CVSS: 5.9EPSS: 0%CPEs: 91EXPL: 0CVE-2023-21967 – OpenJDK: certificate validation issue in TLS session negotiation (8298310)
https://notcve.org/view.php?id=CVE-2023-21967
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 5.9EPSS: 0%CPEs: 89EXPL: 0CVE-2023-21954 – OpenJDK: incorrect enqueue of references in garbage collector (8298191)
https://notcve.org/view.php?id=CVE-2023-21954
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthor... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 1%CPEs: 91EXPL: 1CVE-2023-21939 – OpenJDK: Swing HTML parsing issue (8296832)
https://notcve.org/view.php?id=CVE-2023-21939
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, i... • https://github.com/Y4Sec-Team/CVE-2023-21939 • CWE-20: Improper Input Validation •
CVSS: 3.7EPSS: 0%CPEs: 91EXPL: 0CVE-2023-21938 – OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)
https://notcve.org/view.php?id=CVE-2023-21938
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in un... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 3.7EPSS: 0%CPEs: 91EXPL: 0CVE-2023-21937 – OpenJDK: missing string checks for NULL characters (8296622)
https://notcve.org/view.php?id=CVE-2023-21937
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in u... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 7.4EPSS: 0%CPEs: 91EXPL: 0CVE-2023-21930 – OpenJDK: improper connection handling during TLS handshake (8294474)
https://notcve.org/view.php?id=CVE-2023-21930
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation,... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20264 – containers/openjdk: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2021-20264
22 Mar 2021 — An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify the /etc/passwd and escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se ha encontrado un fallo de modificación no seguro en el archivo /etc/passwd en los contenedores openjdk-1.8 y openjdk-11. Este defecto permite a un atacante con acceso al conte... • https://bugzilla.redhat.com/show_bug.cgi?id=1932283 • CWE-266: Incorrect Privilege Assignment CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 10%CPEs: 2EXPL: 0CVE-2009-0793 – lcms: Null pointer dereference (DoS) by handling transformations of monochrome profiles
https://notcve.org/view.php?id=CVE-2009-0793
09 Apr 2009 — cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles." cmsxform.c en LittleCMS (también conocido como lcms o liblcms) v1.18, con el utilizado en OpenJDK y otros productos, permite a atacantes remotos provocar una denegación de servicio (desreferenciación de puntero ... • http://secunia.com/advisories/34623 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 2%CPEs: 4EXPL: 2CVE-2009-0581 – LittleCms memory leak
https://notcve.org/view.php?id=CVE-2009-0581
23 Mar 2009 — Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file. Fuga de memoria en versiones de LittleCMS (alias LCMS o liblcms) anteriores a la 1.18beta2, tal como se utiliza en Firefox 3.1beta, OpenJDK, y el GIMP, permite causar, a atacantes dependientes de contexto, una denegación de servicio (mediante consumo de memoria y cai... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 2CVE-2009-0723 – LittleCms integer overflow
https://notcve.org/view.php?id=CVE-2009-0723
23 Mar 2009 — Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. Múltiples desbordamientos de enteros en LittleCMS (también conocido como lcms o liblcms) anteriores a v1.18beta2, como el utilizado en Firefox v3.1beta, OpenJDK, y GIMP, permiten a atac... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html • CWE-190: Integer Overflow or Wraparound •