Oracle Openjdk vulnerabilities

CVE-2021-20264 [HIGH] CWE-266 CVE-2021-20264: An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 co An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify the /etc/passwd and escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVE-2021-2388 [HIGH] CVE-2021-2388: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise

CVE-2021-2369 [MEDIUM] CVE-2021-2369: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to com

CVE-2021-2341 [LOW] CVE-2021-2341: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to c

CVE-2021-32553 [MEDIUM] CWE-59 CVE-2021-32553: It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.

CVE-2021-3522 [MEDIUM] CWE-125 CVE-2021-3522: GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.

CVE-2021-3517 [HIGH] CWE-787 CVE-2021-3517: There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An at There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential im

CVE-2021-3537 [MEDIUM] CWE-476 CVE-2021-3537: A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors wh A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability

CVE-2021-2163 [MEDIUM] CVE-2021-2163: Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated atta

CVE-2021-2161 [MEDIUM] CVE-2021-2161: Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated atta

CVE-2020-14803 [MEDIUM] CVE-2020-14803: Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions th Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a

CVE-2020-14792 [MEDIUM] CVE-2020-14792: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Suppo Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successfu

CVE-2020-14781 [LOW] CVE-2020-14781: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supporte Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful atta

CVE-2020-14798 [LOW] CVE-2020-14798: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Sup Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful

CVE-2020-14782 [LOW] CVE-2020-14782: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Sup Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful

CVE-2020-14797 [LOW] CVE-2020-14797: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Sup Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful

CVE-2020-14796 [LOW] CVE-2020-14796: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Sup Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful

CVE-2020-14779 [LOW] CVE-2020-14779: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Succes

CVE-2020-14583 [HIGH] CVE-2020-14583: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Sup Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Succe

CVE-2020-14593 [HIGH] CVE-2020-14593: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful atta