CVSS: 7.4EPSS: 0%CPEs: 19EXPL: 0CVE-2024-20952 – OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)
https://notcve.org/view.php?id=CVE-2024-20952
16 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, ... • https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html • CWE-284: Improper Access Control CWE-385: Covert Timing Channel CWE-416: Use After Free •
CVSS: 5.9EPSS: 0%CPEs: 19EXPL: 0CVE-2024-20926 – OpenJDK: arbitrary Java code execution in Nashorn (8314284)
https://notcve.org/view.php?id=CVE-2024-20926
16 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterpri... • https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html • CWE-20: Improper Input Validation •
CVSS: 2.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-20922
https://notcve.org/view.php?id=CVE-2024-20922
16 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction ... • https://security.netapp.com/advisory/ntap-20240201-0002 •
CVSS: 7.4EPSS: 0%CPEs: 19EXPL: 0CVE-2024-20918 – OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468)
https://notcve.org/view.php?id=CVE-2024-20918
16 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, O... • https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0CVE-2023-22081 – OpenJDK: certificate path validation issue during client authentication (8309966)
https://notcve.org/view.php?id=CVE-2023-22081
17 Oct 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise E... • https://lists.debian.org/debian-lts-announce/2023/10/msg00041.html • CWE-295: Improper Certificate Validation •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-22067 – OpenJDK: IOR deserialization issue in CORBA (8303384)
https://notcve.org/view.php?id=CVE-2023-22067
17 Oct 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to s... • https://security.netapp.com/advisory/ntap-20231027-0006 • CWE-502: Deserialization of Untrusted Data •
CVSS: 3.7EPSS: 0%CPEs: 10EXPL: 0CVE-2023-22025 – OpenJDK: memory corruption issue on x86_64 with AVX-512 (8317121)
https://notcve.org/view.php?id=CVE-2023-22025
17 Oct 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 21.3.7 and 22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition... • https://security.netapp.com/advisory/ntap-20231027-0006 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 79%CPEs: 16EXPL: 4CVE-2023-41993 – Apple Multiple Products WebKit Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41993
21 Sep 2023 — The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. El problema se solucionó con controles mejorados. • https://github.com/po6ix/POC-for-CVE-2023-41993 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 3.7EPSS: 0%CPEs: 24EXPL: 0CVE-2023-22049 – OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)
https://notcve.org/view.php?id=CVE-2023-22049
18 Jul 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterpri... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.7EPSS: 0%CPEs: 24EXPL: 0CVE-2023-22045 – OpenJDK: array indexing integer overflow issue (8304468)
https://notcve.org/view.php?id=CVE-2023-22045
18 Jul 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-125: Out-of-bounds Read •