CVSS: 8.3EPSS: 0%CPEs: 127EXPL: 0CVE-2020-2803 – OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841)
https://notcve.org/view.php?id=CVE-2020-2803
15 Apr 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may sign... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.8EPSS: 0%CPEs: 127EXPL: 0CVE-2020-2800 – OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825)
https://notcve.org/view.php?id=CVE-2020-2800
15 Apr 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessibl... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 5.3EPSS: 0%CPEs: 145EXPL: 0CVE-2020-2781 – OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)
https://notcve.org/view.php?id=CVE-2020-2781
15 Apr 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html •
CVSS: 4.3EPSS: 0%CPEs: 138EXPL: 0CVE-2020-2773 – OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415)
https://notcve.org/view.php?id=CVE-2020-2773
15 Apr 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html • CWE-248: Uncaught Exception •
CVSS: 4.3EPSS: 0%CPEs: 126EXPL: 0CVE-2020-2754 – OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898)
https://notcve.org/view.php?id=CVE-2020-2754
15 Apr 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Appl... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html • CWE-248: Uncaught Exception •
CVSS: 4.3EPSS: 0%CPEs: 135EXPL: 0CVE-2020-2756 – OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541)
https://notcve.org/view.php?id=CVE-2020-2756
15 Apr 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html • CWE-248: Uncaught Exception CWE-502: Deserialization of Untrusted Data CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 4.3EPSS: 0%CPEs: 134EXPL: 0CVE-2020-2755 – OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904)
https://notcve.org/view.php?id=CVE-2020-2755
15 Apr 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Appl... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html • CWE-248: Uncaught Exception •
CVSS: 4.3EPSS: 0%CPEs: 136EXPL: 0CVE-2020-2757 – OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549)
https://notcve.org/view.php?id=CVE-2020-2757
15 Apr 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html • CWE-248: Uncaught Exception CWE-502: Deserialization of Untrusted Data CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 4.3EPSS: 0%CPEs: 75EXPL: 0CVE-2020-2654 – OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037)
https://notcve.org/view.php?id=CVE-2020-2654
15 Jan 2020 — Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in th... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.1EPSS: 1%CPEs: 68EXPL: 0CVE-2020-2604 – OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)
https://notcve.org/view.php?id=CVE-2020-2604
15 Jan 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typi... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html • CWE-471: Modification of Assumed-Immutable Data (MAID) CWE-502: Deserialization of Untrusted Data •