CVSS: 5.6EPSS: 0%CPEs: 9EXPL: 0CVE-2025-30698 – openjdk: Enhance Buffered Image handling (Oracle CPU 2025-04)
https://notcve.org/view.php?id=CVE-2025-30698
15 Apr 2025 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Ora... • https://www.oracle.com/security-alerts/cpuapr2025.html • CWE-122: Heap-based Buffer Overflow CWE-284: Improper Access Control •
CVSS: 7.4EPSS: 0%CPEs: 9EXPL: 0CVE-2025-21587 – openjdk: Better TLS connection support (Oracle CPU 2025-04)
https://notcve.org/view.php?id=CVE-2025-21587
15 Apr 2025 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition:20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Orac... • https://www.oracle.com/security-alerts/cpuapr2025.html • CWE-208: Observable Timing Discrepancy CWE-284: Improper Access Control •
CVSS: 4.8EPSS: 0%CPEs: 25EXPL: 0CVE-2025-21502 – openjdk: Enhance array handling (Oracle CPU 2025-01)
https://notcve.org/view.php?id=CVE-2025-21502
21 Jan 2025 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and 21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JD... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-195: Signed to Unsigned Conversion Error CWE-863: Incorrect Authorization •
CVSS: 4.8EPSS: 0%CPEs: 23EXPL: 0CVE-2024-21235 – JDK: Integer conversion error leads to incorrect range check (8332644)
https://notcve.org/view.php?id=CVE-2024-21235
15 Oct 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK... • https://www.oracle.com/security-alerts/cpuoct2024.html • CWE-195: Signed to Unsigned Conversion Error •
CVSS: 7.4EPSS: 0%CPEs: 41EXPL: 0CVE-2024-21217 – JDK: Unbounded allocation leads to out-of-memory error (8331446)
https://notcve.org/view.php?id=CVE-2024-21217
15 Oct 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM f... • https://www.oracle.com/security-alerts/cpuoct2024.html • CWE-502: Deserialization of Untrusted Data CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 3.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21211
https://notcve.org/view.php?id=CVE-2024-21211
15 Oct 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Success... • https://www.oracle.com/security-alerts/cpuoct2024.html • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 3.7EPSS: 0%CPEs: 21EXPL: 0CVE-2024-21208 – JDK: HTTP client improper handling of maxHeaderSize (8328286)
https://notcve.org/view.php?id=CVE-2024-21208
15 Oct 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for ... • https://www.oracle.com/security-alerts/cpuoct2024.html • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-203: Observable Discrepancy •
CVSS: 7.4EPSS: 0%CPEs: 38EXPL: 0CVE-2024-21147 – OpenJDK: RangeCheckElimination array index overflow (8323231)
https://notcve.org/view.php?id=CVE-2024-21147
16 Jul 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM... • https://security.netapp.com/advisory/ntap-20240719-0008 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.4EPSS: 0%CPEs: 45EXPL: 0CVE-2024-21145 – OpenJDK: Out-of-bounds access in 2D image handling (8324559)
https://notcve.org/view.php?id=CVE-2024-21145
16 Jul 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for ... • https://security.netapp.com/advisory/ntap-20240719-0008 • CWE-284: Improper Access Control CWE-787: Out-of-bounds Write •
CVSS: 7.4EPSS: 0%CPEs: 49EXPL: 0CVE-2024-21140 – OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548)
https://notcve.org/view.php?id=CVE-2024-21140
16 Jul 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM... • https://security.netapp.com/advisory/ntap-20240719-0008 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •