Showing 1 - 25 of 34

CVE-2024-20918

Status Candidate

Overview

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

Related Files

Red Hat Security Advisory 2024-1482-03: Posted Jun 19, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1482-03 - An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary.; tags | advisory, java; systems | linux, redhat; advisories | CVE-2024-20918; SHA-256 | 31e7c4bdedb4aa4725d0b3a6082d80f7a48c5af194796296b2597c4e90db3801; Download | Favorite | View

Red Hat Security Advisory 2024-1481-03: Posted Jun 19, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1481-03 - An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8.; tags | advisory, java; systems | linux, redhat; advisories | CVE-2024-20918; SHA-256 | c98b578daa2e1e8ea5e306a699f63ec752aed0a8384056cac1a08270c7fc582f; Download | Favorite | View

Ubuntu Security Notice USN-6696-1: Posted Mar 18, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6696-1 - Yi Yang discovered that the Hotspot component of OpenJDK 8 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. It was discovered that the Hotspot component of OpenJDK 8 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions.; tags | advisory, java, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952; SHA-256 | 4b0662938dd8d4f3377ff21d6e5a575b539f89ee7c9b38c565dd184d1e38fed8; Download | Favorite | View

Ubuntu Security Notice USN-6662-1: Posted Feb 27, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6662-1 - Yi Yang discovered that the Hotspot component of OpenJDK 21 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. It was discovered that the Hotspot component of OpenJDK 21 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions.; tags | advisory, java, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20945, CVE-2024-20952; SHA-256 | aaa047aaea8cde67a241170dbe81023fa98342d4dfece4d36d5b5774c741bb8a; Download | Favorite | View

Ubuntu Security Notice USN-6661-1: Posted Feb 27, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6661-1 - Yi Yang discovered that the Hotspot component of OpenJDK 17 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. It was discovered that the Hotspot component of OpenJDK 17 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions.; tags | advisory, java, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952; SHA-256 | 074c45f3f5391055a9a621cd01f94fecea05dd020da0763a507bf083917efb09; Download | Favorite | View

Ubuntu Security Notice USN-6660-1: Posted Feb 27, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6660-1 - Yi Yang discovered that the Hotspot component of OpenJDK 11 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. It was discovered that the Hotspot component of OpenJDK 11 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions.; tags | advisory, java, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952; SHA-256 | aa34f5f90f10131d0c663071adccbab36c202d5d64988d18d500f490c20b7cab; Download | Favorite | View

Debian Security Advisory 5613-1: Posted Feb 2, 2024; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5613-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking sensitive data to log files, denial of service or bypass of sandbox restrictions.; tags | advisory, java, denial of service, vulnerability; systems | linux, debian; advisories | CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952; SHA-256 | f609441d6fb4c40057305e6428732ca7ac0e44c809f5eb956a054b02d0ed1ef4; Download | Favorite | View

Debian Security Advisory 5604-1: Posted Jan 24, 2024; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5604-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking sensitive data to log files, denial of service or bypass of sandbox restrictions.; tags | advisory, java, denial of service, vulnerability; systems | linux, debian; advisories | CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952; SHA-256 | 25108b8a08605a9bce524bb051d237998769db2d9c500fc6fcae6a5d10cb1173; Download | Favorite | View

Red Hat Security Advisory 2024-0266-03: Posted Jan 19, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0266-03 - An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include code execution and out of bounds access vulnerabilities.; tags | advisory, java, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2024-20918; SHA-256 | 869a73da8c9722ac48adce66f9a947eb24c4e16b9bc19da5b0295ecdc0019ced; Download | Favorite | View

Red Hat Security Advisory 2024-0267-03: Posted Jan 18, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0267-03 - An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include code execution and out of bounds access vulnerabilities.; tags | advisory, java, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2024-20918; SHA-256 | 25472340c13cb9f4577a8912a5d95f63053995c70bd7bf78286806e9369f1664; Download | Favorite | View

Red Hat Security Advisory 2024-0265-03: Posted Jan 18, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0265-03 - An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include code execution and out of bounds access vulnerabilities.; tags | advisory, java, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2024-20918; SHA-256 | 4bad16c511dcb29dee9422cff81de79c13f07ff10c55612fca6ee2648f96535d; Download | Favorite | View

Red Hat Security Advisory 2024-0250-03: Posted Jan 18, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0250-03 - An update is now available for OpenJDK. Issues addressed include code execution and out of bounds access vulnerabilities.; tags | advisory, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2024-20918; SHA-256 | 3d64b9219f0a129f2cd7100b5fbe77fa4333cb34021bf2eac88faf1709e81e78; Download | Favorite | View

Red Hat Security Advisory 2024-0249-03: Posted Jan 18, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0249-03 - An update for java-21-openjdk is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution and out of bounds access vulnerabilities.; tags | advisory, java, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2024-20918; SHA-256 | a6281db3e40b4796c934f9b79123fe125b43a8258bb4f9ea04c34fbc1a8e1b0b; Download | Favorite | View

Red Hat Security Advisory 2024-0248-03: Posted Jan 18, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0248-03 - An update for java-21-openjdk is now available for Red Hat Enterprise Linux 8. Issues addressed include code execution and out of bounds access vulnerabilities.; tags | advisory, java, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2024-20918; SHA-256 | a744bc3e2917c7be87ba3de0c18a7c511146043ba0cbced3376d73d6bf7fc44a; Download | Favorite | View

Red Hat Security Advisory 2024-0247-03: Posted Jan 18, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0247-03 - An update is now available for OpenJDK. Issues addressed include code execution and out of bounds access vulnerabilities.; tags | advisory, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2024-20918; SHA-256 | 043dea53dc4a46c72e529bbddf23d3b06cbaff15ae4515b6132ca3e8bb86aa8f; Download | Favorite | View

Red Hat Security Advisory 2024-0246-03: Posted Jan 18, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0246-03 - An update is now available for OpenJDK. Issues addressed include code execution and out of bounds access vulnerabilities.; tags | advisory, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2024-20918; SHA-256 | d715f9407ae46af18833312453df03daaa7e1d3e5d62cc8a622e469ecd6b94aa; Download | Favorite | View

Red Hat Security Advisory 2024-0244-03: Posted Jan 18, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0244-03 - An update for java-17-openjdk is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include code execution and out of bounds access vulnerabilities.; tags | advisory, java, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2024-20918; SHA-256 | 935fbee256143bfd82db9a8b4a591a2375e21172dd0dc555118651b596d8b479; Download | Favorite | View

Red Hat Security Advisory 2024-0242-03: Posted Jan 18, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0242-03 - An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include code execution and out of bounds access vulnerabilities.; tags | advisory, java, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2024-20918; SHA-256 | ec12389cf9386f7be203b6165f0d284f13f81f09c0b38e31fe3cbcb212f5271a; Download | Favorite | View

Red Hat Security Advisory 2024-0241-03: Posted Jan 18, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0241-03 - An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include code execution and out of bounds access vulnerabilities.; tags | advisory, java, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2024-20918; SHA-256 | a12839159b31efbfbdcb1357ed8356a0dcf7bd25b7dc61a36053699c41083473; Download | Favorite | View

Red Hat Security Advisory 2024-0240-03: Posted Jan 18, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0240-03 - An update is now available for OpenJDK. Issues addressed include code execution and out of bounds access vulnerabilities.; tags | advisory, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2024-20918; SHA-256 | c5fdae91226846e3e48cd71cf1a2d0d35a1177f3bb2a6db12745425cc37c1c1c; Download | Favorite | View

Red Hat Security Advisory 2024-0239-03: Posted Jan 18, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0239-03 - An update is now available for OpenJDK. Issues addressed include code execution and out of bounds access vulnerabilities.; tags | advisory, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2024-20918; SHA-256 | fa2fcf9725c202246e06a06d753e5ec522e3aa7f18c887636c3043e0fb2ee0a2; Download | Favorite | View

Red Hat Security Advisory 2024-0237-03: Posted Jan 18, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0237-03 - An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include code execution and out of bounds access vulnerabilities.; tags | advisory, java, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2024-20918; SHA-256 | b3bb254c32db8e5a885a65416d570b894a01a60cc11ade54af37f5d26f21da7d; Download | Favorite | View

Red Hat Security Advisory 2024-0235-03: Posted Jan 18, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0235-03 - An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include code execution and out of bounds access vulnerabilities.; tags | advisory, java, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2024-20918; SHA-256 | d2176837df6c94d0a2a1d0e9b58721d62bb7c621ac51121f9ef6009f1e64111d; Download | Favorite | View

Red Hat Security Advisory 2024-0234-03: Posted Jan 18, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0234-03 - An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include code execution and out of bounds access vulnerabilities.; tags | advisory, java, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2024-20918; SHA-256 | 0f99a2bdf82f92645433e4776889164b490216f3c3ffb5961e5a42cb7ef184ea; Download | Favorite | View

Red Hat Security Advisory 2024-0233-03: Posted Jan 18, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0233-03 - An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include code execution and out of bounds access vulnerabilities.; tags | advisory, java, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2024-20918; SHA-256 | b728f01494cc9b1dbb99091a91f6bdc9d4ab4698acba6c67ea9ce5ce4612b8fe; Download | Favorite | View

Page 1 of 2 Back 1 2 Next

Top Authors In Last 30 Days

Red Hat 272 files
Ubuntu 56 files
Debian 19 files
LiquidWorm 18 files
Apple 9 files
Gentoo 5 files
Google Security Research 3 files
Chokri Hammedi 3 files
Alter Prime 3 files
Valentin Lobstein 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,937)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,337)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,979)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

CVE-2024-20918

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems