CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2021-35550 – OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210)
https://notcve.org/view.php?id=CVE-2021-35550
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java ... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.3EPSS: 0%CPEs: 24EXPL: 0CVE-2021-35564 – OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)
https://notcve.org/view.php?id=CVE-2021-35564
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to ... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-2464
https://notcve.org/view.php?id=CVE-2021-2464
24 Sep 2021 — Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux. Successful attacks of this vulnerability can result in takeover of Oracle Linux. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). • https://linux.oracle.com/errata/ELSA-2021-9444.html •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2021-2341 – OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)
https://notcve.org/view.php?id=CVE-2021-2341
20 Jul 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful... • https://lists.debian.org/debian-lts-announce/2021/08/msg00011.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2021-3551 – pki-server: Dogtag installer "pkispawn" logs admin credentials into a world-readable log file
https://notcve.org/view.php?id=CVE-2021-3551
03 Jun 2021 — A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality. Se ha encontrado un fallo en el servidor PKI, donde el comando spkispawn, cuando es ejecutado en modo de depuración, almacena las credenciales de administrador en el ... • https://bugzilla.redhat.com/show_bug.cgi?id=1959971 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.6EPSS: 0%CPEs: 34EXPL: 0CVE-2021-3517 – libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c
https://notcve.org/view.php?id=CVE-2021-3517
19 May 2021 — There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. Se presenta un fallo en la funcion... • https://bugzilla.redhat.com/show_bug.cgi?id=1954232 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2021-3537 – libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode
https://notcve.org/view.php?id=CVE-2021-3537
14 May 2021 — A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. Una vulnerabilidad encontrada en libxml2 en versiones anteriores a 2.9.11 muestra que no propagó errores al analizar el contenido mixto XML, causando una des... • https://bugzilla.redhat.com/show_bug.cgi?id=1956522 • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 0%CPEs: 145EXPL: 0CVE-2021-2161 – OpenJDK: Incorrect handling of partially quoted arguments in ProcessBuilder on Windows (Libraries, 8250568)
https://notcve.org/view.php?id=CVE-2021-2161
22 Apr 2021 — Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this... • https://docs.azul.com/core/zulu-openjdk/release-notes/april-2021.html#fixed-common-vulnerabilities-and-exposures • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 133EXPL: 0CVE-2021-2163 – OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (Libraries, 8249906)
https://notcve.org/view.php?id=CVE-2021-2163
21 Apr 2021 — Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require... • https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.3EPSS: 0%CPEs: 131EXPL: 0CVE-2020-2830 – OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201)
https://notcve.org/view.php?id=CVE-2020-2830
15 Apr 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Not... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html • CWE-400: Uncontrolled Resource Consumption •