CVSS: 3.7EPSS: 0%CPEs: 90EXPL: 0CVE-2023-21968 – OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)
https://notcve.org/view.php?id=CVE-2023-21968
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in un... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 91EXPL: 0CVE-2023-21967 – OpenJDK: certificate validation issue in TLS session negotiation (8298310)
https://notcve.org/view.php?id=CVE-2023-21967
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 5.9EPSS: 0%CPEs: 89EXPL: 0CVE-2023-21954 – OpenJDK: incorrect enqueue of references in garbage collector (8298191)
https://notcve.org/view.php?id=CVE-2023-21954
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthor... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 1%CPEs: 91EXPL: 1CVE-2023-21939 – OpenJDK: Swing HTML parsing issue (8296832)
https://notcve.org/view.php?id=CVE-2023-21939
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, i... • https://github.com/Y4Sec-Team/CVE-2023-21939 • CWE-20: Improper Input Validation •
CVSS: 3.7EPSS: 0%CPEs: 91EXPL: 0CVE-2023-21938 – OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)
https://notcve.org/view.php?id=CVE-2023-21938
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in un... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 3.7EPSS: 0%CPEs: 91EXPL: 0CVE-2023-21937 – OpenJDK: missing string checks for NULL characters (8296622)
https://notcve.org/view.php?id=CVE-2023-21937
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in u... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 7.4EPSS: 0%CPEs: 91EXPL: 0CVE-2023-21930 – OpenJDK: improper connection handling during TLS handshake (8294474)
https://notcve.org/view.php?id=CVE-2023-21930
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation,... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 1CVE-2022-22970 – springframework: DoS via data binding to multipartFile or servlet part
https://notcve.org/view.php?id=CVE-2022-22970
12 May 2022 — In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. En spring Framework versiones anteriores a 5.3.20+ , 5.2.22+ y las versiones antiguas no soportadas, las aplicaciones que manejan cargas de archivos son vulnerables a un ataque de denegación de servicio si dependen de la vinculación de datos para establec... • https://github.com/Performant-Labs/CVE-2022-22970 • CWE-770: Allocation of Resources Without Limits or Throttling •