CVSS: 3.1EPSS: 0%CPEs: 20EXPL: 0CVE-2023-22006 – OpenJDK: HTTP client insufficient file name validation (8302475)
https://notcve.org/view.php?id=CVE-2023-22006
18 Jul 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.7EPSS: 0%CPEs: 90EXPL: 0CVE-2023-21968 – OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)
https://notcve.org/view.php?id=CVE-2023-21968
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in un... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 91EXPL: 0CVE-2023-21967 – OpenJDK: certificate validation issue in TLS session negotiation (8298310)
https://notcve.org/view.php?id=CVE-2023-21967
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 5.3EPSS: 1%CPEs: 91EXPL: 1CVE-2023-21939 – OpenJDK: Swing HTML parsing issue (8296832)
https://notcve.org/view.php?id=CVE-2023-21939
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, i... • https://github.com/Y4Sec-Team/CVE-2023-21939 • CWE-20: Improper Input Validation •
CVSS: 3.7EPSS: 0%CPEs: 91EXPL: 0CVE-2023-21938 – OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)
https://notcve.org/view.php?id=CVE-2023-21938
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in un... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 3.7EPSS: 0%CPEs: 91EXPL: 0CVE-2023-21937 – OpenJDK: missing string checks for NULL characters (8296622)
https://notcve.org/view.php?id=CVE-2023-21937
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in u... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 7.4EPSS: 0%CPEs: 91EXPL: 0CVE-2023-21930 – OpenJDK: improper connection handling during TLS handshake (8294474)
https://notcve.org/view.php?id=CVE-2023-21930
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation,... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 3.7EPSS: 0%CPEs: 19EXPL: 0CVE-2023-21843 – OpenJDK: soundbank URL remote loading (Sound, 8293742)
https://notcve.org/view.php?id=CVE-2023-21843
17 Jan 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in un... • https://security.gentoo.org/glsa/202401-25 • CWE-646: Reliance on File Name or Extension of Externally-Supplied File •
CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0CVE-2023-21835 – OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)
https://notcve.org/view.php?id=CVE-2023-21835
17 Jan 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partia... • https://security.gentoo.org/glsa/202401-25 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2023-21830 – OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021)
https://notcve.org/view.php?id=CVE-2023-21830
17 Jan 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert o... • https://security.gentoo.org/glsa/202401-25 • CWE-502: Deserialization of Untrusted Data •