CVSS: 5.3EPSS: 0%CPEs: 27EXPL: 0CVE-2022-21626 – OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533)
https://notcve.org/view.php?id=CVE-2022-21626
18 Oct 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to caus... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 33EXPL: 0CVE-2022-21628 – OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918)
https://notcve.org/view.php?id=CVE-2022-21628
18 Oct 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in ... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 157EXPL: 0CVE-2022-21540 – OpenJDK: class compilation issue (Hotspot, 8281859)
https://notcve.org/view.php?id=CVE-2022-21540
19 Jul 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in u... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 5.9EPSS: 0%CPEs: 156EXPL: 0CVE-2022-21541 – OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866)
https://notcve.org/view.php?id=CVE-2022-21541
19 Jul 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 159EXPL: 4CVE-2022-34169 – Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
https://notcve.org/view.php?id=CVE-2022-34169
19 Jul 2022 — The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan. La biblioteca Apache Xalan Java XSLT es vulnerable a un problema de truncamiento de enteros cuando procesa hojas de estilo XSLT mali... • https://packetstorm.news/files/id/168186 • CWE-192: Integer Coercion Error CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 7.5EPSS: 0%CPEs: 155EXPL: 0CVE-2022-21476 – OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)
https://notcve.org/view.php?id=CVE-2022-21476
19 Apr 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unautho... • https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html • CWE-179: Incorrect Behavior Order: Early Validation •
CVSS: 5.3EPSS: 0%CPEs: 37EXPL: 0CVE-2022-21434 – OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
https://notcve.org/view.php?id=CVE-2022-21434
19 Apr 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unautho... • https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 5.3EPSS: 0%CPEs: 37EXPL: 0CVE-2022-21426 – OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)
https://notcve.org/view.php?id=CVE-2022-21426
19 Apr 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized... • https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 27EXPL: 0CVE-2022-21271 – Gentoo Linux Security Advisory 202209-05
https://notcve.org/view.php?id=CVE-2022-21271
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause... • https://security.gentoo.org/glsa/202209-05 •
CVSS: 5.3EPSS: 0%CPEs: 34EXPL: 0CVE-2022-21291 – OpenJDK: Incorrect marking of writeable fields (Hotspot, 8270386)
https://notcve.org/view.php?id=CVE-2022-21291
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, in... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG • CWE-787: Out-of-bounds Write •