CVSS: 5.3EPSS: 0%CPEs: 37EXPL: 0CVE-2022-21434 – OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)
https://notcve.org/view.php?id=CVE-2022-21434
19 Apr 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unautho... • https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 5.3EPSS: 0%CPEs: 37EXPL: 0CVE-2022-21426 – OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)
https://notcve.org/view.php?id=CVE-2022-21426
19 Apr 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized... • https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 1%CPEs: 241EXPL: 0CVE-2013-0424 – OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318)
https://notcve.org/view.php?id=CVE-2013-0424
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not proper... • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 241EXPL: 0CVE-2013-0425 – OpenJDK: logging insufficient access control checks (Libraries, 6664509)
https://notcve.org/view.php?id=CVE-2013-0425
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that t... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907344 •
CVSS: 10.0EPSS: 1%CPEs: 241EXPL: 0CVE-2013-0426 – OpenJDK: logging insufficient access control checks (Libraries, 6664528)
https://notcve.org/view.php?id=CVE-2013-0426
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that t... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907346 •
CVSS: 10.0EPSS: 1%CPEs: 241EXPL: 0CVE-2013-0428 – OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)
https://notcve.org/view.php?id=CVE-2013-0428
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that t... • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS •
CVSS: 8.1EPSS: 1%CPEs: 241EXPL: 0CVE-2013-0432 – OpenJDK: insufficient clipboard access premission checks (AWT, 7186952)
https://notcve.org/view.php?id=CVE-2013-0432
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks." Vulnerabilidad no ... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907219 •
CVSS: 8.1EPSS: 0%CPEs: 241EXPL: 0CVE-2013-0434 – OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235)
https://notcve.org/view.php?id=CVE-2013-0434
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProper... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907453 •
CVSS: 8.1EPSS: 1%CPEs: 241EXPL: 0CVE-2013-0440 – OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393)
https://notcve.org/view.php?id=CVE-2013-0440
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the SSL/TLS implementation via a large number of ClientHello packets tha... • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS •
CVSS: 10.0EPSS: 1%CPEs: 241EXPL: 0CVE-2013-0441 – OpenJDK: missing serialization restriction (CORBA, 7201066)
https://notcve.org/view.php?id=CVE-2013-0441
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue al... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907458 •