CVSS: 3.7EPSS: 0%CPEs: 24EXPL: 0CVE-2023-22049 – OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)
https://notcve.org/view.php?id=CVE-2023-22049
18 Jul 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterpri... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.7EPSS: 0%CPEs: 24EXPL: 0CVE-2023-22045 – OpenJDK: array indexing integer overflow issue (8304468)
https://notcve.org/view.php?id=CVE-2023-22045
18 Jul 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-125: Out-of-bounds Read •
CVSS: 5.1EPSS: 0%CPEs: 22EXPL: 0CVE-2023-22041 – OpenJDK: weakness in AES implementation (8308682)
https://notcve.org/view.php?id=CVE-2023-22041
18 Jul 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM ... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-334: Small Space of Random Values •
CVSS: 3.7EPSS: 0%CPEs: 20EXPL: 0CVE-2023-22036 – OpenJDK: ZIP file parsing infinite loop (8302483)
https://notcve.org/view.php?id=CVE-2023-22036
18 Jul 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle Gr... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 3.1EPSS: 0%CPEs: 20EXPL: 0CVE-2023-22006 – OpenJDK: HTTP client insufficient file name validation (8302475)
https://notcve.org/view.php?id=CVE-2023-22006
18 Jul 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 42EXPL: 0CVE-2020-14621 – OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136)
https://notcve.org/view.php?id=CVE-2020-14621
15 Jul 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Thi... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 131EXPL: 0CVE-2020-2830 – OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201)
https://notcve.org/view.php?id=CVE-2020-2830
15 Apr 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Not... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.3EPSS: 1%CPEs: 127EXPL: 0CVE-2020-2805 – OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274)
https://notcve.org/view.php?id=CVE-2020-2805
15 Apr 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may sign... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 117EXPL: 0CVE-2020-2816 – OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691)
https://notcve.org/view.php?id=CVE-2020-2816
15 Apr 2020 — Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Compon... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 8.3EPSS: 0%CPEs: 127EXPL: 0CVE-2020-2803 – OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841)
https://notcve.org/view.php?id=CVE-2020-2803
15 Apr 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may sign... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •