CVSS: 3.7EPSS: 0%CPEs: 38EXPL: 0CVE-2024-21012 – OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708)
https://notcve.org/view.php?id=CVE-2024-21012
16 Apr 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM ... • https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html • CWE-276: Incorrect Default Permissions CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action •
CVSS: 3.7EPSS: 0%CPEs: 39EXPL: 0CVE-2024-21011 – OpenJDK: long Exception message leading to crash (8319851)
https://notcve.org/view.php?id=CVE-2024-21011
16 Apr 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK,... • https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html • CWE-117: Improper Output Neutralization for Logs CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 3.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-20954 – graalvm: Unauthorized Read Access
https://notcve.org/view.php?id=CVE-2024-20954
16 Apr 2024 — Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unaut... • https://www.oracle.com/security-alerts/cpuapr2024.html • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 40EXPL: 0CVE-2024-20919 – OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
https://notcve.org/view.php?id=CVE-2024-20919
24 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, O... • https://www.oracle.com/security-alerts/cpujan2024.html • CWE-20: Improper Input Validation •
CVSS: 3.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-20955
https://notcve.org/view.php?id=CVE-2024-20955
16 Jan 2024 — Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in un... • https://www.oracle.com/security-alerts/cpujan2024.html •
CVSS: 7.4EPSS: 0%CPEs: 19EXPL: 0CVE-2024-20952 – OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)
https://notcve.org/view.php?id=CVE-2024-20952
16 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, ... • https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html • CWE-284: Improper Access Control CWE-385: Covert Timing Channel CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-20932 – OpenJDK: incorrect handling of ZIP files with duplicate entries (8276123)
https://notcve.org/view.php?id=CVE-2024-20932
16 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks o... • https://security.netapp.com/advisory/ntap-20240201-0002 • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 0%CPEs: 19EXPL: 0CVE-2024-20926 – OpenJDK: arbitrary Java code execution in Nashorn (8314284)
https://notcve.org/view.php?id=CVE-2024-20926
16 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterpri... • https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 19EXPL: 0CVE-2024-20918 – OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468)
https://notcve.org/view.php?id=CVE-2024-20918
16 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, O... • https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html • CWE-787: Out-of-bounds Write •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22091
https://notcve.org/view.php?id=CVE-2023-22091
17 Oct 2023 — Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauth... • https://www.oracle.com/security-alerts/cpuoct2023.html •