CVSS: 3.7EPSS: 0%CPEs: 91EXPL: 0CVE-2023-21937 – OpenJDK: missing string checks for NULL characters (8296622)
https://notcve.org/view.php?id=CVE-2023-21937
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in u... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 7.4EPSS: 0%CPEs: 91EXPL: 0CVE-2023-21930 – OpenJDK: improper connection handling during TLS handshake (8294474)
https://notcve.org/view.php?id=CVE-2023-21930
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation,... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 3.7EPSS: 0%CPEs: 26EXPL: 0CVE-2022-39399 – OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366)
https://notcve.org/view.php?id=CVE-2022-39399
18 Oct 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.3EPSS: 0%CPEs: 22EXPL: 0CVE-2022-21618 – OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077)
https://notcve.org/view.php?id=CVE-2022-21618
18 Oct 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some ... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 3.7EPSS: 0%CPEs: 33EXPL: 0CVE-2022-21619 – OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526)
https://notcve.org/view.php?id=CVE-2022-21619
18 Oct 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6 • CWE-192: Integer Coercion Error •
CVSS: 3.7EPSS: 0%CPEs: 33EXPL: 0CVE-2022-21624 – OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)
https://notcve.org/view.php?id=CVE-2022-21624
18 Oct 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in una... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6 • CWE-330: Use of Insufficiently Random Values •
CVSS: 5.3EPSS: 0%CPEs: 27EXPL: 0CVE-2022-21626 – OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533)
https://notcve.org/view.php?id=CVE-2022-21626
18 Oct 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to caus... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 33EXPL: 0CVE-2022-21628 – OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918)
https://notcve.org/view.php?id=CVE-2022-21628
18 Oct 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in ... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-28131 – Stack exhaustion from deeply nested XML documents in encoding/xml
https://notcve.org/view.php?id=CVE-2022-28131
04 Aug 2022 — Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. En Decoder.Skip en encoding/xml en Go antes de 1.17.12 y 1.18.x antes de 1.18.4, el agotamiento de la pila y un pánico puede ocurrir a través de un documento XML profundamente anidado A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exha... • https://go.dev/cl/417062 • CWE-674: Uncontrolled Recursion CWE-1325: Improperly Controlled Sequential Memory Allocation •
CVSS: 5.3EPSS: 0%CPEs: 157EXPL: 0CVE-2022-21540 – OpenJDK: class compilation issue (Hotspot, 8281859)
https://notcve.org/view.php?id=CVE-2022-21540
19 Jul 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in u... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •