CVSS: 3.7EPSS: 0%CPEs: 39EXPL: 0CVE-2024-21094 – OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507)
https://notcve.org/view.php?id=CVE-2024-21094
16 Apr 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK,... • https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html • CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data CWE-787: Out-of-bounds Write •
CVSS: 3.7EPSS: 0%CPEs: 38EXPL: 0CVE-2024-21085 – OpenJDK: Pack200 excessive memory allocation (8322114)
https://notcve.org/view.php?id=CVE-2024-21085
16 Apr 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized abilit... • https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 3.7EPSS: 0%CPEs: 38EXPL: 0CVE-2024-21012 – OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708)
https://notcve.org/view.php?id=CVE-2024-21012
16 Apr 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM ... • https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html • CWE-276: Incorrect Default Permissions CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action •
CVSS: 3.7EPSS: 0%CPEs: 39EXPL: 0CVE-2024-21011 – OpenJDK: long Exception message leading to crash (8319851)
https://notcve.org/view.php?id=CVE-2024-21011
16 Apr 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK,... • https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html • CWE-117: Improper Output Neutralization for Logs CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42443 – Trusteer for mobile file upload
https://notcve.org/view.php?id=CVE-2022-42443
17 Feb 2024 — An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535. Un problema no revelado en Trusteer iOS SDK para versiones móviles anteriores a 5.7 y Trusteer Android SDK para versiones móviles anteriores a 5.7 puede permitir la carga de archivos. ID de IBM X-Force: 238535. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238535 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 40EXPL: 0CVE-2024-20919 – OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
https://notcve.org/view.php?id=CVE-2024-20919
24 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, O... • https://www.oracle.com/security-alerts/cpujan2024.html • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 36EXPL: 0CVE-2024-20921 – OpenJDK: range check loop optimization issue (8314307)
https://notcve.org/view.php?id=CVE-2024-20921
24 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, O... • https://www.oracle.com/security-alerts/cpujan2024.html • CWE-20: Improper Input Validation CWE-276: Incorrect Default Permissions •
CVSS: 5.1EPSS: 0%CPEs: 36EXPL: 0CVE-2024-20945 – OpenJDK: logging of digital signature private keys (8316976)
https://notcve.org/view.php?id=CVE-2024-20945
24 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Ente... • https://www.oracle.com/security-alerts/cpujan2024.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-40609 – IBM SDK, Java Technology Edition code execution
https://notcve.org/view.php?id=CVE-2022-40609
02 Aug 2023 — IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069. IBM SDK Java Technology Edition 7.1.5.18 y 8.0.8.0 podría permitir a un atacante remoto ejecutar código arbitrario en el sistema, debido a un fallo de deserialización inseguro. Mediante el envío de da... • https://exchange.xforce.ibmcloud.com/vulnerabilities/236069 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2019-4732
https://notcve.org/view.php?id=CVE-2019-4732
03 Feb 2020 — IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618. IBM SDK, Java Technology Edition Versión versiones 7.0.... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172618 • CWE-426: Untrusted Search Path •