CVSS: 5.3EPSS: 0%CPEs: 23EXPL: 0CVE-2021-35565 – OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)
https://notcve.org/view.php?id=CVE-2021-35565
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.8EPSS: 0%CPEs: 23EXPL: 0CVE-2021-35567 – OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689)
https://notcve.org/view.php?id=CVE-2021-35567
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Ja... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 23EXPL: 0CVE-2021-35578 – OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729)
https://notcve.org/view.php?id=CVE-2021-35578
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) o... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 24EXPL: 0CVE-2021-35586 – OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735)
https://notcve.org/view.php?id=CVE-2021-35586
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial o... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 3.1EPSS: 0%CPEs: 20EXPL: 0CVE-2021-35588 – OpenJDK: Incomplete validation of inner class references in ClassFileParser (Hotspot, 8268071)
https://notcve.org/view.php?id=CVE-2021-35588
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vul... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0CVE-2021-35603 – OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618)
https://notcve.org/view.php?id=CVE-2021-35603
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM ... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-203: Observable Discrepancy •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2021-2341 – OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)
https://notcve.org/view.php?id=CVE-2021-2341
20 Jul 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful... • https://lists.debian.org/debian-lts-announce/2021/08/msg00011.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.6EPSS: 0%CPEs: 34EXPL: 0CVE-2021-3517 – libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c
https://notcve.org/view.php?id=CVE-2021-3517
19 May 2021 — There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. Se presenta un fallo en la funcion... • https://bugzilla.redhat.com/show_bug.cgi?id=1954232 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2021-3522 – Ubuntu Security Notice USN-4959-1
https://notcve.org/view.php?id=CVE-2021-3522
18 May 2021 — GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. GStreamer versiones anteriores a 1.18.4, puede llevar a cabo una lectura fuera de límites al manejar determinadas etiquetas ID3v2 Multiple vulnerabilities have been found in GStreamer and its plugins, the worst of which could result in arbitrary code execution. Versions less than 1.16.3 are affected. • https://bugzilla.redhat.com/show_bug.cgi?id=1954761 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2021-3537 – libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode
https://notcve.org/view.php?id=CVE-2021-3537
14 May 2021 — A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. Una vulnerabilidad encontrada en libxml2 en versiones anteriores a 2.9.11 muestra que no propagó errores al analizar el contenido mixto XML, causando una des... • https://bugzilla.redhat.com/show_bug.cgi?id=1956522 • CWE-476: NULL Pointer Dereference •