CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-20923
https://notcve.org/view.php?id=CVE-2024-20923
17 Feb 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attac... • https://www.oracle.com/security-alerts/cpujan2024.html • CWE-693: Protection Mechanism Failure •
CVSS: 10.0EPSS: 0%CPEs: 40EXPL: 0CVE-2024-20919 – OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
https://notcve.org/view.php?id=CVE-2024-20919
24 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, O... • https://www.oracle.com/security-alerts/cpujan2024.html • CWE-20: Improper Input Validation •
CVSS: 3.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-20955
https://notcve.org/view.php?id=CVE-2024-20955
16 Jan 2024 — Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in un... • https://www.oracle.com/security-alerts/cpujan2024.html •
CVSS: 7.4EPSS: 0%CPEs: 19EXPL: 0CVE-2024-20952 – OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)
https://notcve.org/view.php?id=CVE-2024-20952
16 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, ... • https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html • CWE-284: Improper Access Control CWE-385: Covert Timing Channel CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-20932 – OpenJDK: incorrect handling of ZIP files with duplicate entries (8276123)
https://notcve.org/view.php?id=CVE-2024-20932
16 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks o... • https://security.netapp.com/advisory/ntap-20240201-0002 • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 0%CPEs: 19EXPL: 0CVE-2024-20926 – OpenJDK: arbitrary Java code execution in Nashorn (8314284)
https://notcve.org/view.php?id=CVE-2024-20926
16 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterpri... • https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html • CWE-20: Improper Input Validation •
CVSS: 2.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-20922
https://notcve.org/view.php?id=CVE-2024-20922
16 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction ... • https://security.netapp.com/advisory/ntap-20240201-0002 •
CVSS: 7.4EPSS: 0%CPEs: 19EXPL: 0CVE-2024-20918 – OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468)
https://notcve.org/view.php?id=CVE-2024-20918
16 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, O... • https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html • CWE-787: Out-of-bounds Write •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22091
https://notcve.org/view.php?id=CVE-2023-22091
17 Oct 2023 — Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauth... • https://www.oracle.com/security-alerts/cpuoct2023.html •
CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0CVE-2023-22081 – OpenJDK: certificate path validation issue during client authentication (8309966)
https://notcve.org/view.php?id=CVE-2023-22081
17 Oct 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise E... • https://lists.debian.org/debian-lts-announce/2023/10/msg00041.html • CWE-295: Improper Certificate Validation •