MidnightBSD

Advisories for azul

CVE-2018-25032 MEDIUM

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
azul zulu 15.38
netapp ontap_select_deploy_administration_utility -
netapp active_iq_unified_manager -
netapp management_services_for_element_software -
netapp h300s_firmware -
apple macos *
azul zulu 7.52
fedoraproject fedora 36
siemens scalance_sc626-2c_firmware *
siemens scalance_sc642-2c_firmware *
nokogiri nokogiri *
fedoraproject fedora 34
netapp hci_compute_node -
goto gotoassist *
netapp h410s_firmware -
siemens scalance_sc632-2c_firmware *
azul zulu 8.60
debian debian_linux 10.0
zlib zlib *
azul zulu 11.54
mariadb mariadb *
debian debian_linux 9.0
siemens scalance_sc646-2c_firmware *
apple mac_os_x *
fedoraproject fedora 35
apple mac_os_x 10.15.7
netapp h500s_firmware -
azul zulu 13.46
debian debian_linux 11.0
azul zulu 17.32
python python *
netapp oncommand_workflow_automation -
netapp e-series_santricity_os_controller *
netapp h700s_firmware -
siemens scalance_sc636-2c_firmware *
netapp h410c_firmware -
siemens scalance_sc622-2c_firmware *
azul zulu 6.45
CVE-2022-21426 MEDIUM

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp cloud_secure_agent -
azul zulu 15.38
oracle jre 1.7.0
netapp active_iq_unified_manager -
netapp santricity_unified_manager -
azul zulu 7.52
netapp cloud_insights_acquisition_unit -
netapp oncommand_insight -
netapp 7-mode_transition_tool -
netapp solidfire_&_hci_management_node -
oracle jre 17.0.2
oracle graalvm 20.3.5
oracle graalvm 21.3.1
oracle jdk 17.0.2
oracle jre 18
azul zulu 18.28
oracle graalvm 22.0.0.2
netapp e-series_santricity_storage_manager -
azul zulu 8.60
oracle jdk 11.0.14
debian debian_linux 10.0
oracle jre 11.0.14
oracle jdk 1.8.0
netapp hci_compute_node_firmware -
oracle jdk 18
azul zulu 11.54
netapp solidfire,_enterprise_sds_&_hci_storage_node -
oracle jre 1.8.0
debian debian_linux 9.0
oracle jdk 1.7.0
netapp e-series_santricity_web_services -
azul zulu 13.46
debian debian_linux 11.0
azul zulu 17.32
netapp e-series_santricity_os_controller *
azul zulu 6.45
CVE-2022-21434 MEDIUM

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp cloud_secure_agent -
azul zulu 15.38
oracle jre 1.7.0
netapp active_iq_unified_manager -
netapp santricity_unified_manager -
azul zulu 7.52
netapp cloud_insights_acquisition_unit -
netapp oncommand_insight -
netapp 7-mode_transition_tool -
netapp solidfire_&_hci_management_node -
oracle jre 17.0.2
oracle graalvm 20.3.5
oracle graalvm 21.3.1
oracle jdk 17.0.2
oracle jre 18
azul zulu 18.28
oracle graalvm 22.0.0.2
netapp e-series_santricity_storage_manager -
azul zulu 8.60
oracle jdk 11.0.14
debian debian_linux 10.0
oracle jre 11.0.14
oracle jdk 1.8.0
netapp hci_compute_node_firmware -
oracle jdk 18
azul zulu 11.54
netapp solidfire,_enterprise_sds_&_hci_storage_node -
oracle jre 1.8.0
debian debian_linux 9.0
oracle jdk 1.7.0
netapp e-series_santricity_web_services -
azul zulu 13.46
debian debian_linux 11.0
azul zulu 17.32
netapp e-series_santricity_os_controller *
azul zulu 6.45
CVE-2022-21443 MEDIUM

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp cloud_secure_agent -
azul zulu 15.38
netapp element_software -
netapp active_iq_unified_manager -
netapp hci_management_node -
netapp santricity_unified_manager -
azul zulu 7.52
netapp cloud_insights_acquisition_unit -
netapp oncommand_insight -
oracle java_se 18
oracle java_se 7u331
oracle graalvm 20.3.5
oracle graalvm 21.3.1
oracle java_se 11.0.14
azul zulu 18.28
oracle graalvm 22.0.0.2
netapp bootstrap_os -
netapp e-series_santricity_storage_manager -
azul zulu 8.60
oracle java_se 17.0.2
debian debian_linux 10.0
azul zulu 11.54
debian debian_linux 9.0
oracle java_se 8u321
netapp e-series_santricity_web_services -
azul zulu 13.46
netapp solidfire -
debian debian_linux 11.0
azul zulu 17.32
netapp e-series_santricity_os_controller *
azul zulu 6.45
CVE-2022-21449 MEDIUM

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
azul zulu 15.38
debian debian_linux 10.0
oracle jdk 18
netapp active_iq_unified_manager -
netapp solidfire,_enterprise_sds_&_hci_storage_node -
netapp santricity_unified_manager -
netapp oncommand_insight -
netapp 7-mode_transition_tool -
netapp solidfire_&_hci_management_node -
netapp e-series_santricity_web_services -
netapp cloud_insights -
debian debian_linux 11.0
oracle graalvm 21.3.1
oracle jdk 17.0.2
azul zulu 17.32
netapp hci_compute_node -
azul zulu 18.28
netapp oncommand_workflow_automation -
oracle graalvm 22.0.0.2
netapp e-series_santricity_os_controller 11.0
netapp e-series_santricity_storage_manager -
CVE-2022-21476 MEDIUM

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle openjdk *
netapp cloud_secure_agent -
azul zulu 15.38
netapp element_software -
oracle jdk 7.0
netapp active_iq_unified_manager -
netapp hci_management_node -
netapp santricity_unified_manager -
azul zulu 7.52
netapp cloud_insights_acquisition_unit -
netapp oncommand_insight -
oracle graalvm 20.3.5
oracle graalvm 21.3.1
oracle jdk 17.0.2
oracle graalvm 22.0.0.2
netapp bootstrap_os -
oracle openjdk 7
netapp e-series_santricity_storage_manager -
azul zulu 8.60
oracle jdk 11.0.14
debian debian_linux 10.0
oracle jdk 18
oracle openjdk 8
azul zulu 11.54
debian debian_linux 9.0
oracle jdk 8.0
oracle openjdk 18
netapp e-series_santricity_web_services -
azul zulu 13.46
netapp solidfire -
debian debian_linux 11.0
azul zulu 17.32
netapp e-series_santricity_os_controller *
CVE-2022-21496 MEDIUM

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4
secalert_us@oracle.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp cloud_secure_agent -
azul zulu 15.38
netapp element_software -
netapp active_iq_unified_manager -
netapp hci_management_node -
netapp santricity_unified_manager -
azul zulu 7.52
netapp cloud_insights_acquisition_unit -
netapp oncommand_insight -
oracle java_se 18
oracle java_se 7u331
oracle graalvm 20.3.5
oracle graalvm 21.3.1
oracle java_se 11.0.14
azul zulu 18.28
oracle graalvm 22.0.0.2
netapp bootstrap_os -
netapp e-series_santricity_storage_manager -
azul zulu 8.60
oracle java_se 17.0.2
azul zulu 11.54
debian debian_linux 9.0
oracle java_se 8u321
netapp e-series_santricity_web_services -
azul zulu 13.46
netapp solidfire -
azul zulu 17.32
netapp e-series_santricity_os_controller *
azul zulu 6.45
CVE-2022-21540

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
oracle openjdk *
netapp cloud_secure_agent -
oracle jre 18.0.1.1
oracle jre 1.7.0
netapp active_iq_unified_manager -
netapp hci_management_node -
fedoraproject fedora 36
netapp cloud_insights_acquisition_unit -
azul zulu 6.47
netapp oncommand_insight -
netapp 7-mode_transition_tool -
oracle graalvm 22.1.0
azul zulu 8.62
netapp hci_compute_node -
azul zulu 15.40
oracle openjdk 7
oracle graalvm 21.3.2
debian debian_linux 10.0
oracle jdk 1.8.0
azul zulu 18.30
azul zulu 11.56
azul zulu 7.54
oracle openjdk 8
oracle jre 1.8.0
oracle jdk 11.0.15.1
oracle jdk 17.0.3.1
oracle openjdk 18
azul zulu 17.34
oracle jdk 1.7.0
netapp solidfire -
debian debian_linux 11.0
oracle jre 11.0.15.1
oracle graalvm 20.3.6
azul zulu 13.48
oracle jre 17.0.3.1
oracle jdk 18.0.1.1
CVE-2022-21541

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

Products Affected

Vendor Product Version
oracle openjdk *
netapp cloud_secure_agent -
oracle jre 18.0.1.1
oracle jre 1.7.0
netapp active_iq_unified_manager -
netapp hci_management_node -
fedoraproject fedora 36
netapp cloud_insights_acquisition_unit -
netapp oncommand_insight -
netapp 7-mode_transition_tool -
oracle graalvm 22.1.0
azul zulu 8.62
netapp hci_compute_node -
azul zulu 15.40
oracle openjdk 7
oracle graalvm 21.3.2
debian debian_linux 10.0
oracle jdk 1.8.0
azul zulu 18.30
azul zulu 11.56
azul zulu 7.54
oracle openjdk 8
oracle jre 1.8.0
oracle jdk 11.0.15.1
oracle jdk 17.0.3.1
oracle openjdk 18
azul zulu 17.34
oracle jdk 1.7.0
netapp solidfire -
debian debian_linux 11.0
oracle jre 11.0.15.1
oracle graalvm 20.3.6
azul zulu 13.48
oracle jre 17.0.3.1
oracle jdk 18.0.1.1
CVE-2022-21549

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
netapp cloud_secure_agent -
netapp active_iq_unified_manager -
netapp hci_management_node -
oracle jdk 17.0.3.1
fedoraproject fedora 36
netapp cloud_insights_acquisition_unit -
netapp oncommand_insight -
netapp 7-mode_transition_tool -
azul zulu 17.34
oracle graalvm 22.1.0
fedoraproject fedora 35
netapp solidfire -
debian debian_linux 11.0
netapp hci_compute_node -
oracle jre 17.0.3.1
oracle graalvm 21.3.2
CVE-2022-21618

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Products Affected

Vendor Product Version
netapp cloud_secure_agent -
oracle graalvm 22.2.0
azul zulu 15.42
oracle jdk 17.0.4.1
oracle jre 17.0.4.1
fedoraproject fedora 36
netapp cloud_insights_acquisition_unit -
netapp oncommand_insight -
netapp 7-mode_transition_tool -
fedoraproject fedora 35
azul zulu 19.28
azul zulu 17.36
azul zulu 13.50
netapp e-series_santricity_unified_manager -
netapp oncommand_workflow_automation -
netapp e-series_santricity_os_controller *
oracle jdk 19
netapp santricity_storage_plugin -
oracle jre 19
oracle graalvm 21.3.3
netapp e-series_santricity_storage_manager -
azul zulu 11.58
CVE-2022-21619

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Products Affected

Vendor Product Version
netapp cloud_secure_agent -
oracle graalvm 22.2.0
azul zulu 15.42
oracle jdk 17.0.4.1
oracle jre 17.0.4.1
oracle jdk 11.0.16.1
fedoraproject fedora 36
netapp cloud_insights_acquisition_unit -
netapp oncommand_insight -
netapp 7-mode_transition_tool -
netapp e-series_santricity_unified_manager -
oracle jre 11.0.16.1
oracle jdk 19
oracle graalvm 21.3.3
netapp e-series_santricity_storage_manager -
azul zulu 11.58
netapp e-series_santricity_os_controller 11.70.2
azul zulu 7.56
oracle jdk 1.8.0
oracle jre 1.8.0
netapp santricity_web_services_proxy -
azul zulu 8.64
fedoraproject fedora 35
azul zulu 19.28
azul zulu 17.36
azul zulu 13.50
netapp oncommand_workflow_automation -
netapp e-series_santricity_os_controller *
netapp santricity_storage_plugin -
oracle jre 19
oracle graalvm 20.3.7
CVE-2022-21624

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Products Affected

Vendor Product Version
netapp cloud_secure_agent -
oracle graalvm 22.2.0
azul zulu 15.42
oracle jdk 17.0.4.1
oracle jre 17.0.4.1
oracle jdk 11.0.16.1
fedoraproject fedora 36
netapp cloud_insights_acquisition_unit -
netapp oncommand_insight -
netapp 7-mode_transition_tool -
netapp e-series_santricity_unified_manager -
oracle jre 11.0.16.1
azul zulu 6.49
oracle jdk 19
oracle graalvm 21.3.3
netapp e-series_santricity_storage_manager -
azul zulu 11.58
azul zulu 7.56
oracle jdk 1.8.0
oracle jre 1.8.0
netapp santricity_web_services_proxy -
azul zulu 8.64
fedoraproject fedora 35
azul zulu 19.28
azul zulu 17.36
azul zulu 13.50
netapp oncommand_workflow_automation -
netapp e-series_santricity_os_controller *
netapp santricity_storage_plugin -
oracle jre 19
oracle graalvm 20.3.7
CVE-2022-21626

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Products Affected

Vendor Product Version
netapp cloud_secure_agent -
oracle graalvm 22.2.0
azul zulu 15.42
oracle jdk 11.0.16.1
fedoraproject fedora 36
netapp cloud_insights_acquisition_unit -
netapp oncommand_insight -
netapp 7-mode_transition_tool -
netapp e-series_santricity_unified_manager -
oracle jre 11.0.16.1
azul zulu 6.49
oracle graalvm 21.3.3
netapp e-series_santricity_storage_manager -
azul zulu 11.58
azul zulu 7.56
oracle jdk 1.8.0
oracle jre 1.8.0
netapp santricity_web_services_proxy -
azul zulu 8.64
fedoraproject fedora 35
azul zulu 13.50
netapp oncommand_workflow_automation -
netapp e-series_santricity_os_controller *
netapp santricity_storage_plugin -
oracle graalvm 20.3.7
CVE-2022-21628

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Products Affected

Vendor Product Version
netapp cloud_secure_agent -
oracle graalvm 22.2.0
azul zulu 15.42
oracle jdk 17.0.4.1
oracle jre 17.0.4.1
oracle jdk 11.0.16.1
fedoraproject fedora 36
netapp cloud_insights_acquisition_unit -
netapp oncommand_insight -
netapp 7-mode_transition_tool -
netapp e-series_santricity_unified_manager -
oracle jre 11.0.16.1
azul zulu 6.49
oracle jdk 19
oracle graalvm 21.3.3
netapp e-series_santricity_storage_manager -
azul zulu 11.58
azul zulu 7.56
oracle jdk 1.8.0
oracle jre 1.8.0
netapp santricity_web_services_proxy -
azul zulu 8.64
fedoraproject fedora 35
azul zulu 19.28
azul zulu 17.36
azul zulu 13.50
netapp oncommand_workflow_automation -
netapp e-series_santricity_os_controller *
netapp santricity_storage_plugin -
oracle jre 19
oracle graalvm 20.3.7
CVE-2022-34169

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.

Products Affected

Vendor Product Version
netapp cloud_secure_agent -
oracle jre 18.0.1.1
oracle jre 1.7.0
netapp active_iq_unified_manager -
netapp cloud_insights_acquisition_unit -
netapp oncommand_insight -
oracle graalvm 22.1.0
azul zulu 8.62
azul zulu 6.49
netapp hci_compute_node -
azul zulu 15.40
azul zulu 8.63
azul zulu 13.49
azul zulu 11.58
oracle graalvm 21.3.2
apache xalan-java *
azul zulu 15.41
debian debian_linux 10.0
azul zulu 11.57
azul zulu 18.30
oracle openjdk 8
oracle jdk 11.0.15.1
azul zulu 8.64
oracle jdk 1.7.0
fedoraproject fedora 35
azul zulu 17.36
debian debian_linux 11.0
azul zulu 13.48
azul zulu 18.32
oracle jre 17.0.3.1
oracle jdk 18.0.1.1
oracle openjdk *
azul zulu 15.42
netapp hci_management_node -
fedoraproject fedora 36
azul zulu 6.47
netapp 7-mode_transition_tool -
oracle openjdk 7
azul zulu 7.56
azul zulu 17.35
oracle jdk 1.8.0
azul zulu 11.56
azul zulu 7.54
oracle jre 1.8.0
oracle jdk 17.0.3.1
oracle openjdk 18
azul zulu 17.34
netapp solidfire -
oracle jre 11.0.15.1
azul zulu 13.50
oracle graalvm 20.3.6
azul zulu 7.55
CVE-2022-39399

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Products Affected

Vendor Product Version
netapp cloud_secure_agent -
oracle graalvm 22.2.0
azul zulu 15.42
oracle jdk 17.0.4.1
oracle jre 17.0.4.1
oracle jdk 11.0.16.1
fedoraproject fedora 36
netapp cloud_insights_acquisition_unit -
netapp oncommand_insight -
netapp 7-mode_transition_tool -
netapp e-series_santricity_unified_manager -
oracle jre 11.0.16.1
oracle jdk 19
oracle graalvm 21.3.3
netapp e-series_santricity_storage_manager -
azul zulu 11.58
netapp santricity_web_services_proxy -
fedoraproject fedora 35
azul zulu 19.28
azul zulu 17.36
azul zulu 13.50
netapp oncommand_workflow_automation -
netapp e-series_santricity_os_controller *
netapp santricity_storage_plugin -
oracle jre 19
oracle graalvm 20.3.7
CVE-2023-21830

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Products Affected

Vendor Product Version
oracle graalvm 22.3.0
oracle communications_unified_assurance *
oracle jdk 1.8.0
azul zulu 8.66
oracle jre 17.0.5
oracle jre 1.8.0
azul zulu 7.57
oracle graalvm 20.3.8
oracle jdk 11.0.17
oracle jdk 19.0.1
azul zulu 6.51
oracle jre 11.0.17
oracle jre 19.0.1
oracle graalvm 21.3.4
oracle jdk 17.0.5
CVE-2023-21835

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Products Affected

Vendor Product Version
oracle graalvm 22.3.0
azul zulu 15.44
oracle jre 17.0.5
azul zulu 19.30
oracle graalvm 20.3.8
oracle jdk 11.0.17
oracle jdk 19.0.1
azul zulu 11.60
oracle jre 11.0.17
oracle jre 19.0.1
oracle graalvm 21.3.4
azul zulu 13.52
oracle jdk 17.0.5
azul zulu 17.38
CVE-2023-21843

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Products Affected

Vendor Product Version
oracle graalvm 22.3.0
oracle jdk 1.8.0
azul zulu 15.44
azul zulu 8.66
oracle jre 17.0.5
oracle jre 1.8.0
azul zulu 19.30
azul zulu 7.57
oracle graalvm 20.3.8
oracle jdk 11.0.17
oracle jdk 19.0.1
azul zulu 6.51
azul zulu 11.60
oracle jre 11.0.17
oracle jre 19.0.1
oracle graalvm 21.3.4
azul zulu 13.52
oracle jdk 17.0.5
azul zulu 17.38