java-13-openjdk-13.0.8.0-3.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10872 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z java-13-openjdk-13.0.8.0-3.1 on GA media These are all security issues fixed in the java-13-openjdk-13.0.8.0-3.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10872 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10872 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-11212/ SUSE CVE CVE-2018-11212 page https://www.suse.com/security/cve/CVE-2018-2790/ SUSE CVE CVE-2018-2790 page https://www.suse.com/security/cve/CVE-2018-2794/ SUSE CVE CVE-2018-2794 page https://www.suse.com/security/cve/CVE-2018-2795/ SUSE CVE CVE-2018-2795 page https://www.suse.com/security/cve/CVE-2018-2796/ SUSE CVE CVE-2018-2796 page https://www.suse.com/security/cve/CVE-2018-2797/ SUSE CVE CVE-2018-2797 page https://www.suse.com/security/cve/CVE-2018-2798/ SUSE CVE CVE-2018-2798 page https://www.suse.com/security/cve/CVE-2018-2799/ SUSE CVE CVE-2018-2799 page https://www.suse.com/security/cve/CVE-2018-2814/ SUSE CVE CVE-2018-2814 page https://www.suse.com/security/cve/CVE-2018-2825/ SUSE CVE CVE-2018-2825 page https://www.suse.com/security/cve/CVE-2018-2826/ SUSE CVE CVE-2018-2826 page https://www.suse.com/security/cve/CVE-2018-2940/ SUSE CVE CVE-2018-2940 page https://www.suse.com/security/cve/CVE-2018-2952/ SUSE CVE CVE-2018-2952 page https://www.suse.com/security/cve/CVE-2018-2972/ SUSE CVE CVE-2018-2972 page https://www.suse.com/security/cve/CVE-2018-2973/ SUSE CVE CVE-2018-2973 page https://www.suse.com/security/cve/CVE-2018-3136/ SUSE CVE CVE-2018-3136 page https://www.suse.com/security/cve/CVE-2018-3139/ SUSE CVE CVE-2018-3139 page https://www.suse.com/security/cve/CVE-2018-3149/ SUSE CVE CVE-2018-3149 page https://www.suse.com/security/cve/CVE-2018-3150/ SUSE CVE CVE-2018-3150 page https://www.suse.com/security/cve/CVE-2018-3157/ SUSE CVE CVE-2018-3157 page https://www.suse.com/security/cve/CVE-2018-3169/ SUSE CVE CVE-2018-3169 page https://www.suse.com/security/cve/CVE-2018-3180/ SUSE CVE CVE-2018-3180 page https://www.suse.com/security/cve/CVE-2018-3183/ SUSE CVE CVE-2018-3183 page https://www.suse.com/security/cve/CVE-2019-2422/ SUSE CVE CVE-2019-2422 page https://www.suse.com/security/cve/CVE-2019-2426/ SUSE CVE CVE-2019-2426 page https://www.suse.com/security/cve/CVE-2019-2602/ SUSE CVE CVE-2019-2602 page https://www.suse.com/security/cve/CVE-2019-2684/ SUSE CVE CVE-2019-2684 page https://www.suse.com/security/cve/CVE-2019-2745/ SUSE CVE CVE-2019-2745 page https://www.suse.com/security/cve/CVE-2019-2762/ SUSE CVE CVE-2019-2762 page https://www.suse.com/security/cve/CVE-2019-2766/ SUSE CVE CVE-2019-2766 page https://www.suse.com/security/cve/CVE-2019-2769/ SUSE CVE CVE-2019-2769 page https://www.suse.com/security/cve/CVE-2019-2786/ SUSE CVE CVE-2019-2786 page https://www.suse.com/security/cve/CVE-2019-2816/ SUSE CVE CVE-2019-2816 page https://www.suse.com/security/cve/CVE-2019-2818/ SUSE CVE CVE-2019-2818 page https://www.suse.com/security/cve/CVE-2019-2821/ SUSE CVE CVE-2019-2821 page https://www.suse.com/security/cve/CVE-2019-2894/ SUSE CVE CVE-2019-2894 page https://www.suse.com/security/cve/CVE-2019-2933/ SUSE CVE CVE-2019-2933 page https://www.suse.com/security/cve/CVE-2019-2945/ SUSE CVE CVE-2019-2945 page https://www.suse.com/security/cve/CVE-2019-2949/ SUSE CVE CVE-2019-2949 page https://www.suse.com/security/cve/CVE-2019-2958/ SUSE CVE CVE-2019-2958 page https://www.suse.com/security/cve/CVE-2019-2962/ SUSE CVE CVE-2019-2962 page https://www.suse.com/security/cve/CVE-2019-2964/ SUSE CVE CVE-2019-2964 page https://www.suse.com/security/cve/CVE-2019-2973/ SUSE CVE CVE-2019-2973 page https://www.suse.com/security/cve/CVE-2019-2975/ SUSE CVE CVE-2019-2975 page https://www.suse.com/security/cve/CVE-2019-2977/ SUSE CVE CVE-2019-2977 page https://www.suse.com/security/cve/CVE-2019-2978/ SUSE CVE CVE-2019-2978 page https://www.suse.com/security/cve/CVE-2019-2981/ SUSE CVE CVE-2019-2981 page https://www.suse.com/security/cve/CVE-2019-2983/ SUSE CVE CVE-2019-2983 page https://www.suse.com/security/cve/CVE-2019-2987/ SUSE CVE CVE-2019-2987 page https://www.suse.com/security/cve/CVE-2019-2988/ SUSE CVE CVE-2019-2988 page https://www.suse.com/security/cve/CVE-2019-2989/ SUSE CVE CVE-2019-2989 page https://www.suse.com/security/cve/CVE-2019-2992/ SUSE CVE CVE-2019-2992 page https://www.suse.com/security/cve/CVE-2019-2999/ SUSE CVE CVE-2019-2999 page https://www.suse.com/security/cve/CVE-2019-7317/ SUSE CVE CVE-2019-7317 page https://www.suse.com/security/cve/CVE-2020-14556/ SUSE CVE CVE-2020-14556 page https://www.suse.com/security/cve/CVE-2020-14562/ SUSE CVE CVE-2020-14562 page https://www.suse.com/security/cve/CVE-2020-14573/ SUSE CVE CVE-2020-14573 page https://www.suse.com/security/cve/CVE-2020-14577/ SUSE CVE CVE-2020-14577 page https://www.suse.com/security/cve/CVE-2020-14581/ SUSE CVE CVE-2020-14581 page https://www.suse.com/security/cve/CVE-2020-14583/ SUSE CVE CVE-2020-14583 page https://www.suse.com/security/cve/CVE-2020-14593/ SUSE CVE CVE-2020-14593 page https://www.suse.com/security/cve/CVE-2020-14621/ SUSE CVE CVE-2020-14621 page https://www.suse.com/security/cve/CVE-2020-14779/ SUSE CVE CVE-2020-14779 page https://www.suse.com/security/cve/CVE-2020-14781/ SUSE CVE CVE-2020-14781 page https://www.suse.com/security/cve/CVE-2020-14782/ SUSE CVE CVE-2020-14782 page https://www.suse.com/security/cve/CVE-2020-14792/ SUSE CVE CVE-2020-14792 page https://www.suse.com/security/cve/CVE-2020-14796/ SUSE CVE CVE-2020-14796 page https://www.suse.com/security/cve/CVE-2020-14797/ SUSE CVE CVE-2020-14797 page https://www.suse.com/security/cve/CVE-2020-14798/ SUSE CVE CVE-2020-14798 page https://www.suse.com/security/cve/CVE-2020-14803/ SUSE CVE CVE-2020-14803 page https://www.suse.com/security/cve/CVE-2020-2583/ SUSE CVE CVE-2020-2583 page https://www.suse.com/security/cve/CVE-2020-2590/ SUSE CVE CVE-2020-2590 page https://www.suse.com/security/cve/CVE-2020-2593/ SUSE CVE CVE-2020-2593 page https://www.suse.com/security/cve/CVE-2020-2601/ SUSE CVE CVE-2020-2601 page https://www.suse.com/security/cve/CVE-2020-2604/ SUSE CVE CVE-2020-2604 page https://www.suse.com/security/cve/CVE-2020-2654/ SUSE CVE CVE-2020-2654 page https://www.suse.com/security/cve/CVE-2020-2655/ SUSE CVE CVE-2020-2655 page https://www.suse.com/security/cve/CVE-2020-2754/ SUSE CVE CVE-2020-2754 page https://www.suse.com/security/cve/CVE-2020-2755/ SUSE CVE CVE-2020-2755 page https://www.suse.com/security/cve/CVE-2020-2756/ SUSE CVE CVE-2020-2756 page https://www.suse.com/security/cve/CVE-2020-2757/ SUSE CVE CVE-2020-2757 page https://www.suse.com/security/cve/CVE-2020-2767/ SUSE CVE CVE-2020-2767 page https://www.suse.com/security/cve/CVE-2020-2773/ SUSE CVE CVE-2020-2773 page https://www.suse.com/security/cve/CVE-2020-2778/ SUSE CVE CVE-2020-2778 page https://www.suse.com/security/cve/CVE-2020-2781/ SUSE CVE CVE-2020-2781 page https://www.suse.com/security/cve/CVE-2020-2800/ SUSE CVE CVE-2020-2800 page https://www.suse.com/security/cve/CVE-2020-2803/ SUSE CVE CVE-2020-2803 page https://www.suse.com/security/cve/CVE-2020-2805/ SUSE CVE CVE-2020-2805 page https://www.suse.com/security/cve/CVE-2020-2816/ SUSE CVE CVE-2020-2816 page https://www.suse.com/security/cve/CVE-2020-2830/ SUSE CVE CVE-2020-2830 page https://www.suse.com/security/cve/CVE-2021-2161/ SUSE CVE CVE-2021-2161 page https://www.suse.com/security/cve/CVE-2021-2163/ SUSE CVE CVE-2021-2163 page https://www.suse.com/security/cve/CVE-2021-2341/ SUSE CVE CVE-2021-2341 page https://www.suse.com/security/cve/CVE-2021-2369/ SUSE CVE CVE-2021-2369 page https://www.suse.com/security/cve/CVE-2021-2388/ SUSE CVE CVE-2021-2388 page openSUSE Tumbleweed java-13-openjdk-13.0.8.0-3.1 java-13-openjdk-accessibility-13.0.8.0-3.1 java-13-openjdk-demo-13.0.8.0-3.1 java-13-openjdk-devel-13.0.8.0-3.1 java-13-openjdk-headless-13.0.8.0-3.1 java-13-openjdk-javadoc-13.0.8.0-3.1 java-13-openjdk-jmods-13.0.8.0-3.1 java-13-openjdk-src-13.0.8.0-3.1 java-13-openjdk-13.0.8.0-3.1 as a component of openSUSE Tumbleweed java-13-openjdk-accessibility-13.0.8.0-3.1 as a component of openSUSE Tumbleweed java-13-openjdk-demo-13.0.8.0-3.1 as a component of openSUSE Tumbleweed java-13-openjdk-devel-13.0.8.0-3.1 as a component of openSUSE Tumbleweed java-13-openjdk-headless-13.0.8.0-3.1 as a component of openSUSE Tumbleweed java-13-openjdk-javadoc-13.0.8.0-3.1 as a component of openSUSE Tumbleweed java-13-openjdk-jmods-13.0.8.0-3.1 as a component of openSUSE Tumbleweed java-13-openjdk-src-13.0.8.0-3.1 as a component of openSUSE Tumbleweed An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. CVE-2018-11212 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-11212.html CVE-2018-11212 https://bugzilla.suse.com/1122299 SUSE Bug 1122299 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). CVE-2018-2790 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2790.html CVE-2018-2790 https://bugzilla.suse.com/1090023 SUSE Bug 1090023 https://bugzilla.suse.com/1093311 SUSE Bug 1093311 https://bugzilla.suse.com/1101637 SUSE Bug 1101637 Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-2794 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2794.html CVE-2018-2794 https://bugzilla.suse.com/1090024 SUSE Bug 1090024 https://bugzilla.suse.com/1093311 SUSE Bug 1093311 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2018-2795 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2795.html CVE-2018-2795 https://bugzilla.suse.com/1090025 SUSE Bug 1090025 https://bugzilla.suse.com/1093311 SUSE Bug 1093311 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2018-2796 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2796.html CVE-2018-2796 https://bugzilla.suse.com/1090026 SUSE Bug 1090026 https://bugzilla.suse.com/1093311 SUSE Bug 1093311 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2018-2797 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2797.html CVE-2018-2797 https://bugzilla.suse.com/1090027 SUSE Bug 1090027 https://bugzilla.suse.com/1093311 SUSE Bug 1093311 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2018-2798 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2798.html CVE-2018-2798 https://bugzilla.suse.com/1090028 SUSE Bug 1090028 https://bugzilla.suse.com/1093311 SUSE Bug 1093311 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2018-2799 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2799.html CVE-2018-2799 https://bugzilla.suse.com/1090029 SUSE Bug 1090029 https://bugzilla.suse.com/1093311 SUSE Bug 1093311 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-2814 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2814.html CVE-2018-2814 https://bugzilla.suse.com/1090032 SUSE Bug 1090032 https://bugzilla.suse.com/1093311 SUSE Bug 1093311 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-2825 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2825.html CVE-2018-2825 https://bugzilla.suse.com/1090196 SUSE Bug 1090196 https://bugzilla.suse.com/1093311 SUSE Bug 1093311 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-2826 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2826.html CVE-2018-2826 https://bugzilla.suse.com/1090197 SUSE Bug 1090197 https://bugzilla.suse.com/1093311 SUSE Bug 1093311 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). CVE-2018-2940 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2940.html CVE-2018-2940 https://bugzilla.suse.com/1101645 SUSE Bug 1101645 https://bugzilla.suse.com/1101656 SUSE Bug 1101656 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2018-2952 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2952.html CVE-2018-2952 https://bugzilla.suse.com/1101645 SUSE Bug 1101645 https://bugzilla.suse.com/1101651 SUSE Bug 1101651 https://bugzilla.suse.com/1101656 SUSE Bug 1101656 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). The supported version that is affected is Java SE: 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). CVE-2018-2972 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2972.html CVE-2018-2972 https://bugzilla.suse.com/1101655 SUSE Bug 1101655 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). CVE-2018-2973 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2973.html CVE-2018-2973 https://bugzilla.suse.com/1101645 SUSE Bug 1101645 https://bugzilla.suse.com/1101656 SUSE Bug 1101656 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N). CVE-2018-3136 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3136.html CVE-2018-3136 https://bugzilla.suse.com/1112142 SUSE Bug 1112142 https://bugzilla.suse.com/1112143 SUSE Bug 1112143 https://bugzilla.suse.com/1112144 SUSE Bug 1112144 https://bugzilla.suse.com/1112146 SUSE Bug 1112146 https://bugzilla.suse.com/1112148 SUSE Bug 1112148 https://bugzilla.suse.com/1112152 SUSE Bug 1112152 https://bugzilla.suse.com/1116574 SUSE Bug 1116574 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVE-2018-3139 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3139.html CVE-2018-3139 https://bugzilla.suse.com/1112142 SUSE Bug 1112142 https://bugzilla.suse.com/1112143 SUSE Bug 1112143 https://bugzilla.suse.com/1112144 SUSE Bug 1112144 https://bugzilla.suse.com/1112146 SUSE Bug 1112146 https://bugzilla.suse.com/1112148 SUSE Bug 1112148 https://bugzilla.suse.com/1112152 SUSE Bug 1112152 https://bugzilla.suse.com/1116574 SUSE Bug 1116574 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-3149 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3149.html CVE-2018-3149 https://bugzilla.suse.com/1112142 SUSE Bug 1112142 https://bugzilla.suse.com/1112143 SUSE Bug 1112143 https://bugzilla.suse.com/1112144 SUSE Bug 1112144 https://bugzilla.suse.com/1112146 SUSE Bug 1112146 https://bugzilla.suse.com/1112148 SUSE Bug 1112148 https://bugzilla.suse.com/1112152 SUSE Bug 1112152 https://bugzilla.suse.com/1116574 SUSE Bug 1116574 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Utility). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2018-3150 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3150.html CVE-2018-3150 https://bugzilla.suse.com/1112145 SUSE Bug 1112145 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Sound). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). CVE-2018-3157 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3157.html CVE-2018-3157 https://bugzilla.suse.com/1112149 SUSE Bug 1112149 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-3169 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3169.html CVE-2018-3169 https://bugzilla.suse.com/1112142 SUSE Bug 1112142 https://bugzilla.suse.com/1112143 SUSE Bug 1112143 https://bugzilla.suse.com/1112144 SUSE Bug 1112144 https://bugzilla.suse.com/1112146 SUSE Bug 1112146 https://bugzilla.suse.com/1112148 SUSE Bug 1112148 https://bugzilla.suse.com/1112152 SUSE Bug 1112152 https://bugzilla.suse.com/1116574 SUSE Bug 1116574 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). CVE-2018-3180 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3180.html CVE-2018-3180 https://bugzilla.suse.com/1112142 SUSE Bug 1112142 https://bugzilla.suse.com/1112143 SUSE Bug 1112143 https://bugzilla.suse.com/1112144 SUSE Bug 1112144 https://bugzilla.suse.com/1112146 SUSE Bug 1112146 https://bugzilla.suse.com/1112147 SUSE Bug 1112147 https://bugzilla.suse.com/1112148 SUSE Bug 1112148 https://bugzilla.suse.com/1112152 SUSE Bug 1112152 https://bugzilla.suse.com/1116574 SUSE Bug 1116574 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). CVE-2018-3183 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3183.html CVE-2018-3183 https://bugzilla.suse.com/1112142 SUSE Bug 1112142 https://bugzilla.suse.com/1112143 SUSE Bug 1112143 https://bugzilla.suse.com/1112144 SUSE Bug 1112144 https://bugzilla.suse.com/1112146 SUSE Bug 1112146 https://bugzilla.suse.com/1112148 SUSE Bug 1112148 https://bugzilla.suse.com/1112152 SUSE Bug 1112152 https://bugzilla.suse.com/1116574 SUSE Bug 1116574 https://bugzilla.suse.com/1120714 SUSE Bug 1120714 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVE-2019-2422 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2422.html CVE-2019-2422 https://bugzilla.suse.com/1122293 SUSE Bug 1122293 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). CVE-2019-2426 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2426.html CVE-2019-2426 https://bugzilla.suse.com/1134297 SUSE Bug 1134297 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). CVE-2019-2602 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2602.html CVE-2019-2602 https://bugzilla.suse.com/1132728 SUSE Bug 1132728 https://bugzilla.suse.com/1134718 SUSE Bug 1134718 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). CVE-2019-2684 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2684.html CVE-2019-2684 https://bugzilla.suse.com/1132732 SUSE Bug 1132732 https://bugzilla.suse.com/1134718 SUSE Bug 1134718 https://bugzilla.suse.com/1184734 SUSE Bug 1184734 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). CVE-2019-2745 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2745.html CVE-2019-2745 https://bugzilla.suse.com/1141784 SUSE Bug 1141784 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2762 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2762.html CVE-2019-2762 https://bugzilla.suse.com/1141782 SUSE Bug 1141782 https://bugzilla.suse.com/1147021 SUSE Bug 1147021 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVE-2019-2766 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2766.html CVE-2019-2766 https://bugzilla.suse.com/1141789 SUSE Bug 1141789 https://bugzilla.suse.com/1147021 SUSE Bug 1147021 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2769 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2769.html CVE-2019-2769 https://bugzilla.suse.com/1141783 SUSE Bug 1141783 https://bugzilla.suse.com/1147021 SUSE Bug 1147021 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N). CVE-2019-2786 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2786.html CVE-2019-2786 https://bugzilla.suse.com/1141787 SUSE Bug 1141787 https://bugzilla.suse.com/1147021 SUSE Bug 1147021 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). CVE-2019-2816 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2816.html CVE-2019-2816 https://bugzilla.suse.com/1141785 SUSE Bug 1141785 https://bugzilla.suse.com/1147021 SUSE Bug 1147021 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVE-2019-2818 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2818.html CVE-2019-2818 https://bugzilla.suse.com/1141788 SUSE Bug 1141788 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). CVE-2019-2821 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2821.html CVE-2019-2821 https://bugzilla.suse.com/1141781 SUSE Bug 1141781 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). CVE-2019-2894 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2894.html CVE-2019-2894 https://bugzilla.suse.com/1152856 SUSE Bug 1152856 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVE-2019-2933 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2933.html CVE-2019-2933 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L). CVE-2019-2945 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2945.html CVE-2019-2945 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). CVE-2019-2949 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2949.html CVE-2019-2949 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1172277 SUSE Bug 1172277 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). CVE-2019-2958 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2958.html CVE-2019-2958 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2962 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2962.html CVE-2019-2962 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2964 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2964.html CVE-2019-2964 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2973 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2973.html CVE-2019-2973 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L). CVE-2019-2975 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2975.html CVE-2019-2975 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.8 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L). CVE-2019-2977 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2977.html CVE-2019-2977 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2978 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2978.html CVE-2019-2978 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2981 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2981.html CVE-2019-2981 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2983 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2983.html CVE-2019-2983 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2987 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2987.html CVE-2019-2987 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2988 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2988.html CVE-2019-2988 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N). CVE-2019-2989 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2989.html CVE-2019-2989 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2992 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2992.html CVE-2019-2992 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N). CVE-2019-2999 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2999.html CVE-2019-2999 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. CVE-2019-7317 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7317.html CVE-2019-7317 https://bugzilla.suse.com/1124211 SUSE Bug 1124211 https://bugzilla.suse.com/1135824 SUSE Bug 1135824 https://bugzilla.suse.com/1141780 SUSE Bug 1141780 https://bugzilla.suse.com/1147021 SUSE Bug 1147021 https://bugzilla.suse.com/1165297 SUSE Bug 1165297 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). CVE-2020-14556 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14556.html CVE-2020-14556 https://bugzilla.suse.com/1174157 SUSE Bug 1174157 https://bugzilla.suse.com/1175259 SUSE Bug 1175259 Vulnerability in the Java SE product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-14562 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14562.html CVE-2020-14562 https://bugzilla.suse.com/1174157 SUSE Bug 1174157 Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2020-14573 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14573.html CVE-2020-14573 https://bugzilla.suse.com/1174157 SUSE Bug 1174157 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). CVE-2020-14577 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14577.html CVE-2020-14577 https://bugzilla.suse.com/1174157 SUSE Bug 1174157 https://bugzilla.suse.com/1175259 SUSE Bug 1175259 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). CVE-2020-14581 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14581.html CVE-2020-14581 https://bugzilla.suse.com/1174157 SUSE Bug 1174157 https://bugzilla.suse.com/1175259 SUSE Bug 1175259 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2020-14583 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14583.html CVE-2020-14583 https://bugzilla.suse.com/1174157 SUSE Bug 1174157 https://bugzilla.suse.com/1175259 SUSE Bug 1175259 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N). CVE-2020-14593 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14593.html CVE-2020-14593 https://bugzilla.suse.com/1174157 SUSE Bug 1174157 https://bugzilla.suse.com/1175259 SUSE Bug 1175259 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2020-14621 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14621.html CVE-2020-14621 https://bugzilla.suse.com/1174157 SUSE Bug 1174157 https://bugzilla.suse.com/1175259 SUSE Bug 1175259 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-14779 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14779.html CVE-2020-14779 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1180063 SUSE Bug 1180063 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). CVE-2020-14781 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14781.html CVE-2020-14781 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1180063 SUSE Bug 1180063 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2020-14782 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14782.html CVE-2020-14782 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1180063 SUSE Bug 1180063 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). CVE-2020-14792 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14792.html CVE-2020-14792 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1180063 SUSE Bug 1180063 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVE-2020-14796 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14796.html CVE-2020-14796 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1180063 SUSE Bug 1180063 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2020-14797 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14797.html CVE-2020-14797 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1180063 SUSE Bug 1180063 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). CVE-2020-14798 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14798.html CVE-2020-14798 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1180063 SUSE Bug 1180063 Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). CVE-2020-14803 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14803.html CVE-2020-14803 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1181239 SUSE Bug 1181239 https://bugzilla.suse.com/1182186 SUSE Bug 1182186 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-2583 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2583.html CVE-2020-2583 https://bugzilla.suse.com/1160968 SUSE Bug 1160968 https://bugzilla.suse.com/1162972 SUSE Bug 1162972 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2020-2590 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2590.html CVE-2020-2590 https://bugzilla.suse.com/1160968 SUSE Bug 1160968 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). CVE-2020-2593 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2593.html CVE-2020-2593 https://bugzilla.suse.com/1160968 SUSE Bug 1160968 https://bugzilla.suse.com/1162972 SUSE Bug 1162972 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). CVE-2020-2601 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2601.html CVE-2020-2601 https://bugzilla.suse.com/1160968 SUSE Bug 1160968 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). CVE-2020-2604 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2604.html CVE-2020-2604 https://bugzilla.suse.com/1160968 SUSE Bug 1160968 https://bugzilla.suse.com/1162972 SUSE Bug 1162972 https://bugzilla.suse.com/1165863 SUSE Bug 1165863 Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-2654 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2654.html CVE-2020-2654 https://bugzilla.suse.com/1160968 SUSE Bug 1160968 https://bugzilla.suse.com/1172277 SUSE Bug 1172277 Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). CVE-2020-2655 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2655.html CVE-2020-2655 https://bugzilla.suse.com/1160968 SUSE Bug 1160968 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-2754 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2754.html CVE-2020-2754 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 https://bugzilla.suse.com/1172277 SUSE Bug 1172277 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-2755 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2755.html CVE-2020-2755 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 https://bugzilla.suse.com/1172277 SUSE Bug 1172277 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-2756 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2756.html CVE-2020-2756 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 https://bugzilla.suse.com/1172277 SUSE Bug 1172277 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-2757 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2757.html CVE-2020-2757 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 https://bugzilla.suse.com/1172277 SUSE Bug 1172277 Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). CVE-2020-2767 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2767.html CVE-2020-2767 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-2773 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2773.html CVE-2020-2773 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). CVE-2020-2778 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2778.html CVE-2020-2778 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-2781 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2781.html CVE-2020-2781 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 https://bugzilla.suse.com/1172277 SUSE Bug 1172277 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). CVE-2020-2800 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2800.html CVE-2020-2800 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 https://bugzilla.suse.com/1172277 SUSE Bug 1172277 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2020-2803 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2803.html CVE-2020-2803 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 https://bugzilla.suse.com/1172277 SUSE Bug 1172277 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2020-2805 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2805.html CVE-2020-2805 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 https://bugzilla.suse.com/1172277 SUSE Bug 1172277 Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). CVE-2020-2816 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2816.html CVE-2020-2816 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-2830 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2830.html CVE-2020-2830 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 https://bugzilla.suse.com/1172277 SUSE Bug 1172277 Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). CVE-2021-2161 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-2161.html CVE-2021-2161 https://bugzilla.suse.com/1185056 SUSE Bug 1185056 Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N). CVE-2021-2163 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-2163.html CVE-2021-2163 https://bugzilla.suse.com/1185055 SUSE Bug 1185055 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVE-2021-2341 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-2341.html CVE-2021-2341 https://bugzilla.suse.com/1188564 SUSE Bug 1188564 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). CVE-2021-2369 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-2369.html CVE-2021-2369 https://bugzilla.suse.com/1188565 SUSE Bug 1188565 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). CVE-2021-2388 openSUSE Tumbleweed:java-13-openjdk-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-accessibility-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-demo-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-devel-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-headless-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.8.0-3.1 openSUSE Tumbleweed:java-13-openjdk-src-13.0.8.0-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-2388.html CVE-2021-2388 https://bugzilla.suse.com/1188566 SUSE Bug 1188566