CVSS: 7.5EPSS: 0%CPEs: 77EXPL: 2CVE-2020-36518 – jackson-databind: denial of service via a large depth of nested objects
https://notcve.org/view.php?id=CVE-2020-36518
11 Mar 2022 — jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. jackson-databind versiones anteriores a 2.13.0, permite una excepción Java StackOverflow y una denegación de servicio por medio de una gran profundidad de objetos anidados A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects. Red Hat JBoss Enterprise Appli... • https://github.com/ghillert/boot-jackson-cve • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 3CVE-2022-23773 – golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
https://notcve.org/view.php?id=CVE-2022-23773
11 Feb 2022 — cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. cmd/go en Go versiones anteriores a 1.16.14 y versiones 1.17.x anteriores a 1.17.7, puede malinterpretar nombres de rama que falsamente parecen ser etiquetas de versión. Esto puede conllevar a un control de acceso incorrecto si supone que un actor puede crear ramas pero no etiqu... • https://github.com/danbudris/CVE-2022-23773-repro • CWE-436: Interpretation Conflict CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-23772 – golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
https://notcve.org/view.php?id=CVE-2022-23772
11 Feb 2022 — Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. Rat.SetString en el archivo math/big en Go versiones anteriores a 1.16.14 y versiones 1.17.x anteriores a 1.17.7, presenta un desbordamiento que puede conllevar a un Consumo de Memoria no Controlado A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. Thi... • https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-23806 – golang: crypto/elliptic: IsOnCurve returns true for invalid field elements
https://notcve.org/view.php?id=CVE-2022-23806
11 Feb 2022 — Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. Curve.IsOnCurve en crypto/elliptic en Go versiones anteriores a 1.16.14 y versiones 1.17.x anteriores a 1.17.7, puede devolver incorrectamente true en situaciones con un valor big.Int que no es un elemento de campo válido A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could retu... • https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ • CWE-252: Unchecked Return Value •
CVSS: 5.3EPSS: 0%CPEs: 136EXPL: 0CVE-2022-21349 – Gentoo Linux Security Advisory 202209-05
https://notcve.org/view.php?id=CVE-2022-21349
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denia... • https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html •
CVSS: 5.3EPSS: 0%CPEs: 27EXPL: 0CVE-2022-21271 – Gentoo Linux Security Advisory 202209-05
https://notcve.org/view.php?id=CVE-2022-21271
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause... • https://security.gentoo.org/glsa/202209-05 •
CVSS: 5.3EPSS: 0%CPEs: 151EXPL: 0CVE-2022-21341 – OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236)
https://notcve.org/view.php?id=CVE-2022-21341
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized abil... • https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 151EXPL: 0CVE-2022-21360 – OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756)
https://notcve.org/view.php?id=CVE-2022-21360
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to... • https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 151EXPL: 0CVE-2022-21365 – OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838)
https://notcve.org/view.php?id=CVE-2022-21365
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to... • https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 29EXPL: 0CVE-2022-21366 – OpenJDK: Excessive memory allocation in TIFF*Decompressor (ImageIO, 8274096)
https://notcve.org/view.php?id=CVE-2022-21366
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a parti... • https://security.gentoo.org/glsa/202209-05 • CWE-770: Allocation of Resources Without Limits or Throttling •