CVE-2025-21098

creationtimestamp| type| source ---|---|--- 2025-03-04 04:34:38+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6331 2025-08-19 13:26:46+00:00| seen| MISP/e1f6260f-3311-441b-92ae-e04cd5eb5f72...

CVE-2025-21098 Liteos-A has an insecure storage of sensitive information vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read bypass permission check...

CVE-2025-21098

OpenHarmony OpenHarmony v5.0.2 and earlier are affected by CVE-2025-21098, where a local attacker can cause information disclosure via an out-of-bounds read that bypasses a permission check. The vulnerability targets the information flow path leading to confidentiality impact (HIGH) with local at...

CVE-2023-21098

creationtimestamp| type| source ---|---|--- 2025-02-06 02:44:19+00:00| seen| Telegram/GReaA9kQsNfjIj4yzMlFl1DtCSWocX1Plnu2MMJfshOYdu3b 2026-04-19 19:56:55+00:00| seen| MISP/35eb1420-a844-4e66-8fff-e0aee35f2b61 2026-04-19 20:03:31+00:00| seen| MISP/118539da-3013-43a2-9c0b-2829c2acc92b...

Low: Red Hat Security Advisory: [23.0] Security update for the 23.0 release (RPMs)

An update for the quarkus-mandrel-java and quarkus-mandrel-23 packages is now available for the Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

Low: Red Hat Security Advisory: [23.1] Security update for the 23.1 release (RPMs)

An update for the quarkus-mandrel-java and quarkus-mandrel-231 packages is now available for the Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RHEL 8 : [23.0] Security update for the 23.0 (RPMs) (Low) (RHSA-2024:4081)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4081 advisory. The quarkus-mandrel-java and quarkus-mandrel-23 packages provide the GraalVM installation for the quarkus/mandrel-23-rhel8:23.0 container...

RHEL 8 : [23.1] Security update for the 23.1 (RPMs) (Low) (RHSA-2024:4079)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4079 advisory. The quarkus-mandrel-java and quarkus-mandrel-231 packages provide the GraalVM installation for the quarkus/mandrel-for-jdk-21-rhel8:23.1...

CVE-2024-21098

A vulnerability was found in GraalVM and Mandrel Community Edition. Successful attacks of this vulnerability can result in the unauthorized ability to cause a partial denial of service partial DOS. Mitigation No current mitigation is available for this vulnerability...

K000139429: Oracle GraalVM Vulnerability CVE-2024-20954 and CVE-2024-21098

Security Advisory Description CVE-2024-20954 Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Compiler. Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3....

CVE-2024-21098

Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Compiler. Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit...

CVE-2024-21098

CVE-2024-21098 affects Oracle GraalVM for JDK (versions 17.0.10, 21.0.2, 22) and Oracle GraalVM Enterprise Edition (20.3.13, 21.3.9). The vulnerability can be exploited by an unauthenticated attacker over the network via multiple protocols to cause a partial denial of service. The connected docum...

CVE-2024-21098

...

KLA65636 Multiple vulnerabilities in Oracle Java SE and GraalVM

Multiple vulnerabilities were found in Oracle Java SE and GraalVM. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service. Below is a complete list of vulnerabilities: 1. Code execution vulnerability in JavaFX can be...

CVE-2023-21098

In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2023-21098

The CVE-2023-21098 entry affects Android and involves a local elevation of privilege in AccountManagerService.java where a confused deputy could load arbitrary code into the System Settings app. The attached connected exploit notes an ABX injection chain that leverages PackageInstaller.Session an...

CVE-2021-21098

Adobe InDesign version 16.0 and earlier is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user...

CVE-2021-21098

CVE-2021-21098 affects Adobe InDesign 16.0 and earlier. A crafted file parsing leads to an out-of-bounds write, enabling remote code execution in the current user context. Exploitation requires user interaction (victim opens a malicious file). Public references from NVD/NDA indicate CVSS terms: C...

CVE-2021-21098 Adobe InDesign PCX file parsing out-of-bounds write vulnerability could lead to remote code execution

Adobe InDesign version 16.0 and earlier is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user...

Adobe InDesign < 16.2.1 Multiple Vulnerabilities (APSB21-22)

The version of Adobe InDesign installed on the remote Windows host is prior or equal to 16.2.1. It is, therefore, affected by multiple out-of-bounds write vulnerabilities that could lead to code execution in the context of the current user. Note that Nessus has not attempted to exploit these issu...