CVSS: 3.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-22051
https://notcve.org/view.php?id=CVE-2023-22051
18 Jul 2023 — Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: GraalVM Compiler). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in una... • https://www.oracle.com/security-alerts/cpujul2023.html •
CVSS: 3.7EPSS: 0%CPEs: 24EXPL: 0CVE-2023-22049 – OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)
https://notcve.org/view.php?id=CVE-2023-22049
18 Jul 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterpri... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.7EPSS: 0%CPEs: 24EXPL: 0CVE-2023-22045 – OpenJDK: array indexing integer overflow issue (8304468)
https://notcve.org/view.php?id=CVE-2023-22045
18 Jul 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-125: Out-of-bounds Read •
CVSS: 3.7EPSS: 0%CPEs: 12EXPL: 0CVE-2023-22044 – OpenJDK: modulo operator array indexing issue (8304460)
https://notcve.org/view.php?id=CVE-2023-22044
18 Jul 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM ... • https://security.netapp.com/advisory/ntap-20230725-0006 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22043
https://notcve.org/view.php?id=CVE-2023-22043
18 Jul 2023 — Vulnerability in Oracle Java SE (component: JavaFX). The supported version that is affected is Oracle Java SE: 8u371. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandb... • https://security.netapp.com/advisory/ntap-20230725-0006 •
CVSS: 5.1EPSS: 0%CPEs: 22EXPL: 0CVE-2023-22041 – OpenJDK: weakness in AES implementation (8308682)
https://notcve.org/view.php?id=CVE-2023-22041
18 Jul 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM ... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-334: Small Space of Random Values •
CVSS: 3.7EPSS: 0%CPEs: 20EXPL: 0CVE-2023-22036 – OpenJDK: ZIP file parsing infinite loop (8302483)
https://notcve.org/view.php?id=CVE-2023-22036
18 Jul 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle Gr... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 3.1EPSS: 0%CPEs: 20EXPL: 0CVE-2023-22006 – OpenJDK: HTTP client insufficient file name validation (8302475)
https://notcve.org/view.php?id=CVE-2023-22006
18 Jul 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.7EPSS: 0%CPEs: 90EXPL: 0CVE-2023-21968 – OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)
https://notcve.org/view.php?id=CVE-2023-21968
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in un... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 91EXPL: 0CVE-2023-21967 – OpenJDK: certificate validation issue in TLS session negotiation (8298310)
https://notcve.org/view.php?id=CVE-2023-21967
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-358: Improperly Implemented Security Check for Standard •