CVSS: 5.3EPSS: 0%CPEs: 151EXPL: 0CVE-2022-21282 – OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492)
https://notcve.org/view.php?id=CVE-2022-21282
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access t... • https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 5.3EPSS: 0%CPEs: 148EXPL: 0CVE-2022-21283 – OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813)
https://notcve.org/view.php?id=CVE-2022-21283
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a par... • https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html • CWE-248: Uncaught Exception •
CVSS: 5.3EPSS: 0%CPEs: 34EXPL: 0CVE-2022-21291 – OpenJDK: Incorrect marking of writeable fields (Hotspot, 8270386)
https://notcve.org/view.php?id=CVE-2022-21291
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, in... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 152EXPL: 0CVE-2022-21293 – OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392)
https://notcve.org/view.php?id=CVE-2022-21293
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability ... • https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 151EXPL: 0CVE-2022-21294 – OpenJDK: Incorrect IdentityHashMap size checks during deserialization (Libraries, 8270416)
https://notcve.org/view.php?id=CVE-2022-21294
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability ... • https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 151EXPL: 0CVE-2022-21296 – OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498)
https://notcve.org/view.php?id=CVE-2022-21296
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access t... • https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 5.3EPSS: 0%CPEs: 151EXPL: 0CVE-2022-21299 – OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)
https://notcve.org/view.php?id=CVE-2022-21299
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to ca... • https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.3EPSS: 0%CPEs: 151EXPL: 0CVE-2022-21305 – OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014)
https://notcve.org/view.php?id=CVE-2022-21305
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, in... • https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-22959 – llhttp: HTTP Request Smuggling due to spaces in headers
https://notcve.org/view.php?id=CVE-2021-22959
15 Nov 2021 — The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6. El parser en acepta peticiones con un espacio (SP) justo después del nombre del encabezado antes de los dos puntos. Esto puede conllevar a un contrabando de peticiones HTTP (HRS) en llhttp versiones anteriores a v2.1.4 y versiones anteriores a v6.0.6 An HTTP Request Smuggling (HRS) vulnerability was found in the llhttp library, used by ... • https://hackerone.com/reports/1238709 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-22960 – llhttp: HTTP Request Smuggling when parsing the body of chunked requests
https://notcve.org/view.php?id=CVE-2021-22960
03 Nov 2021 — The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. La función parse en llhttp versiones anteriores a 2.1.4 y versiones anteriores a 6.0.6. ignora las extensiones chunk cuando analiza el cuerpo de las peticiones chunked. Esto conlleva a un Contrabando de Peticiones HTTP (HRS) bajo determinadas condiciones An HTTP Request Smuggling (HRS) vulnerability was found in the llhttp ... • https://hackerone.com/reports/1238099 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •