{"id":"USN-5202-1","summary":"openjdk-8, openjdk-lts vulnerabilities","details":"Varnavas Papaioannou discovered that the FTP client implementation in\nOpenJDK accepted alternate server IP addresses when connecting with FTP\npassive mode. An attacker controlling an FTP server that an application\nconnects to could possibly use this to expose sensitive information\n(rudimentary port scans). This issue only affected Ubuntu 16.04 ESM,\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-2341)\n\nMarkus Loewe discovered that OpenJDK did not properly handle JAR files\ncontaining multiple manifest files. An attacker could possibly use\nthis to bypass JAR signature verification. This issue only affected\nUbuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu\n21.04. (CVE-2021-2369)\n\nHuixin Ma discovered that the Hotspot VM in OpenJDK did not properly\nperform range check elimination in some situations. An attacker could\npossibly use this to construct a Java class that could bypass Java\nsandbox restrictions. This issue only affected Ubuntu 16.04 ESM,\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-2388)\n\nAsaf Greenholts discovered that OpenJDK preferred certain weak ciphers by\ndefault. An attacker could possibly use this to expose sensitive\ninformation. (CVE-2021-35550)\n\nIt was discovered that the Rich Text Format (RTF) Parser in OpenJDK did not\nproperly restrict the amount of memory allocated in some situations. An\nattacker could use this to specially craft an RTF file that caused a denial\nof service. (CVE-2021-35556)\n\nIt was discovered that the Rich Text Format (RTF) Reader in OpenJDK did not\nproperly restrict the amount of memory allocated in some situations. An\nattacker could use this to specially craft an RTF file that caused a denial\nof service. (CVE-2021-35559)\n\nMarkus Loewe discovered that the HashMap and HashSet implementations in\nOpenJDK did not properly validate load factors during deserialization. An\nattacker could use this to cause a denial of service (excessive memory\nconsumption). (CVE-2021-35561)\n\nIt was discovered that the Keytool component in OpenJDK did not properly\nhandle certificates with validity ending dates in the far future. An\nattacker could use this to specially craft a certificate that when imported\ncould corrupt a keystore. (CVE-2021-35564)\n\nTristen Hayfield discovered that the HTTP server implementation in OpenJDK\ndid not properly handle TLS session close in some situations. A remote\nattacker could possibly use this to cause a denial of service (application\ninfinite loop). (CVE-2021-35565)\n\nChuck Hunley discovered that the Kerberos implementation in OpenJDK did not\ncorrectly report subject principals when using Kerberos Constrained\nDelegation. An attacker could possibly use this to cause incorrect Kerberos\ntickets to be used. (CVE-2021-35567)\n\nit was discovered that the TLS implementation in OpenJDK did not properly\nhandle TLS handshakes in certain situations where a Java application is\nacting as a TLS server. A remote attacker could possibly use this to cause\na denial of service (application crash). (CVE-2021-35578)\n\nit was discovered that OpenJDK did not properly restrict the amount of\nmemory allocated when processing BMP images. An attacker could use this to\nspecially craft a BMP image file that could cause a denial of service.\n(CVE-2021-35586)\n\nIt was discovered that the HotSpot VM in OpenJDK 8 did not properly perform\nvalidation of inner class index values in some situations. An attacker\ncould use this to specially craft a class file that when loaded could cause\na denial of service (Java VM crash). (CVE-2021-35588)\n\nArtem Smotrakov discovered that the TLS implementation in OpenJDK used non-\nconstant time comparisons during TLS handshakes. A remote attacker could\nuse this to expose sensitive information. (CVE-2021-35603)\n","modified":"2026-02-10T04:42:24Z","published":"2021-12-17T07:43:40Z","related":["UBUNTU-CVE-2021-2341","UBUNTU-CVE-2021-2369","UBUNTU-CVE-2021-2388","UBUNTU-CVE-2021-35550","UBUNTU-CVE-2021-35556","UBUNTU-CVE-2021-35559","UBUNTU-CVE-2021-35561","UBUNTU-CVE-2021-35564","UBUNTU-CVE-2021-35565","UBUNTU-CVE-2021-35567","UBUNTU-CVE-2021-35578","UBUNTU-CVE-2021-35586","UBUNTU-CVE-2021-35588","UBUNTU-CVE-2021-35603"],"upstream":["CVE-2021-2341","CVE-2021-2369","CVE-2021-2388","CVE-2021-35550","CVE-2021-35556","CVE-2021-35559","CVE-2021-35561","CVE-2021-35564","CVE-2021-35565","CVE-2021-35567","CVE-2021-35578","CVE-2021-35586","CVE-2021-35588","CVE-2021-35603","UBUNTU-CVE-2021-2341","UBUNTU-CVE-2021-2369","UBUNTU-CVE-2021-2388","UBUNTU-CVE-2021-35550","UBUNTU-CVE-2021-35556","UBUNTU-CVE-2021-35559","UBUNTU-CVE-2021-35561","UBUNTU-CVE-2021-35564","UBUNTU-CVE-2021-35565","UBUNTU-CVE-2021-35567","UBUNTU-CVE-2021-35578","UBUNTU-CVE-2021-35586","UBUNTU-CVE-2021-35588","UBUNTU-CVE-2021-35603"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5202-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-2341"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-2369"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-2388"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-35550"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-35556"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-35559"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-35561"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-35564"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-35565"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-35567"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-35578"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-35586"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-35588"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-35603"}],"affected":[{"package":{"name":"openjdk-8","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/openjdk-8@8u312-b07-0ubuntu1~16.04?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8u312-b07-0ubuntu1~16.04"}]}],"versions":["8u66-b01-5","8u72-b05-1ubuntu1","8u72-b05-5","8u72-b05-6","8u72-b15-1","8u72-b15-2ubuntu1","8u72-b15-2ubuntu3","8u72-b15-3ubuntu1","8u77-b03-1ubuntu2","8u77-b03-3ubuntu1","8u77-b03-3ubuntu2","8u77-b03-3ubuntu3","8u91-b14-0ubuntu4~16.04.1","8u91-b14-3ubuntu1~16.04.1","8u111-b14-2ubuntu0.16.04.2","8u121-b13-0ubuntu1.16.04.2","8u131-b11-0ubuntu1.16.04.2","8u131-b11-2ubuntu1.16.04.2","8u131-b11-2ubuntu1.16.04.3","8u151-b12-0ubuntu0.16.04.2","8u162-b12-0ubuntu0.16.04.2","8u171-b11-0ubuntu0.16.04.1","8u181-b13-0ubuntu0.16.04.1","8u181-b13-1ubuntu0.16.04.1","8u191-b12-0ubuntu0.16.04.1","8u191-b12-2ubuntu0.16.04.1","8u212-b03-0ubuntu1.16.04.1","8u222-b10-1ubuntu1~16.04.1","8u232-b09-0ubuntu1~16.04.1","8u242-b08-0ubuntu3~16.04","8u252-b09-1~16.04","8u265-b01-0ubuntu2~16.04","8u272-b10-0ubuntu1~16.04","8u275-b01-0ubuntu1~16.04","8u282-b08-0ubuntu1~16.04","8u292-b10-0ubuntu1~16.04.1"],"ecosystem_specific":{"binaries":[{"binary_name":"openjdk-8-demo","binary_version":"8u312-b07-0ubuntu1~16.04"},{"binary_name":"openjdk-8-jdk","binary_version":"8u312-b07-0ubuntu1~16.04"},{"binary_name":"openjdk-8-jdk-headless","binary_version":"8u312-b07-0ubuntu1~16.04"},{"binary_name":"openjdk-8-jre","binary_version":"8u312-b07-0ubuntu1~16.04"},{"binary_name":"openjdk-8-jre-headless","binary_version":"8u312-b07-0ubuntu1~16.04"},{"binary_name":"openjdk-8-jre-jamvm","binary_version":"8u312-b07-0ubuntu1~16.04"},{"binary_name":"openjdk-8-jre-zero","binary_version":"8u312-b07-0ubuntu1~16.04"},{"binary_name":"openjdk-8-source","binary_version":"8u312-b07-0ubuntu1~16.04"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5202-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"id":"CVE-2021-2341","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-2369","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-2388","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35550","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35556","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35559","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35561","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35564","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35565","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35567","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35578","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35586","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35588","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35603","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]}]}}},{"package":{"name":"openjdk-8","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/openjdk-8@8u312-b07-0ubuntu1~18.04?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8u312-b07-0ubuntu1~18.04"}]}],"versions":["8u144-b01-2","8u151-b12-1","8u162-b12-1","8u171-b11-0ubuntu0.18.04.1","8u181-b13-0ubuntu0.18.04.1","8u181-b13-1ubuntu0.18.04.1","8u191-b12-0ubuntu0.18.04.1","8u191-b12-2ubuntu0.18.04.1","8u212-b03-0ubuntu1.18.04.1","8u222-b10-1ubuntu1~18.04.1","8u232-b09-0ubuntu1~18.04.1","8u242-b08-0ubuntu3~18.04","8u252-b09-1~18.04","8u265-b01-0ubuntu2~18.04","8u272-b10-0ubuntu1~18.04","8u275-b01-0ubuntu1~18.04","8u282-b08-0ubuntu1~18.04","8u292-b10-0ubuntu1~18.04"],"ecosystem_specific":{"binaries":[{"binary_name":"openjdk-8-demo","binary_version":"8u312-b07-0ubuntu1~18.04"},{"binary_name":"openjdk-8-jdk","binary_version":"8u312-b07-0ubuntu1~18.04"},{"binary_name":"openjdk-8-jdk-headless","binary_version":"8u312-b07-0ubuntu1~18.04"},{"binary_name":"openjdk-8-jre","binary_version":"8u312-b07-0ubuntu1~18.04"},{"binary_name":"openjdk-8-jre-headless","binary_version":"8u312-b07-0ubuntu1~18.04"},{"binary_name":"openjdk-8-jre-zero","binary_version":"8u312-b07-0ubuntu1~18.04"},{"binary_name":"openjdk-8-source","binary_version":"8u312-b07-0ubuntu1~18.04"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5202-1.json","cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"id":"CVE-2021-2341","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-2369","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-2388","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35550","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35556","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35559","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35561","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35564","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35565","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35567","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35578","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35586","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35588","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35603","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]}]}}},{"package":{"name":"openjdk-lts","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/openjdk-lts@11.0.13+8-0ubuntu1~18.04?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.0.13+8-0ubuntu1~18.04"}]}],"versions":["9.0.4+12-2ubuntu4","9.0.4+12-4ubuntu1","10~46-4ubuntu1","10~46-5ubuntu1","10.0.1+10-1ubuntu2","10.0.1+10-3ubuntu1","10.0.2+13-1ubuntu0.18.04.1","10.0.2+13-1ubuntu0.18.04.2","10.0.2+13-1ubuntu0.18.04.3","10.0.2+13-1ubuntu0.18.04.4","11.0.2+9-3ubuntu1~18.04.3","11.0.3+7-1ubuntu2~18.04.1","11.0.4+11-1ubuntu2~18.04.3","11.0.5+10-0ubuntu1.1~18.04","11.0.6+10-1ubuntu1~18.04.1","11.0.7+10-2ubuntu2~18.04","11.0.8+10-0ubuntu1~18.04.1","11.0.9+11-0ubuntu1~18.04.1","11.0.9.1+1-0ubuntu1~18.04","11.0.10+9-0ubuntu1~18.04","11.0.11+9-0ubuntu2~18.04"],"ecosystem_specific":{"binaries":[{"binary_name":"openjdk-11-demo","binary_version":"11.0.13+8-0ubuntu1~18.04"},{"binary_name":"openjdk-11-jdk","binary_version":"11.0.13+8-0ubuntu1~18.04"},{"binary_name":"openjdk-11-jdk-headless","binary_version":"11.0.13+8-0ubuntu1~18.04"},{"binary_name":"openjdk-11-jre","binary_version":"11.0.13+8-0ubuntu1~18.04"},{"binary_name":"openjdk-11-jre-headless","binary_version":"11.0.13+8-0ubuntu1~18.04"},{"binary_name":"openjdk-11-jre-zero","binary_version":"11.0.13+8-0ubuntu1~18.04"},{"binary_name":"openjdk-11-source","binary_version":"11.0.13+8-0ubuntu1~18.04"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5202-1.json","cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"id":"CVE-2021-2341","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-2369","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-2388","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35550","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35556","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35559","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35561","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35564","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35565","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35567","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35578","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35586","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35588","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35603","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]}]}}},{"package":{"name":"openjdk-8","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/openjdk-8@8u312-b07-0ubuntu1~20.04?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8u312-b07-0ubuntu1~20.04"}]}],"versions":["8u232-b09-0ubuntu1","8u232-b09-1","8u242-b04-1","8u242-b08-0ubuntu3","8u252-b07-1","8u252-b09-1ubuntu1","8u265-b01-0ubuntu2~20.04","8u272-b10-0ubuntu1~20.04","8u275-b01-0ubuntu1~20.04","8u282-b08-0ubuntu1~20.04","8u292-b10-0ubuntu1~20.04"],"ecosystem_specific":{"binaries":[{"binary_name":"openjdk-8-demo","binary_version":"8u312-b07-0ubuntu1~20.04"},{"binary_name":"openjdk-8-jdk","binary_version":"8u312-b07-0ubuntu1~20.04"},{"binary_name":"openjdk-8-jdk-headless","binary_version":"8u312-b07-0ubuntu1~20.04"},{"binary_name":"openjdk-8-jre","binary_version":"8u312-b07-0ubuntu1~20.04"},{"binary_name":"openjdk-8-jre-headless","binary_version":"8u312-b07-0ubuntu1~20.04"},{"binary_name":"openjdk-8-jre-zero","binary_version":"8u312-b07-0ubuntu1~20.04"},{"binary_name":"openjdk-8-source","binary_version":"8u312-b07-0ubuntu1~20.04"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5202-1.json","cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"id":"CVE-2021-2341","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-2369","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-2388","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35550","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35556","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35559","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35561","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35564","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35565","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35567","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35578","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35586","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35588","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35603","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]}]}}},{"package":{"name":"openjdk-lts","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/openjdk-lts@11.0.13+8-0ubuntu1~20.04?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.0.13+8-0ubuntu1~20.04"}]}],"versions":["11.0.5+10-0ubuntu1","11.0.5+10-2ubuntu1","11.0.6+10-1ubuntu1","11.0.6+10-2ubuntu2","11.0.7+9-1ubuntu1","11.0.7+10-2ubuntu1","11.0.7+10-3ubuntu1","11.0.8+10-0ubuntu1~20.04","11.0.9+11-0ubuntu1~20.04","11.0.9.1+1-0ubuntu1~20.04","11.0.10+9-0ubuntu1~20.04","11.0.11+9-0ubuntu2~20.04"],"ecosystem_specific":{"binaries":[{"binary_name":"openjdk-11-demo","binary_version":"11.0.13+8-0ubuntu1~20.04"},{"binary_name":"openjdk-11-jdk","binary_version":"11.0.13+8-0ubuntu1~20.04"},{"binary_name":"openjdk-11-jdk-headless","binary_version":"11.0.13+8-0ubuntu1~20.04"},{"binary_name":"openjdk-11-jre","binary_version":"11.0.13+8-0ubuntu1~20.04"},{"binary_name":"openjdk-11-jre-headless","binary_version":"11.0.13+8-0ubuntu1~20.04"},{"binary_name":"openjdk-11-jre-zero","binary_version":"11.0.13+8-0ubuntu1~20.04"},{"binary_name":"openjdk-11-source","binary_version":"11.0.13+8-0ubuntu1~20.04"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5202-1.json","cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"id":"CVE-2021-2341","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-2369","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-2388","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35550","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35556","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35559","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35561","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35564","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35565","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35567","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35578","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35586","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35588","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-35603","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]}]}}}],"schema_version":"1.7.3"}