issues
advisories
todo
stats
log
login

Log

« prev 1 2 … 879 880 881 882 883 884 885 … 2047 2048 next »

AVG-1847 edited at 21 Apr 2021 12:06:49

Severity

-	Unknown
+	Medium

CVE-2021-2161 edited at 21 Apr 2021 12:06:49

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Arbitrary filesystem access

Description

+	Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data.
+
+	Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component.

References

+	https://www.oracle.com/security-alerts/cpuapr2021verbose.html#JAVA

Notes

AVG-1847 created at 21 Apr 2021 12:05:39

Packages

+	jdk-openjdk
+	jre-openjdk
+	jre-openjdk-headless

Issues

+	CVE-2021-2161
+	CVE-2021-2163

Status

+	Vulnerable

Severity

Unknown

Affected

+	15.0.2.u7-1

Fixed

Ticket

Advisory qualified

Yes

References

Notes

CVE-2021-2161 created at 21 Apr 2021 12:05:39

AVG-1847 created at 21 Apr 2021 12:05:39

Packages

+	jdk-openjdk
+	jre-openjdk
+	jre-openjdk-headless

Issues

+	CVE-2021-2161
+	CVE-2021-2163

Status

+	Vulnerable

Severity

Unknown

Affected

+	15.0.2.u7-1

Fixed

Ticket

Advisory qualified

Yes

References

Notes

CVE-2021-2163 created at 21 Apr 2021 12:05:39

AVG-1829 edited at 21 Apr 2021 09:54:32

Status

-	Vulnerable
+	Fixed

Fixed

1.9.5-1

CVE-2021-2310 edited at 21 Apr 2021 09:53:44

Severity

-	Unknown
+	High

Remote

-	Unknown
+	Local

Type

-	Unknown
+	Arbitrary code execution

Description

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.

References

+	https://www.oracle.com/security-alerts/cpuapr2021verbose.html#OVIR

Notes

CVE-2021-2309 edited at 21 Apr 2021 09:53:04

Severity

-	Unknown
+	High

Remote

-	Unknown
+	Local

Type

-	Unknown
+	Arbitrary code execution

Description

References

+	https://www.oracle.com/security-alerts/cpuapr2021verbose.html#OVIR

Notes

CVE-2021-2306 edited at 21 Apr 2021 09:52:30

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Local

Type

-	Unknown
+	Information disclosure

Description

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data.

References

+	https://www.oracle.com/security-alerts/cpuapr2021verbose.html#OVIR

Notes

CVE-2021-2297 edited at 21 Apr 2021 09:52:00

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Local

Type

-	Unknown
+	Information disclosure

Description

References

+	https://www.oracle.com/security-alerts/cpuapr2021verbose.html#OVIR

Notes

CVE-2021-2296 edited at 21 Apr 2021 09:51:31

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Local

Type

-	Unknown
+	Information disclosure

Description

References

+	https://www.oracle.com/security-alerts/cpuapr2021verbose.html#OVIR

Notes

CVE-2021-2291 edited at 21 Apr 2021 09:51:01

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Local

Type

-	Unknown
+	Information disclosure

Description

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data.

References

+	https://www.oracle.com/security-alerts/cpuapr2021verbose.html#OVIR

Notes