CVSS: 5.3EPSS: 0%CPEs: 24EXPL: 0CVE-2021-35564 – OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)
https://notcve.org/view.php?id=CVE-2021-35564
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to ... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 23EXPL: 0CVE-2021-35565 – OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)
https://notcve.org/view.php?id=CVE-2021-35565
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.8EPSS: 0%CPEs: 23EXPL: 0CVE-2021-35567 – OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689)
https://notcve.org/view.php?id=CVE-2021-35567
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Ja... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 23EXPL: 0CVE-2021-35578 – OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729)
https://notcve.org/view.php?id=CVE-2021-35578
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) o... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 24EXPL: 0CVE-2021-35586 – OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735)
https://notcve.org/view.php?id=CVE-2021-35586
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial o... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 3.1EPSS: 0%CPEs: 20EXPL: 0CVE-2021-35588 – OpenJDK: Incomplete validation of inner class references in ClassFileParser (Hotspot, 8268071)
https://notcve.org/view.php?id=CVE-2021-35588
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vul... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0CVE-2021-35603 – OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618)
https://notcve.org/view.php?id=CVE-2021-35603
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM ... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0CVE-2021-41864 – kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to out-of-bounds write
https://notcve.org/view.php?id=CVE-2021-41864
01 Oct 2021 — prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. prealloc_elems_and_freelist en kernel/bpf/stackmap.c en el kernel de Linux antes de la versión 5.14.12 permite a usuarios sin privilegios desencadenar un desbordamiento de enteros en la multiplicación de eBPF con una escritura fuera de los límites resultante. An out-of-bounds (OOB) memory write flaw was foun... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.12 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 19EXPL: 1CVE-2021-3753 – kernel: a race out-of-bound read in vt
https://notcve.org/view.php?id=CVE-2021-3753
28 Sep 2021 — A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality. Se observó un problema de carrera en el la función vt_k_ioctl en el archivo drivers/tty/vt/vt_ioctl.c en el kernel de Linux, que puede causar una lectura fuera de límites en vt ya que el acceso de escritura a vc_mode no está ... • https://bugzilla.redhat.com/show_bug.cgi?id=1999589 • CWE-125: Out-of-bounds Read CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.0EPSS: 0%CPEs: 18EXPL: 0CVE-2021-41617 – openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured
https://notcve.org/view.php?id=CVE-2021-41617
26 Sep 2021 — sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. sshd en OpenSSH versiones 6.2 hasta 8.x anteriores a 8.8, cuando son usadas determinadas configuraciones... • https://bugzilla.suse.com/show_bug.cgi?id=1190975 • CWE-273: Improper Check for Dropped Privileges •