what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 37 RSS Feed

CVE-2023-22049

Status Candidate

Overview

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Related Files

Red Hat Security Advisory 2023-5480-01
Posted Oct 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5480-01 - Red Hat OpenShift Serverless release of OpenShift Serverless Logic. This release includes security fixes. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193, CVE-2023-2602, CVE-2023-2603, CVE-2023-27536, CVE-2023-28321, CVE-2023-28484, CVE-2023-29469, CVE-2023-29491
SHA-256 | 8393f81bc69e22633c4c8a163fe1bdfb3077d46fbf732dd426d169d487569950
Red Hat Security Advisory 2023-4877-01
Posted Aug 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4877-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR8-FP10.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2023-22049
SHA-256 | 1f44a471e2bee1717177c2bcafeca0820e54321a1df66a3ea21aeca73d00637b
Red Hat Security Advisory 2023-4876-01
Posted Aug 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4876-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR8-FP10.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2023-22049
SHA-256 | b877e67552065a035618163f8863de7837741b00771da9b04a313a06a5ea5731
Ubuntu Security Notice USN-6263-2
Posted Aug 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6263-2 - USN-6263-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when opening APK, ZIP or JAR files in OpenJDK 11 and OpenJDK 17. This update fixes the problem. Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193
SHA-256 | 06081ccdb3eddadabb6a4fa5e0132327183f58df6ae97e89790781710e41c2a2
Debian Security Advisory 5478-1
Posted Aug 17, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5478-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service.

tags | advisory, java, denial of service, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968, CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22045, CVE-2023-22049
SHA-256 | 1abbda9face35cc55de373d200a91797c0b8a6083da1289cd62ef92eff8eca01
Red Hat Security Advisory 2023-4472-01
Posted Aug 4, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4472-01 - Version 1.29.1 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.10, 4.11, 4.12, and 4.13. This release includes security and bug fixes, and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2022-36227, CVE-2023-1667, CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-2283, CVE-2023-24329, CVE-2023-24539, CVE-2023-25193, CVE-2023-26604
SHA-256 | 6279c43e2e64c3223f9a641285d7c47b27f5e06abc997f2a8678863ea219e43e
Ubuntu Security Notice USN-6272-1
Posted Aug 4, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6272-1 - Motoyasu Saburi discovered that OpenJDK 20 incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. Eirik Bjørsnøs discovered that OpenJDK 20 incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193
SHA-256 | ef29c04ae8e50638fee3aa1910c46999d0da17350681fbef567a0f2c8a994549
Ubuntu Security Notice USN-6263-1
Posted Aug 1, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6263-1 - Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. Eirik Bjørsnøs discovered that OpenJDK incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 11 and OpenJDK 17.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193
SHA-256 | 2a8710ab7e6491abd98022fbf0e059c14cea84ff8d9b7cf0e64f2f7802428148
Red Hat Security Advisory 2023-4286-01
Posted Jul 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4286-01 - Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2022-36227, CVE-2022-48281, CVE-2023-1667, CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22045, CVE-2023-22049, CVE-2023-2283, CVE-2023-25193, CVE-2023-26604, CVE-2023-27535, CVE-2023-28466
SHA-256 | d5d35601175060e7441b9a1481c61970c832969895ba21bcfab1b55787d9e0f1
Debian Security Advisory 5458-1
Posted Jul 26, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5458-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service.

tags | advisory, java, denial of service, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049
SHA-256 | 56826eebf6a5edd1903ff8a78cf717b85576a27002c8d40f49867c4087279cf9
Red Hat Security Advisory 2023-4166-01
Posted Jul 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4166-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.

tags | advisory, java, overflow
systems | linux, redhat
advisories | CVE-2023-22045, CVE-2023-22049
SHA-256 | 6a9232dc3ea5e8c5d893452c3835b26858556861060e7cea97f0b22081fb3321
Red Hat Security Advisory 2023-4233-01
Posted Jul 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4233-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

tags | advisory, java, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193
SHA-256 | 19f9fa31a7262f91d31cee4c6310b2ada9c09303df7a4438d4a804056e1ae86f
Red Hat Security Advisory 2023-4159-01
Posted Jul 21, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4159-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

tags | advisory, java, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193
SHA-256 | b6e57e286f970bc2597d39d510292c02bdc9563b84e7c3d9e47169b6cef50ee2
Red Hat Security Advisory 2023-4178-01
Posted Jul 21, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4178-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.

tags | advisory, java, overflow
systems | linux, redhat
advisories | CVE-2023-22045, CVE-2023-22049
SHA-256 | 2fb32f4fca01516ae8c5c5e9e14593a0aa2e663ba6219f723c025186e9144379
Red Hat Security Advisory 2023-4158-01
Posted Jul 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4158-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

tags | advisory, java, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193
SHA-256 | 510e99c48e709d27469ac26f9a443ee36850b8a2ee1d621c7cec623af107ec0f
Red Hat Security Advisory 2023-4210-01
Posted Jul 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4210-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

tags | advisory, java, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193
SHA-256 | aaf3eec724daf4f0114a9d6d60b4393ae33d6b7e774507ed12698a6e7a291791
Red Hat Security Advisory 2023-4177-01
Posted Jul 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4177-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

tags | advisory, java, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193
SHA-256 | 5c5b4fd7e5a648001b92c7e12c66535da73f76c0a24949138c73d380b58f811d
Red Hat Security Advisory 2023-4211-01
Posted Jul 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4211-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

tags | advisory, java, denial of service, overflow, vulnerability
systems | linux, redhat, windows
advisories | CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193
SHA-256 | 4d219381d45e2edd902db35713860843b101bbb38f67cf23777473567adc345e
Red Hat Security Advisory 2023-4175-01
Posted Jul 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4175-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

tags | advisory, java, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193
SHA-256 | 83a3c6369bdd9752a487c063987cc0f6a0810b06c9029984a1cd66fe3912d804
Red Hat Security Advisory 2023-4176-01
Posted Jul 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4176-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.

tags | advisory, java, overflow
systems | linux, redhat
advisories | CVE-2023-22045, CVE-2023-22049
SHA-256 | 0dda9e3a18d728f1e2c6089aa3a15d8e7f3706b99b3ca038b203724538557316
Red Hat Security Advisory 2023-4208-01
Posted Jul 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4208-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

tags | advisory, java, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193
SHA-256 | debb5209202e6e23615d29004a64dcead48b7e1db16e0eb6b0f439d41ddafa31
Red Hat Security Advisory 2023-4209-01
Posted Jul 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4209-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include an integer overflow vulnerability.

tags | advisory, java, overflow
systems | linux, redhat
advisories | CVE-2023-22045, CVE-2023-22049
SHA-256 | fb7e3796c3a1c32137bdf76b3c1b96d31eb6d5a1cdaebd4d7eed67d2f9163aec
Red Hat Security Advisory 2023-4212-01
Posted Jul 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4212-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include an integer overflow vulnerability.

tags | advisory, java, overflow
systems | linux, redhat, windows
advisories | CVE-2023-22045, CVE-2023-22049
SHA-256 | 502e14cf3d84e4253ead1d3fb32ef25a6a9663af4db4f8c17b3a4f77d11f1376
Red Hat Security Advisory 2023-4161-01
Posted Jul 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4161-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for Windows serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

tags | advisory, java, denial of service, overflow, vulnerability
systems | linux, redhat, windows
advisories | CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193
SHA-256 | b4743a1f577fb5ee07e16a414faf65145a78773fd4180e08bc70413700126f1a
Red Hat Security Advisory 2023-4170-01
Posted Jul 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4170-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

tags | advisory, java, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193
SHA-256 | 2c10cbd533b2a94ea4d216dfe2553df79effa161cf7633a4a9f501f36e6490ef
Page 1 of 2
Back12Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close