CVSS: 5.3EPSS: 0%CPEs: 151EXPL: 0CVE-2022-21305 – OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014)
https://notcve.org/view.php?id=CVE-2022-21305
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, in... • https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 8%CPEs: 151EXPL: 1CVE-2022-21340 – OpenJDK: Excessive resource use when reading JAR manifest attributes (Libraries, 8272026)
https://notcve.org/view.php?id=CVE-2022-21340
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability ... • https://github.com/Alexandre-Bartel/CVE-2022-21340 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 151EXPL: 0CVE-2022-21341 – OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236)
https://notcve.org/view.php?id=CVE-2022-21341
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized abil... • https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 151EXPL: 0CVE-2022-21360 – OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756)
https://notcve.org/view.php?id=CVE-2022-21360
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to... • https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 151EXPL: 0CVE-2022-21365 – OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838)
https://notcve.org/view.php?id=CVE-2022-21365
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to... • https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 29EXPL: 0CVE-2022-21366 – OpenJDK: Excessive memory allocation in TIFF*Decompressor (ImageIO, 8274096)
https://notcve.org/view.php?id=CVE-2022-21366
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a parti... • https://security.gentoo.org/glsa/202209-05 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 24EXPL: 0CVE-2021-35556 – OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167)
https://notcve.org/view.php?id=CVE-2021-35556
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of ... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 24EXPL: 0CVE-2021-35559 – OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580)
https://notcve.org/view.php?id=CVE-2021-35559
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of ... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 24EXPL: 0CVE-2021-35561 – OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097)
https://notcve.org/view.php?id=CVE-2021-35561
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial o... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 24EXPL: 0CVE-2021-35564 – OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)
https://notcve.org/view.php?id=CVE-2021-35564
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to ... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-20: Improper Input Validation •