75 matches found
CVE-2023-22045
CVE-2023-22045 affects Oracle Java SE (Hotspot) and Oracle GraalVM variants (Enterprise Edition and JDK). Affected versions include Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; GraalVM Enterprise: 20.3.10, 21.3.6, 22.3.2; GraalVM for JDK: 17.0.7, 20.0.1. The vulnerability is diffic...
CVE-2017-12615
CVE-2017-12615 affects Apache Tomcat 7.0.0–7.0.79 on Windows when HTTP PUTs are enabled (readonly=false), allowing an attacker to upload a JSP file that can be executed by the server. Connected documents confirm remote code execution via crafted requests and note remediation through vendor adviso...
CVE-2022-21540
CVE-2022-21540 applies to Oracle Java SE (Hotspot) and Oracle GraalVM Enterprise Edition; affected versions include Oracle Java SE 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1 and GraalVM EE 20.3.6, 21.3.2, 22.1.0. The connected documents provide concrete details: the vulnerability can be exploite...
CVE-2022-21541
CVE-2022-21541 affects Oracle Java SE (Hotspot) and Oracle GraalVM Enterprise Edition. Affected Java SE versions include 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; GraalVM EE: 20.3.6, 21.3.2, 22.1.0. The vulnerability is described as difficult to exploit but allows an unauthenticated networked ...
CVE-2022-21449
CVE-2022-21449 affects Oracle Java SE Libraries (Oracle Java SE 17.0.2, 18) and GraalVM Enterprise Edition (21.3.1, 22.0.0.2). It enables unauthenticated, network‑accessible attackers to compromise data integrity — potentially unauthorized creation, deletion or modification of data in affected Or...
CVE-2022-21549
CVE-2022-21549 affects Oracle Java SE Libraries with affected binaries: Oracle Java SE 17.0.3.1 and Oracle GraalVM Enterprise Edition 21.3.2 and 22.1.0. The entry notes network‑accessible exploitation by an unauthenticated attacker, potentially enabling unauthorized update/insert/delete of data i...
CVE-2016-8735
CVE-2016-8735 is a remote code execution vulnerability in Apache Tomcat via JmxRemoteLifecycleListener. Affected are Tomcat releases before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12, when JMX ports are reachable. Root cause: JmxRemoteLifecycleListe...
CVE-2023-21930
CVE-2023-21930 affects Oracle Java SE and GraalVM Enterprise Edition (JSSE component) on Java 8u361, 11.0.18, 17.0.6, 20 and GraalVM 20.3.9/21.3.5/22.3.1. An unauthenticated attacker with network access over TLS can compromise data confidentiality and integrity; exploitation is possible via TLS h...
CVE-2022-34169
CVE-2022-34169 affects the Apache Xalan Java XSLT library. It describes an integer truncation vulnerability when processing malicious XSLT stylesheets, which can corrupt Java class files generated by the internal XSLTC compiler and allow execution of arbitrary Java bytecode. Public references in ...
CVE-2023-28709
The CVE-2023-28709 entry is tied to Apache Tomcat and an incomplete fix for CVE-2023-24998. The issue: when non-default HTTP connector settings allow maxParameterCount to be reached via query string parameters, a request that exactly meets maxParameterCount could bypass the limit for uploaded req...
CVE-2023-21967
CVE-2023-21967 affects Oracle Java SE and GraalVM Enterprise Edition (JSSE, Swing, Hotspot, Libraries) with multiple vulnerable versions including Java 8u361, 11.0.18, 17.0.6, 20 and GraalVM 20.3.9/21.3.5/22.3.1. Root cause is unresolved issues in the Java components allowing unauthenticated netw...
CVE-2023-21937
CVE-2023-21937 is an in-scope vulnerability affecting Oracle Java SE / GraalVM Enterprise Edition (Networking, Swing, Libraries, Hotspot, JSSE, etc.) with 8u361, 11.0.18, 17.0.6, 20 and related GraalVM versions impacted. It involves NULL-character handling and related input validation issues that...
CVE-2022-21426
CVE-2022-21426 affects Oracle Java SE and GraalVM Enterprise Edition, with vulnerable components in Java SE (JAXP, Libraries, Serialization) and GraalVM CE surface. Public advisories list affected versions including Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18 and GraalVM CE: 20.3.5, 21.3.1,...
CVE-2023-21954
CVE-2023-21954 (and related CVEs listed in the same advisory set) affects Oracle Java SE/OpenJDK/GraalVM Enterprise Edition components across multiple versions (e.g., 8u361, 11.0.18, 17.0.6, 20.x; Swing, Hotspot, JSSE, Libraries). The issue set comprises several distinct weaknesses (e.g., TLS han...
CVE-2023-22049
CVE-2023-22049 affects Oracle Java SE and related GraalVM variants (Libraries component; and others listed) with affected versions including Oracle Java SE 8u371/8u371-perf/11.0.19/17.0.7/20.0.1; Oracle GraalVM Enterprise Edition and GraalVM for JDK versions. Exploitation is described as difficul...
CVE-2023-21939
CVE-2023-21939 affects Oracle Java SE and GraalVM Enterprise Edition Swing component across several versions (e.g., Java 8u361, 11.0.18, 17.0.6, 20; GraalVM EE 20.3.9/21.3.5/22.3.1). It is an easily exploitable, unauthenticated remote issue over HTTP that can lead to unauthorized update/insert/de...
CVE-2023-21968
CVE-2023-21968 affects Oracle Java SE and GraalVM when using the Libraries component (and related entries list Swing/JSSE/Hotspot among affected subsystems) for multiple Java versions (e.g., 8u361, 11.0.18, 17.0.6, 20; GraalVM EE 20.3.9/21.3.5/22.3.1). The vulnerability is exploitable over the ne...
CVE-2020-14556
CVE-2020-14556 and related CVEs (e.g., 14577, 14578, 14579, 14581, 14583, 14593, 14621, 14664) pertain to Oracle Java SE/OpenJDK/OpenJDK-derived runtimes across multiple components (Libraries, JSSE, 2D, JAXP, JavaFX, etc.). The primary 2020 issue affects Java SE and Java SE Embedded on various ve...
CVE-2023-21938
CVE-2023-21938 affects Oracle Java SE (Libraries, Swing, JSSE, Hotspot, JavaFX) and Oracle GraalVM Enterprise Edition across multiple components. Affected versions include Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4, 22.3.0. The vulner...
CVE-2022-21626
CVE-2022-21626 affects Oracle Java SE (components: Security and JNDI) and Oracle GraalVM Enterprise Edition, with affected Java SE versions including 8u341, 8u345-perf, 11.0.16.1 (and related GraalVM versions 20.3.7, 21.3.3, 22.2.0). The vulnerability is exploitable remotely over HTTPS (and other...
CVE-2022-21628
CVE-2022-21628 affects Oracle Java SE ( Lightweight HTTP Server) and Oracle GraalVM Enterprise Edition; affected Java SE versions include 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19 and GraalVM EE: 20.3.7, 21.3.3, 22.2.0. Description states an unauthenticated attacker with network access via HTTP ...
CVE-2022-21624
CVE-2022-21624 is an Oracle Java SE/GraalVM EE vulnerability in the JNDI component (also described across connected advisories) that allows unauthenticated network access to potentially update/insert/delete data. Affected products/versions include Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17....
CVE-2020-14621
CVE-2020-14621 details (connected data) : The vulnerability concerns Oracle Java SE/OpenJDK JAXP in Java SE/Embedded. Affected versions include Java SE: 7u261, 8u251, 11.0.7, 14.0.1; Java SE Embedded: 8u251. The issue is described as an easily exploitable flaw in the JAXP component that allows an...
CVE-2023-22006
CVE-2023-22006 affects Oracle Java SE (Networking) and GraalVM variants; listed affected versions include Oracle Java SE 11.0.19, 17.0.7, 20.0.1; GraalVM EE 20.3.10, 21.3.6, 22.3.2; GraalVM for JDK 17.0.7 and 20.0.1. The vulnerability is hard to exploit and requires network access via multiple pr...
CVE-2020-14577
CVE-2020-14577 is a TLS/JSSE-related issue in Oracle Java SE and Java SE Embedded (affecting Java 7u261, 8u251, 11.0.7 and 14.0.1; Embedded 8u251) enabling unauthenticated network access to read some data. Connected advisories show vendor-specific mitigations: for example, Amazon Linux ALAS advis...
CVE-2020-14798
CVE-2020-14798 is a vulnerability in Oracle Java SE Libraries affecting Java SE versions 7u271, 8u261, 11.0.8 and 15, and Java SE Embedded 8u261. Exploitation is possible over network with multiple protocols and does not require authentication, but requires user interaction. Impact described as p...
CVE-2020-14781
CVE-2020-14781 affects Oracle Java SE/SE Embedded (JNDI) with affected versions including Java SE 7u271, 8u261, 11.0.8, 15 and Java SE Embedded 8u261. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to read a subset of Java SE/SE Embedded data. The ...
CVE-2023-22041
This CVE (CVE-2023-22041) affects Oracle Java SE and Oracle GraalVM products, including: Oracle Java SE 8u371-perf, 11.0.19, 17.0.7, 20.0.1; GraalVM Enterprise 20.3.10, 21.3.6, 22.3.2; GraalVM for JDK 17.0.7 and 20.0.1. The vulnerability is exploitable by an unauthenticated attacker with a login ...
CVE-2020-14581
CVE-2020-14581 affects Oracle Java SE/Java SE Embedded (component: 2D) with affected versions Java SE: 8u251, 11.0.7, 14.0.1 and Java SE Embedded: 8u251. The CVE is listed with a low overall base score (CVSS 3.1: 3.7) and confidentiality impact (C:L) and no impact on integrity/availability (I:N/A...
CVE-2020-14803
CVE-2020-14803 affects Oracle Java SE Libraries in Java SE 11.0.8 and 15. The vulnerability allows an unauthenticated attacker over network to read a subset of Java SE data due to an issue in Libraries handling, per the CVSS base score 5.3 (CONF). Affected advisories across platforms corroborate ...
CVE-2022-21619
CVE-2022-21619 affects Oracle Java SE (Security) and Oracle GraalVM Enterprise Edition. Affected Java SE versions: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; GraalVM Enterprise Edition: 20.3.7, 21.3.3, 22.2.0. The vulnerability allows unauthenticated network access to compromise affected product...
CVE-2020-2803
CVE-2020-2803 affects OpenJDK (Libraries component, Java SE/OpenJDK). The connected document confirms a vulnerability in boundary checks of java.nio buffer classes that allows an untrusted Java applet/application to bypass Java sandbox restrictions. Affected versions align with the original descr...
CVE-2020-14779
CVE-2020-14779 affects Oracle Java SE SE/Embedded with Serialization and can enable an unauthenticated network-based attacker to cause partial denial of service. Affected versions include Java SE 7u271, 8u261, 11.0.8, 15 and Java SE Embedded 8u261; attack surface covers client and server deployme...
CVE-2023-22036
CVE-2023-22036 is described across the primary record as vulnerability in Oracle Java SE, GraalVM (Utility) with affected versions across Oracle Java SE 11.0.19, 17.0.7, 20.0.1 and GraalVM 20.3.10, 21.3.6, 22.3.2; attackable by unauthenticated network access via multiple protocols, potentially en...
CVE-2020-2757
CVE-2020-2757 affects Oracle Java SE/SE Embedded (Serialization). Vulnerable: Java SE: 7u251, 8u241, 11.0.6, 14; SE Embedded: 8u241. Impact: unauthenticated network access leading to partial DoS on Java SE/SE Embedded. Root cause: serialization-related handling in the affected component; sandboxe...
CVE-2020-2800
CVE-2020-2800 affects Oracle Java SE/Java SE Embedded, specifically the Lightweight HTTP Server component. Affected versions include Java SE 7u251, 8u241, 11.0.6, 14 and Java SE Embedded 8u241. The vulnerability can be exploited over a network with unauthenticated access via multiple protocols, p...
CVE-2020-2830
CVE-2020-2830 affects Oracle Java SE/Java SE Embedded (Concurrency component) with Java SE versions 7u251, 8u241, 11.0.6 and 14; Java SE Embedded 8u241. The vulnerability allows unauthenticated network-based exploitation via multiple protocols, potentially enabling partial denial of service on Ja...
CVE-2020-2773
CVE-2020-2773 is a vulnerability in Oracle Java SE and Java SE Embedded (component: Security) that can be exploited remotely by unauthenticated attackers to cause a partial denial of service on affected Java runtimes. Affected versions include Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedde...
CVE-2020-14593
CVE-2020-14593 is a vulnerability in the 2D component of Oracle Java SE/SE Embedded. Affected: Java SE 7u261, 8u251, 11.0.7, 14.0.1; Java SE Embedded 8u251. Vulnerability type is unspecified in the provided sources, but exploitation is described as unauthenticated with network access via multiple...
CVE-2020-14583
CVE-2020-14583 affects Oracle Java SE/Java SE Embedded (Libraries component). Affected: Java SE 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded 8u251. Exploitation requires network access with user interaction and can lead to takeover of Java SE/Embedded with high impact on confidentiality, int...
CVE-2020-2781
CVE-2020-2781 concerns Oracle/OpenJDK Java SE JSSE vulnerability that allows unauthenticated network access to degrade availability in Java SE and Java SE Embedded (client/server deployment). The Chainguard data confirms affected OpenJDK JSSE components and versions, aligning with the CVE descrip...
CVE-2020-14796
CVE-2020-14796 affects the Libraries component in Oracle Java SE/Java SE Embedded across multiple OpenJDK builds (e.g., Java-7u271? Java-8u261? Java-11.0.8? Java-15; Embedded 8u261). The vulnerability can be exploited by an unauthenticated attacker over network protocols, but exploitation require...
CVE-2020-2756
CVE-2020-2756 affects Oracle Java SE/Java SE Embedded (component: Serialization). Affected: Java SE 7u251, 8u241, 11.0.6, 14; Java SE Embedded 8u241. An unauthenticated, network-exposed attacker can exploit to cause a partial Denial of Service. Connected advisories show remediation via updating t...
CVE-2020-14579
CVE-2020-14579 affects Oracle Java SE/Embedded (Libraries component) with affected Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. The connected advisories confirm network-remote, unauthenticated access leading to a partial denial of service via multiple protocols, per CVSS 3.1 Base Score 3.7 ...
CVE-2020-14792
CVE-2020-14792 is an Oracle Java OpenJDK vulnerability affecting Java SE and Embedded runtimes (Hotspot/Libraries components) with the root issue described as “Better range handling.” Affected versions include Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. The connected advisories...
CVE-2022-21305
CVE-2022-21305 is present across multiple Oracle Java SE and GraalVM Enterprise Edition components (Hotspot, Serialization, JAXP, ImageIO, Libraries, 2D/3D) affecting Java versions 7u321, 8u311, 11.0.13, 17.0.1 (and GraalVM EE 20.3.4/21.3.0). Public advisories describe unauthenticated network-bas...
CVE-2022-21299
CVE-2022-21299 is reported across multiple feeds as affecting Oracle Java SE and GraalVM Enterprise Edition, involving several components (JAXP, Serialization, Libraries, ImageIO, Hotspot, 2D). Affected Java SE versions include 7u321, 8u311, 11.0.13, 17.0.1; GraalVM EE versions 20.3.4 and 21.3.0....
CVE-2020-2755
CVE-2020-2755 is reported in the Oracle Java SE scripting component affecting Java SE 8u241, 11.0.6 and 14 (and Java SE Embedded 8u241). The vulnerability allows an unauthenticated attacker with network access to cause a partial denial of service in Java SE/Java SE Embedded. The CVSS base score i...
CVE-2022-21248
CVE-2022-21248 affects Oracle Java SE and GraalVM Enterprise Edition via the Serialization component. Affected Oracle Java SE versions: 7u321, 8u311, 11.0.13, 17.0.1; GraalVM Enterprise Edition: 20.3.4 and 21.3.0. The vulnerability is exploitable over the network and allows an unauthenticated att...
CVE-2020-2805
CVE-2020-2805 is an OpenJDK/OpenJDK Libraries issue. The connected Chainguard entry states the flaw resides in the readObject() method of the MethodType class within the Libraries component of OpenJDK, which can allow an untrusted Java applet or application to bypass Java sandbox restrictions. Th...