CVSS: 5.9EPSS: 0%CPEs: 91EXPL: 0CVE-2023-21967 – OpenJDK: certificate validation issue in TLS session negotiation (8298310)
https://notcve.org/view.php?id=CVE-2023-21967
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 5.9EPSS: 0%CPEs: 89EXPL: 0CVE-2023-21954 – OpenJDK: incorrect enqueue of references in garbage collector (8298191)
https://notcve.org/view.php?id=CVE-2023-21954
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthor... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 91EXPL: 1CVE-2023-21939 – OpenJDK: Swing HTML parsing issue (8296832)
https://notcve.org/view.php?id=CVE-2023-21939
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, i... • https://github.com/Y4Sec-Team/CVE-2023-21939 • CWE-20: Improper Input Validation •
CVSS: 3.7EPSS: 0%CPEs: 91EXPL: 0CVE-2023-21938 – OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)
https://notcve.org/view.php?id=CVE-2023-21938
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in un... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 3.7EPSS: 0%CPEs: 91EXPL: 0CVE-2023-21937 – OpenJDK: missing string checks for NULL characters (8296622)
https://notcve.org/view.php?id=CVE-2023-21937
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in u... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 7.4EPSS: 0%CPEs: 91EXPL: 0CVE-2023-21930 – OpenJDK: improper connection handling during TLS handshake (8294474)
https://notcve.org/view.php?id=CVE-2023-21930
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation,... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 3.7EPSS: 0%CPEs: 19EXPL: 0CVE-2023-21843 – OpenJDK: soundbank URL remote loading (Sound, 8293742)
https://notcve.org/view.php?id=CVE-2023-21843
17 Jan 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in un... • https://security.gentoo.org/glsa/202401-25 • CWE-646: Reliance on File Name or Extension of Externally-Supplied File •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2023-21830 – OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021)
https://notcve.org/view.php?id=CVE-2023-21830
17 Jan 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert o... • https://security.gentoo.org/glsa/202401-25 • CWE-502: Deserialization of Untrusted Data •
CVSS: 3.7EPSS: 0%CPEs: 33EXPL: 0CVE-2022-21619 – OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526)
https://notcve.org/view.php?id=CVE-2022-21619
18 Oct 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6 • CWE-192: Integer Coercion Error •
CVSS: 3.7EPSS: 0%CPEs: 33EXPL: 0CVE-2022-21624 – OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)
https://notcve.org/view.php?id=CVE-2022-21624
18 Oct 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in una... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6 • CWE-330: Use of Insufficiently Random Values •