CVSS: 3.7EPSS: 0%CPEs: 24EXPL: 0CVE-2023-22045 – OpenJDK: array indexing integer overflow issue (8304468)
https://notcve.org/view.php?id=CVE-2023-22045
18 Jul 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-125: Out-of-bounds Read •
CVSS: 5.1EPSS: 0%CPEs: 22EXPL: 0CVE-2023-22041 – OpenJDK: weakness in AES implementation (8308682)
https://notcve.org/view.php?id=CVE-2023-22041
18 Jul 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM ... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-334: Small Space of Random Values •
CVSS: 3.3EPSS: 0%CPEs: 9EXPL: 0CVE-2023-22038 – mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023)
https://notcve.org/view.php?id=CVE-2023-22038
18 Jul 2023 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2 •
CVSS: 3.7EPSS: 0%CPEs: 20EXPL: 0CVE-2023-22036 – OpenJDK: ZIP file parsing infinite loop (8302483)
https://notcve.org/view.php?id=CVE-2023-22036
18 Jul 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle Gr... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 0CVE-2023-22033 – mysql: InnoDB unspecified vulnerability (CPU Jul 2023)
https://notcve.org/view.php?id=CVE-2023-22033
18 Jul 2023 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2 •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2023-22008 – mysql: InnoDB unspecified vulnerability (CPU Jul 2023)
https://notcve.org/view.php?id=CVE-2023-22008
18 Jul 2023 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2 •
CVSS: 3.1EPSS: 0%CPEs: 20EXPL: 0CVE-2023-22006 – OpenJDK: HTTP client insufficient file name validation (8302475)
https://notcve.org/view.php?id=CVE-2023-22006
18 Jul 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 0CVE-2023-22005 – mysql: Server: Replication unspecified vulnerability (CPU Jul 2023)
https://notcve.org/view.php?id=CVE-2023-22005
18 Jul 2023 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2 •
CVSS: 6.8EPSS: 7%CPEs: 4EXPL: 2CVE-2023-3338 – Crash due to a null pointer dereference in the dn_nsp_send function
https://notcve.org/view.php?id=CVE-2023-3338
30 Jun 2023 — A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system. It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Daniël Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorise... • https://github.com/TurtleARM/CVE-2023-3338-DECPwn • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 1%CPEs: 21EXPL: 0CVE-2023-2911 – Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0
https://notcve.org/view.php?id=CVE-2023-2911
21 Jun 2023 — If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `st... • http://www.openwall.com/lists/oss-security/2023/06/21/6 • CWE-787: Out-of-bounds Write •