
Junos OS gammes SRX Branch Series versions antérieures à 21.1R3-S5, 21.2R3-S5, 21.3R3-S4, 21.4R3-S3, 22.1R3-S2, 22.2R2-S2, 22.2R3, 22.3R2-S1, 22.3R3, 22.4R1-S2, 22.4R2 et 23.2R1
Junos OS gammes MX Series avec SPC3 et MS-MPC versions antérieures à 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3 et 23.2R1
Junos OS gamme SRX 5000 Series avec SPC2 versions antérieures à 21.2R3-S7, 21.4, 22.1, 22.2, 22.3, 22.4 et 23.2
Junos OS gammes MX Series versions antérieures à 20.4R3-S5, 21.1, 21.2R3-S1, 21.3, 21.4R3, 22.1R2, 22.2R2 et 22.3
Junos OS gamme EX9200-15C versions antérieures à 21.2R3-S1, 21.4R3, 22.1R2 et 22.2R2
Junos OS gammes SRX4600 versions antérieures à 21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R1-S2, 23.2R2 et 23.4R1
Junos OS gammes ACX5448 et ACX710 versions antérieures à 20.4R3-S9, 21.2R3-S5, 21.3R3-S5, 21.4R3-S4, 22.1R3-S2, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R2 et 23.2R1
Junos OS versions antérieures à 20.4R3-S9, 21.1R3, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R3-S2, 22.4R3 et 23.4R2
Junos OS Evolved versions antérieures à 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO et 23.4R1-EVO

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA79102 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79106 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79181 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79186 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79089 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79173 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79104 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79094 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79183 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79176 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79179 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79187 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79109 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79171 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79188 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79099 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79184 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79110 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79174 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79095 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79100 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79107 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79092 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79185 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79108 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79091 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79180 du 10 avril 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eCloud Native Router versions ant\u00e9rieures \u00e0 23.4\u003c/li\u003e \u003cli\u003ecRPD versions ant\u00e9rieures \u00e0 23.4R1\u003c/li\u003e \u003cli\u003eParagon Active Assurance versions ant\u00e9rieures \u00e0 4.2.1\u003c/li\u003e \u003cli\u003eParagon Active Assurance versions ant\u00e9rieures \u00e0 4.3.0\u003c/li\u003e \u003cli\u003eJunos OS gamme EX4300 versions ant\u00e9rieures \u00e0 20.4R3-S10, 21.2R3-S7 et 21.4R3-S6\u003c/li\u003e \u003cli\u003eJunos OS gammes QFX5000 Series, EX4400 Series, EX4100 Series et EX4650 Series versions ant\u00e9rieures \u00e0 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3 et 23.2R1\u003c/li\u003e \u003cli\u003eJunos OS gammes SRX Branch Series versions ant\u00e9rieures \u00e0 21.1R3-S5, 21.2R3-S5, 21.3R3-S4, 21.4R3-S3, 22.1R3-S2, 22.2R2-S2, 22.2R3, 22.3R2-S1, 22.3R3, 22.4R1-S2, 22.4R2 et 23.2R1\u003c/li\u003e \u003cli\u003eJunos OS gammes MX Series avec SPC3 et MS-MPC versions ant\u00e9rieures \u00e0 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3 et 23.2R1\u003c/li\u003e \u003cli\u003eJunos OS gamme SRX 5000 Series avec SPC2 versions ant\u00e9rieures \u00e0 21.2R3-S7, 21.4, 22.1, 22.2, 22.3, 22.4 et 23.2\u003c/li\u003e \u003cli\u003eJunos OS gammes\u00a0MX Series versions ant\u00e9rieures \u00e0 20.4R3-S5, 21.1, 21.2R3-S1, 21.3, 21.4R3, 22.1R2, 22.2R2 et 22.3\u003c/li\u003e \u003cli\u003eJunos OS gamme EX9200-15C versions ant\u00e9rieures \u00e0 21.2R3-S1, 21.4R3, 22.1R2 et 22.2R2\u003c/li\u003e \u003cli\u003eJunos OS gammes\u00a0SRX4600 versions ant\u00e9rieures \u00e0 21.2R3-S7,\u00a021.4R3-S6,\u00a022.1R3-S5,\u00a022.2R3-S3,\u00a022.3R3-S2,\u00a022.4R3,\u00a023.2R1-S2, 23.2R2 et 23.4R1\u003c/li\u003e \u003cli\u003eJunos OS gammes\u00a0ACX5448 et ACX710 versions ant\u00e9rieures \u00e0 20.4R3-S9, 21.2R3-S5, 21.3R3-S5, 21.4R3-S4, 22.1R3-S2, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R2 et 23.2R1\u003c/li\u003e \u003cli\u003eJunos OS versions ant\u00e9rieures \u00e0 20.4R3-S9, 21.1R3, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R3-S2, 22.4R3 et 23.4R2\u003c/li\u003e \u003cli\u003e \u003cdiv\u003e \u003cdiv\u003e \u003cp\u003eJunos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO et 23.4R1-EVO\u003c/p\u003e \u003c/div\u003e \u003c/div\u003e \u003c/li\u003e \u003c/ul\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
    },
    {
      "name": "CVE-2023-40217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
    },
    {
      "name": "CVE-2023-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
    },
    {
      "name": "CVE-2021-37600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37600"
    },
    {
      "name": "CVE-2024-30381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30381"
    },
    {
      "name": "CVE-2023-46218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
    },
    {
      "name": "CVE-2020-1747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1747"
    },
    {
      "name": "CVE-2024-30401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30401"
    },
    {
      "name": "CVE-2021-28831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28831"
    },
    {
      "name": "CVE-2024-30409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30409"
    },
    {
      "name": "CVE-2023-38546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
    },
    {
      "name": "CVE-2020-14343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2022-48554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
    },
    {
      "name": "CVE-2023-39975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39975"
    },
    {
      "name": "CVE-2024-30410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30410"
    },
    {
      "name": "CVE-2018-7738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7738"
    },
    {
      "name": "CVE-2022-48522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48522"
    },
    {
      "name": "CVE-2020-8285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8285"
    },
    {
      "name": "CVE-2021-28957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28957"
    },
    {
      "name": "CVE-2024-30380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30380"
    },
    {
      "name": "CVE-2023-41913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41913"
    },
    {
      "name": "CVE-2024-30392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30392"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2021-23240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23240"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2011-1676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1676"
    },
    {
      "name": "CVE-2020-8037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8037"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2020-19190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19190"
    },
    {
      "name": "CVE-2024-30391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30391"
    },
    {
      "name": "CVE-2020-8286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8286"
    },
    {
      "name": "CVE-2023-2253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2253"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2024-30389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30389"
    },
    {
      "name": "CVE-2023-29491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29491"
    },
    {
      "name": "CVE-2023-3592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3592"
    },
    {
      "name": "CVE-2020-19187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19187"
    },
    {
      "name": "CVE-2023-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
    },
    {
      "name": "CVE-2019-9923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9923"
    },
    {
      "name": "CVE-2021-39534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39534"
    },
    {
      "name": "CVE-2023-5981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
    },
    {
      "name": "CVE-2023-27043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
    },
    {
      "name": "CVE-2023-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
    },
    {
      "name": "CVE-2024-30398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30398"
    },
    {
      "name": "CVE-2021-22947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
    },
    {
      "name": "CVE-2018-1000120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000120"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2019-17041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17041"
    },
    {
      "name": "CVE-2020-19188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19188"
    },
    {
      "name": "CVE-2020-19186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19186"
    },
    {
      "name": "CVE-2021-22946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
    },
    {
      "name": "CVE-2020-25659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25659"
    },
    {
      "name": "CVE-2021-39531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39531"
    },
    {
      "name": "CVE-2020-8284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8284"
    },
    {
      "name": "CVE-2023-23915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
    },
    {
      "name": "CVE-2011-1675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1675"
    },
    {
      "name": "CVE-2023-28366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28366"
    },
    {
      "name": "CVE-2024-30378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30378"
    },
    {
      "name": "CVE-2023-23931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
    },
    {
      "name": "CVE-2021-34434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34434"
    },
    {
      "name": "CVE-2016-10009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10009"
    },
    {
      "name": "CVE-2023-1428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1428"
    },
    {
      "name": "CVE-2023-3978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
    },
    {
      "name": "CVE-2024-30402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30402"
    },
    {
      "name": "CVE-2018-1000215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000215"
    },
    {
      "name": "CVE-2023-23914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
    },
    {
      "name": "CVE-2019-17042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17042"
    },
    {
      "name": "CVE-2024-30403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30403"
    },
    {
      "name": "CVE-2021-36159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36159"
    },
    {
      "name": "CVE-2018-1000654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000654"
    },
    {
      "name": "CVE-2023-5156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
    },
    {
      "name": "CVE-2022-2795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2795"
    },
    {
      "name": "CVE-2021-30139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30139"
    },
    {
      "name": "CVE-2024-30384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30384"
    },
    {
      "name": "CVE-2023-2603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2603"
    },
    {
      "name": "CVE-2024-30387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30387"
    },
    {
      "name": "CVE-2017-18018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18018"
    },
    {
      "name": "CVE-2024-30406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30406"
    },
    {
      "name": "CVE-2023-43804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2023-32732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32732"
    },
    {
      "name": "CVE-2024-30394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30394"
    },
    {
      "name": "CVE-2023-2650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
    },
    {
      "name": "CVE-2022-3996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
    },
    {
      "name": "CVE-2024-30407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30407"
    },
    {
      "name": "CVE-2020-36242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
    },
    {
      "name": "CVE-2023-4785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4785"
    },
    {
      "name": "CVE-2020-22916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-22916"
    },
    {
      "name": "CVE-2023-38408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
    },
    {
      "name": "CVE-2020-27350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27350"
    },
    {
      "name": "CVE-2023-36054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36054"
    },
    {
      "name": "CVE-2021-39533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39533"
    },
    {
      "name": "CVE-2024-30390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30390"
    },
    {
      "name": "CVE-2020-19185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19185"
    },
    {
      "name": "CVE-2023-0809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0809"
    },
    {
      "name": "CVE-2021-20193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20193"
    },
    {
      "name": "CVE-2023-4806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
    },
    {
      "name": "CVE-2016-2781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2781"
    },
    {
      "name": "CVE-2020-19189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19189"
    },
    {
      "name": "CVE-2023-32731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32731"
    },
    {
      "name": "CVE-2023-49083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
    },
    {
      "name": "CVE-2024-30388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30388"
    },
    {
      "name": "CVE-2019-18276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
    },
    {
      "name": "CVE-2024-30386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30386"
    },
    {
      "name": "CVE-2021-33560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33560"
    },
    {
      "name": "CVE-2011-1677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1677"
    },
    {
      "name": "CVE-2018-20225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20225"
    },
    {
      "name": "CVE-2020-28928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28928"
    },
    {
      "name": "CVE-2021-41039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41039"
    },
    {
      "name": "CVE-2024-30382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30382"
    },
    {
      "name": "CVE-2018-20482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20482"
    },
    {
      "name": "CVE-2021-40528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40528"
    },
    {
      "name": "CVE-2023-32681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2020-28493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28493"
    },
    {
      "name": "CVE-2020-27783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27783"
    },
    {
      "name": "CVE-2018-1000122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000122"
    },
    {
      "name": "CVE-2011-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
    },
    {
      "name": "CVE-2024-30405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30405"
    },
    {
      "name": "CVE-2024-30397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30397"
    },
    {
      "name": "CVE-2023-38545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
    },
    {
      "name": "CVE-2024-30395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30395"
    }
  ],
  "initial_release_date": "2024-04-11T00:00:00",
  "last_revision_date": "2024-04-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0297",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-04-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0\ndistance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79102 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-libslax-Multiple-vulnerabilities-in-libslax-resolved?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79106 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Juniper-Cloud-Native-Router-Multiple-vulnerabilities-resolved-in-23-4-release?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79181 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-When-MAC-learning-happens-and-an-interface-gets-flapped-the-PFE-crashes-CVE-2024-30403?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79186 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-EX4300-Series-If-a-specific-CLI-command-is-issued-PFE-crashes-will-occur-CVE-2024-30384?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79089 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-QFX5000-Series-and-EX-Series-Specific-malformed-LACP-packets-will-cause-flaps-CVE-2024-30388?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79173 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Paragon-Active-Assurance-probe-serviced-exposes-internal-objects-to-local-users-CVE-2024-30381?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79104 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-ACX-Series-with-Paragon-Active-Assurance-Test-Agent-A-local-high-privileged-attacker-can-recover-other-administrators-credentials-CVE-2024-30406?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79094 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-A-specific-EVPN-type-5-route-causes-rpd-crash-CVE-2024-30394?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79183 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-Connection-limits-is-not-being-enforced-while-the-resp-rate-limit-is-being-enforced-CVE-2024-30390?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79176 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-SRX4600-Series-A-high-amount-of-specific-traffic-causes-packet-drops-and-an-eventual-PFE-crash-CVE-2024-30398?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79179 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-An-invalid-certificate-causes-a-Denial-of-Service-in-the-Internet-Key-Exchange-IKE-process-CVE-2024-30397?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79187 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-ACX5448-ACX710-Due-to-the-interface-flaps-the-PFE-process-can-crash-CVE-2024-30387?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79109 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-bbe-smgd-process-crash-upon-execution-of-specific-CLI-commands-CVE-2024-30378?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79171 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-l2cpd-crash-upon-receipt-of-a-specific-TLV-CVE-2024-30380?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79188 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-and-SRX-Series-When-IPsec-authentication-is-configured-with-hmac-sha-384-and-hmac-sha-512-no-authentication-of-traffic-is-performed-CVE-2024-30391?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79099 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Higher-CPU-consumption-on-routing-engine-leads-to-Denial-of-Service-DoS-CVE-2024-30409?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79184 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-EVPN-VXLAN-scenario-state-changes-on-adjacent-systems-can-cause-an-l2ald-process-crash-CVE-2024-30386?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79110 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-and-EX9200-15C-Stack-based-buffer-overflow-in-aftman-CVE-2024-30401?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79174 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Junos-OS-and-Junos-OS-Evolved-RPD-crash-when-CoS-based-forwarding-CBF-policy-is-configured-CVE-2024-30382?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79095 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-malformed-BGP-tunnel-encapsulation-attribute-will-lead-to-an-rpd-crash-CVE-2024-30395?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79100 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-EX4300-Series-Loopback-filter-not-blocking-traffic-despite-having-discard-term-CVE-2024-30410?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79107 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-cRPD-Multiple-vulnerabilities-resolved-in-23-4R1-release?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79092 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-and-MS-MPC-MIC-When-URL-filtering-is-enabled-and-a-specific-URL-request-is-received-a-flowd-crash-occurs-CVE-2024-30392?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79185 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-EX4300-Series-Firewall-filter-not-blocking-egress-traffic-CVE-2024-30389?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79108 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-cURL-vulnerabilities-resolved?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79091 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-SRX-Branch-Series-When-DNS-proxy-is-configured-and-specific-DNS-queries-are-received-resolver-s-performance-is-degraded-CVE-2022-2795?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79180 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-The-l2ald-crashes-on-receiving-telemetry-messages-from-a-specific-subscription-CVE-2024-30402?language=en_US"
    }
  ]
}

ghsa-7gwx-j9qc-6c6w

Vulnerability from github

Published

2022-05-24 17:34

Modified

2022-05-24 17:34

Details

In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-28928"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-24T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).",
  "id": "GHSA-7gwx-j9qc-6c6w",
  "modified": "2022-05-24T17:34:54Z",
  "published": "2022-05-24T17:34:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28928"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r2134abfe847bea7795f0e53756d10a47e6643f35ab8169df8b8a9eb1@%3Cnotifications.apisix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r90b60cf49348e515257b4950900c1bd3ab95a960cf2469d919c7264e@%3Cnotifications.apisix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ra63e8dc5137d952afc55dbbfa63be83304ecf842d1eab1ff3ebb29e2@%3Cnotifications.apisix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00050.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKQ3RVSMVZNZNO4D65W2CZZ4DMYFZN2Q"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW27QVY7ERPTSGKS4KAWE5TU7EJWHKVQ"
    },
    {
      "type": "WEB",
      "url": "https://musl.libc.org/releases.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/11/20/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2020-28928

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).

Aliases

CVE-2020-28928

Aliases

CVE-2020-28928

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-28928",
    "description": "In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).",
    "id": "GSD-2020-28928",
    "references": [
      "https://security.archlinux.org/CVE-2020-28928"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-28928"
      ],
      "details": "In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).",
      "id": "GSD-2020-28928",
      "modified": "2023-12-13T01:22:01.787461Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-28928",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://musl.libc.org/releases.html",
            "refsource": "MISC",
            "url": "https://musl.libc.org/releases.html"
          },
          {
            "name": "[debian-lts-announce] 20201130 [SECURITY] [DLA 2474-1] musl security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00050.html"
          },
          {
            "name": "[apisix-notifications] 20210428 [GitHub] [apisix-docker] tao12345666333 opened a new pull request #166: fix: upgrade alpine version due to CVE-2020-28928",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/ra63e8dc5137d952afc55dbbfa63be83304ecf842d1eab1ff3ebb29e2@%3Cnotifications.apisix.apache.org%3E"
          },
          {
            "name": "[apisix-notifications] 20210428 [apisix-docker] branch master updated: fix: upgrade alpine version due to CVE-2020-28928 (#166)",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r90b60cf49348e515257b4950900c1bd3ab95a960cf2469d919c7264e@%3Cnotifications.apisix.apache.org%3E"
          },
          {
            "name": "[apisix-notifications] 20210428 [GitHub] [apisix-docker] starsz merged pull request #166: fix: upgrade alpine version due to CVE-2020-28928",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r2134abfe847bea7795f0e53756d10a47e6643f35ab8169df8b8a9eb1@%3Cnotifications.apisix.apache.org%3E"
          },
          {
            "name": "FEDORA-2021-4892dbbf76",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW27QVY7ERPTSGKS4KAWE5TU7EJWHKVQ/"
          },
          {
            "name": "FEDORA-2021-0cf36f9134",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKQ3RVSMVZNZNO4D65W2CZZ4DMYFZN2Q/"
          },
          {
            "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2020/11/20/4",
            "refsource": "CONFIRM",
            "url": "http://www.openwall.com/lists/oss-security/2020/11/20/4"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:musl-libc:musl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.2.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:graalvm:20.3.2:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:graalvm:21.1.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-28928"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.openwall.com/lists/oss-security/2020/11/20/4",
              "refsource": "CONFIRM",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/11/20/4"
            },
            {
              "name": "https://musl.libc.org/releases.html",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://musl.libc.org/releases.html"
            },
            {
              "name": "[debian-lts-announce] 20201130 [SECURITY] [DLA 2474-1] musl security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00050.html"
            },
            {
              "name": "[apisix-notifications] 20210428 [apisix-docker] branch master updated: fix: upgrade alpine version due to CVE-2020-28928 (#166)",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r90b60cf49348e515257b4950900c1bd3ab95a960cf2469d919c7264e@%3Cnotifications.apisix.apache.org%3E"
            },
            {
              "name": "[apisix-notifications] 20210428 [GitHub] [apisix-docker] tao12345666333 opened a new pull request #166: fix: upgrade alpine version due to CVE-2020-28928",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/ra63e8dc5137d952afc55dbbfa63be83304ecf842d1eab1ff3ebb29e2@%3Cnotifications.apisix.apache.org%3E"
            },
            {
              "name": "[apisix-notifications] 20210428 [GitHub] [apisix-docker] starsz merged pull request #166: fix: upgrade alpine version due to CVE-2020-28928",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r2134abfe847bea7795f0e53756d10a47e6643f35ab8169df8b8a9eb1@%3Cnotifications.apisix.apache.org%3E"
            },
            {
              "name": "FEDORA-2021-4892dbbf76",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW27QVY7ERPTSGKS4KAWE5TU7EJWHKVQ/"
            },
            {
              "name": "FEDORA-2021-0cf36f9134",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKQ3RVSMVZNZNO4D65W2CZZ4DMYFZN2Q/"
            },
            {
              "name": "N/A",
              "refsource": "N/A",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-12-02T21:15Z",
      "publishedDate": "2020-11-24T18:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-28928 (GCVE-0-2020-28928)

Vulnerability from cvelistv5

WID-SEC-W-2022-0464

Vulnerability from csaf_certbund

wid-sec-w-2022-0464

Vulnerability from csaf_certbund

fkie_cve-2020-28928

Vulnerability from fkie_nvd

CERTFR-2021-AVI-557

Vulnerability from certfr_avis

Solution

CERTFR-2024-AVI-0297

Vulnerability from certfr_avis

Solution

ghsa-7gwx-j9qc-6c6w

Vulnerability from github

gsd-2020-28928

Vulnerability from gsd

Tags

Sightings

Nomenclature