CVSS: 7.4EPSS: 0%CPEs: 19EXPL: 0CVE-2024-20952 – OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)
https://notcve.org/view.php?id=CVE-2024-20952
16 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, ... • https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html • CWE-284: Improper Access Control CWE-385: Covert Timing Channel CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-20932 – OpenJDK: incorrect handling of ZIP files with duplicate entries (8276123)
https://notcve.org/view.php?id=CVE-2024-20932
16 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks o... • https://security.netapp.com/advisory/ntap-20240201-0002 • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 0%CPEs: 19EXPL: 0CVE-2024-20926 – OpenJDK: arbitrary Java code execution in Nashorn (8314284)
https://notcve.org/view.php?id=CVE-2024-20926
16 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterpri... • https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html • CWE-20: Improper Input Validation CWE-284: Improper Access Control CWE-502: Deserialization of Untrusted Data CWE-693: Protection Mechanism Failure •
CVSS: 2.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-20922
https://notcve.org/view.php?id=CVE-2024-20922
16 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction ... • https://security.netapp.com/advisory/ntap-20240201-0002 •
CVSS: 10.0EPSS: 0%CPEs: 19EXPL: 0CVE-2024-20918 – OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468)
https://notcve.org/view.php?id=CVE-2024-20918
16 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, O... • https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html • CWE-284: Improper Access Control CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 2CVE-2024-0567 – Gnutls: rejects certificate chain with distributed trust
https://notcve.org/view.php?id=CVE-2024-0567
16 Jan 2024 — A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack. Se encontró una vulnerabilidad en GnuTLS, donde una cabina (que usa gnuTLS) rechaza una cadena de certificados con confianza distribuida. Este problema ocurre al validar una cadena de certificados ... • http://www.openwall.com/lists/oss-security/2024/01/19/3 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-0565 – Kernel: cifs filesystem decryption improper input validation remote code execution vulnerability in function receive_encrypted_standard of client
https://notcve.org/view.php?id=CVE-2024-0565
15 Jan 2024 — An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service. Se encontró un fallo de lectura de memoria fuera de los límites en receive_encrypted_standard en fs/smb/client/smb2ops.c en el subcomponente SMB Client en el kernel de Linux. Este problema se produce debido a un desbordamiento insuficiente de enteros en la long... • https://access.redhat.com/errata/RHSA-2024:1188 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-21982 – CVE-2024-21982 Information Disclosure Vulnerability in ONTAP 9
https://notcve.org/view.php?id=CVE-2024-21982
11 Jan 2024 — ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store profiler command is being run by an administrative user. Las versiones de ONTAP 9.4 y superiores son susceptibles a una vulnerabilidad que, cuando se explota con éxito, podría provocar la divulgación de información confidencial a atacantes sin privilegios cuando un usuario administrativo ejecuta el comando del gen... • https://security.netapp.com/advisory/ntap-20240111-0001 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27319 – CVE-2023-27319 Information Disclosure Vulnerability in ONTAP Mediator
https://notcve.org/view.php?id=CVE-2023-27319
21 Dec 2023 — ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API. Las versiones de ONTAP Mediator anteriores a la 1.7 son susceptibles a una vulnerabilidad que puede permitir que un atacante no autenticado enumere URLs a través de la API REST. • https://security.netapp.com/advisory/ntap-20231221-0011 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2023-27317 – Information Disclosure Vulnerability in ONTAP 9
https://notcve.org/view.php?id=CVE-2023-27317
15 Dec 2023 — ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to disclosure of sensitive information to an attacker with physical access to the unlocked drives. ONTAP 9 versiones 9.12.1P8, 9.13.1P4 y 9.13.1P5 son susceptibles a una vulnerabilidad que hará que todas las unidades FIPS 1... • https://security.netapp.com/advisory/NTAP-20231215-0001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •