53 matches found
CVE-2023-22045
CVE-2023-22045 affects Oracle Java SE (Hotspot) and Oracle GraalVM variants (Enterprise Edition and JDK). Affected versions include Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; GraalVM Enterprise: 20.3.10, 21.3.6, 22.3.2; GraalVM for JDK: 17.0.7, 20.0.1. The vulnerability is diffic...
CVE-2022-21541
CVE-2022-21541 affects Oracle Java SE (Hotspot) and Oracle GraalVM Enterprise Edition. Affected Java SE versions include 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; GraalVM EE: 20.3.6, 21.3.2, 22.1.0. The vulnerability is described as difficult to exploit but allows an unauthenticated networked ...
CVE-2022-21540
CVE-2022-21540 applies to Oracle Java SE (Hotspot) and Oracle GraalVM Enterprise Edition; affected versions include Oracle Java SE 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1 and GraalVM EE 20.3.6, 21.3.2, 22.1.0. The connected documents provide concrete details: the vulnerability can be exploite...
CVE-2022-21549
CVE-2022-21549 affects Oracle Java SE Libraries with affected binaries: Oracle Java SE 17.0.3.1 and Oracle GraalVM Enterprise Edition 21.3.2 and 22.1.0. The entry notes network‑accessible exploitation by an unauthenticated attacker, potentially enabling unauthorized update/insert/delete of data i...
CVE-2023-22081
CVE-2023-22081 is a vulnerability in the Oracle Java SE line and related GraalVM products (JSSE component) with affected versions including Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7, 22.3.3. The i...
CVE-2020-36518
CVE-2020-36518 affects jackson-databind prior to 2.13.0, enabling a Java StackOverflow and DoS via excessive nesting depth. In affected advisories, remediation is to upgrade jackson-databind to 2.13.0+ (examples show 2.13.x or newer such as 2.13.4.2 in Crowd/CWD references). Practical impact is d...
CVE-2023-22067
CVE-2023-22067 affects Oracle Java SE CORBA and related components (Oracle Java SE: 8u381/8u381-perf; Oracle GraalVM for JDK: 17.0.x, 20.0.2; plus Hotspot-backed Java deployments). The issue allows unauthenticated network access via CORBA to compromise data integrity (unauthorized updates) and is...
CVE-2023-41993
CVE-2023-41993 is a WebKit code‑execution vulnerability affecting Apple platforms where processing web content could trigger arbitrary code execution. The public record notes the issue was fixed in macOS Sonoma 14 and is associated with Safari/WebKit processing paths. Apple documents indicate the...
CVE-2023-21930
CVE-2023-21930 affects Oracle Java SE and GraalVM Enterprise Edition (JSSE component) on Java 8u361, 11.0.18, 17.0.6, 20 and GraalVM 20.3.9/21.3.5/22.3.1. An unauthenticated attacker with network access over TLS can compromise data confidentiality and integrity; exploitation is possible via TLS h...
CVE-2023-22025
CVE-2023-22025 affects multiple Java runtimes (Oracle Java SE, GraalVM for JDK, GraalVM Enterprise) with vulnerable components in Hotspot. Affected versions listed include Oracle Java SE 8u381-perf, 17.0.8, 21; GraalVM for JDK 17.0.8 and 21; GraalVM EE 21.3.7/22.3.3. The connected Broadcom Azul Z...
CVE-2022-34169
CVE-2022-34169 affects the Apache Xalan Java XSLT library. It describes an integer truncation vulnerability when processing malicious XSLT stylesheets, which can corrupt Java class files generated by the internal XSLTC compiler and allow execution of arbitrary Java bytecode. Public references in ...
CVE-2024-20918
CVE-2024-20918 affects Oracle Java SE (8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1), Oracle GraalVM for JDK (17.0.9, 21.0.1), and Oracle GraalVM Enterprise Edition (20.3.12, 21.3.8, 22.3.4). The vulnerability, which is network-accessible via multiple protocols, can allow an unauthenticated attacke...
CVE-2023-21967
CVE-2023-21967 affects Oracle Java SE and GraalVM Enterprise Edition (JSSE, Swing, Hotspot, Libraries) with multiple vulnerable versions including Java 8u361, 11.0.18, 17.0.6, 20 and GraalVM 20.3.9/21.3.5/22.3.1. Root cause is unresolved issues in the Java components allowing unauthenticated netw...
CVE-2023-21937
CVE-2023-21937 is an in-scope vulnerability affecting Oracle Java SE / GraalVM Enterprise Edition (Networking, Swing, Libraries, Hotspot, JSSE, etc.) with 8u361, 11.0.18, 17.0.6, 20 and related GraalVM versions impacted. It involves NULL-character handling and related input validation issues that...
CVE-2022-21426
CVE-2022-21426 affects Oracle Java SE and GraalVM Enterprise Edition, with vulnerable components in Java SE (JAXP, Libraries, Serialization) and GraalVM CE surface. Public advisories list affected versions including Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18 and GraalVM CE: 20.3.5, 21.3.1,...
CVE-2023-21954
CVE-2023-21954 (and related CVEs listed in the same advisory set) affects Oracle Java SE/OpenJDK/GraalVM Enterprise Edition components across multiple versions (e.g., 8u361, 11.0.18, 17.0.6, 20.x; Swing, Hotspot, JSSE, Libraries). The issue set comprises several distinct weaknesses (e.g., TLS han...
CVE-2023-21968
CVE-2023-21968 affects Oracle Java SE and GraalVM when using the Libraries component (and related entries list Swing/JSSE/Hotspot among affected subsystems) for multiple Java versions (e.g., 8u361, 11.0.18, 17.0.6, 20; GraalVM EE 20.3.9/21.3.5/22.3.1). The vulnerability is exploitable over the ne...
CVE-2023-22049
CVE-2023-22049 affects Oracle Java SE and related GraalVM variants (Libraries component; and others listed) with affected versions including Oracle Java SE 8u371/8u371-perf/11.0.19/17.0.7/20.0.1; Oracle GraalVM Enterprise Edition and GraalVM for JDK versions. Exploitation is described as difficul...
CVE-2023-21939
CVE-2023-21939 affects Oracle Java SE and GraalVM Enterprise Edition Swing component across several versions (e.g., Java 8u361, 11.0.18, 17.0.6, 20; GraalVM EE 20.3.9/21.3.5/22.3.1). It is an easily exploitable, unauthenticated remote issue over HTTP that can lead to unauthorized update/insert/de...
CVE-2023-21938
CVE-2023-21938 affects Oracle Java SE (Libraries, Swing, JSSE, Hotspot, JavaFX) and Oracle GraalVM Enterprise Edition across multiple components. Affected versions include Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4, 22.3.0. The vulner...
CVE-2022-21476
CVE-2022-21476 affects Oracle Java SE and Oracle GraalVM Enterprise Edition. Vulnerable components include Libraries, JAXP, ImageIO, 2D, JNDI, and serialization-related paths, with exploitation achievable by unauthenticated network access and potentially leading to data confidentiality breach or ...
CVE-2022-21626
CVE-2022-21626 affects Oracle Java SE (components: Security and JNDI) and Oracle GraalVM Enterprise Edition, with affected Java SE versions including 8u341, 8u345-perf, 11.0.16.1 (and related GraalVM versions 20.3.7, 21.3.3, 22.2.0). The vulnerability is exploitable remotely over HTTPS (and other...
CVE-2022-21628
CVE-2022-21628 affects Oracle Java SE ( Lightweight HTTP Server) and Oracle GraalVM Enterprise Edition; affected Java SE versions include 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19 and GraalVM EE: 20.3.7, 21.3.3, 22.2.0. Description states an unauthenticated attacker with network access via HTTP ...
CVE-2022-21624
CVE-2022-21624 is an Oracle Java SE/GraalVM EE vulnerability in the JNDI component (also described across connected advisories) that allows unauthenticated network access to potentially update/insert/delete data. Affected products/versions include Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17....
CVE-2023-22006
CVE-2023-22006 affects Oracle Java SE (Networking) and GraalVM variants; listed affected versions include Oracle Java SE 11.0.19, 17.0.7, 20.0.1; GraalVM EE 20.3.10, 21.3.6, 22.3.2; GraalVM for JDK 17.0.7 and 20.0.1. The vulnerability is hard to exploit and requires network access via multiple pr...
CVE-2024-20952
CVE-2024-20952 affects Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition (Security component). Affected Oracle Java SE versions: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; GraalVM for JDK: 17.0.9, 21.0.1; GraalVM Enterprise Edition: 20.3.12, 21.3.8, 22.3.4. The initia...
CVE-2023-22041
This CVE (CVE-2023-22041) affects Oracle Java SE and Oracle GraalVM products, including: Oracle Java SE 8u371-perf, 11.0.19, 17.0.7, 20.0.1; GraalVM Enterprise 20.3.10, 21.3.6, 22.3.2; GraalVM for JDK 17.0.7 and 20.0.1. The vulnerability is exploitable by an unauthenticated attacker with a login ...
CVE-2024-20926
CVE-2024-20926 affects Oracle Java SE and related GraalVM products (Scripting component). Affected versions include Oracle Java SE 8u391, 8u391-perf, 11.0.21; GraalVM for JDK 17.0.9; GraalVM Enterprise 20.3.12, 21.3.8, 22.3.4. The vulnerability allows an unauthenticated attacker with network acce...
CVE-2022-21619
CVE-2022-21619 affects Oracle Java SE (Security) and Oracle GraalVM Enterprise Edition. Affected Java SE versions: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; GraalVM Enterprise Edition: 20.3.7, 21.3.3, 22.2.0. The vulnerability allows unauthenticated network access to compromise affected product...
CVE-2023-22036
CVE-2023-22036 is described across the primary record as vulnerability in Oracle Java SE, GraalVM (Utility) with affected versions across Oracle Java SE 11.0.19, 17.0.7, 20.0.1 and GraalVM 20.3.10, 21.3.6, 22.3.2; attackable by unauthenticated network access via multiple protocols, potentially en...
CVE-2022-21305
CVE-2022-21305 is present across multiple Oracle Java SE and GraalVM Enterprise Edition components (Hotspot, Serialization, JAXP, ImageIO, Libraries, 2D/3D) affecting Java versions 7u321, 8u311, 11.0.13, 17.0.1 (and GraalVM EE 20.3.4/21.3.0). Public advisories describe unauthenticated network-bas...
CVE-2022-21496
CVE-2022-21496 affects Oracle Java SE and Oracle GraalVM Enterprise Edition across multiple components (JNDI, JAXP, Libraries, Hotspot) with listed affected versions. The vulnerability enables network-accessible, unauthenticated attackers to modify or access data (integrity/availability impacts) ...
CVE-2022-21248
CVE-2022-21248 affects Oracle Java SE and GraalVM Enterprise Edition via the Serialization component. Affected Oracle Java SE versions: 7u321, 8u311, 11.0.13, 17.0.1; GraalVM Enterprise Edition: 20.3.4 and 21.3.0. The vulnerability is exploitable over the network and allows an unauthenticated att...
CVE-2022-21299
CVE-2022-21299 is reported across multiple feeds as affecting Oracle Java SE and GraalVM Enterprise Edition, involving several components (JAXP, Serialization, Libraries, ImageIO, Hotspot, 2D). Affected Java SE versions include 7u321, 8u311, 11.0.13, 17.0.1; GraalVM EE versions 20.3.4 and 21.3.0....
CVE-2022-21340
CVE-2022-21340 concerns Oracle Java SE and GraalVM Enterprise Edition. The vulnerability affects Oracle Java SE components (Libraries) and GraalVM Enterprise Edition libraries listed as affected: Java SE 7u321, 8u311, 11.0.13, 17.0.1; GraalVM Enterprise Edition 20.3.4 and 21.3.0. The description ...
CVE-2022-21443
CVE-2022-21443 is an Oracle Java SE/GraalVM EE vulnerability affecting the Libraries component. Affected: Oracle Java SE 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM EE 20.3.5, 21.3.1, 22.0.0.2. Exploitation is network-based and can lead to a partial denial of service, with unauthenticated a...
CVE-2022-21341
CVE-2022-21341 is an openly documented vulnerability affecting Oracle Java SE and Oracle GraalVM Enterprise Edition across multiple components (Serialization, JAXP, ImageIO, Hotspot, Libraries, 2D, etc.). Affected versions include Java SE 7u321, 8u311, 11.0.13, 17.0.1 and GraalVM EE 20.3.4/21.3.0...
CVE-2022-21291
CVE-2022-21291 affects Oracle Java SE (Hotspot) and Oracle GraalVM Enterprise Edition. Affected versions include Oracle Java SE 7u321, 8u311, 11.0.13, 17.0.1 and GraalVM EE 20.3.4/21.3.0. It is exploitable over network via multiple protocols and can lead to unauthorized updates/deletes of data or...
CVE-2022-21293
CVE-2022-21293 affects Oracle Java SE (Libraries) and Oracle GraalVM Enterprise Edition as listed: Java SE 7u321, 8u311, 11.0.13, 17.0.1; GraalVM EE 20.3.4 and 21.3.0. The issue allows unauthenticated network-based exploitation via multiple protocols, potentially enabling a partial denial of serv...
CVE-2022-21282
CVE-2022-21282 is a combined Java/Oracle Java SE/GraalVM issue reported across multiple advisories. The connected documents identify assorted affected components and versions, notably: Serialization , JAXP , Libraries , Hotspot , and ImageIO within Oracle Java SE and GraalVM Enterprise Edition. A...
CVE-2022-21294
CVE-2022-21294 is a network-exploitable vulnerability in Oracle Java SE (Libraries) and Oracle GraalVM Enterprise Edition Libraries, allowing an unauthenticated attacker to trigger a partial denial of service. Affected products/versions include Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1 and Or...
CVE-2022-21434
CVE-2022-21434 affects Oracle Java SE and GraalVM Enterprise Edition. Connected advisories list multiple vulnerable components and affected versions: Oracle Java SE libraries and JAXP, as well as GraalVM EE components (Libraries, JAXP, Hotspot, 2D, ImageIO, etc.). Exploitation is described as net...
CVE-2022-21296
CVE-2022-21296 affects Oracle Java SE (JAXP, Serialization, Libraries, 2D/Hotspot) and Oracle GraalVM Enterprise Edition. Affected Java SE versions: 7u321, 8u311, 11.0.13, 17.0.1; GraalVM EE: 20.3.4, 21.3.0. The issue allows unauthenticated, network-accessible exploitation that can lead to readin...
CVE-2022-21365
CVE-2022-21365 is discussed across multiple connected advisories as affecting Oracle Java SE and GraalVM EE components (ImageIO, JAXP, Libraries, Hotspot) with affected Java versions including 7u321, 8u311, 11.0.13, 17.0.1 (and later 17.01 in some entries); GraalVM EE: 20.3.4 and 21.3.0. The desc...
CVE-2024-20932
CVE-2024-20932 affects Oracle Java SE and GraalVM offerings (Java SE 17.0.9; GraalVM for JDK 17.0.9; GraalVM Enterprise 21.3.8, 22.3.4) in the Security component. The vulnerability allows unauthenticated, network-exposed attackers to modify or view data in affected deployments, with CVSS 3.1 metr...
CVE-2022-21360
CVE-2022-21360 affects Oracle Java SE and Oracle GraalVM Enterprise Edition (ImageIO component). Affected: Oracle Java SE 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition 20.3.4 and 21.3.0. Description: an easily exploitable, unauthenticated remote vulnerability could allow partia...
CVE-2024-20922
CVE-2024-20922 affects Oracle Java SE (JavaFX) and Oracle GraalVM Enterprise Edition, with affected Oracle Java SE: 8u391 and Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. The vulnerability is described as difficult to exploit and requires a logged-on user, with potential unauthorized up...
CVE-2022-21283
CVE-2022-21283 affects Oracle Java SE (Libraries) and GraalVM Enterprise Edition, with affected versions including Java SE 11.0.13 and 17.0.1, and GraalVM EE 20.3.4/21.3.0. The vulnerability allows unauthenticated network-based access and can cause a partial denial of service (A: PARTIAL) per CVS...
CVE-2022-21366
CVE-2022-21366 affects Oracle Java SE (ImageIO) and Oracle GraalVM Enterprise Edition. The Oracle advisory describes affected versions: Java SE 11.0.13 and 17.0.1; GraalVM EE 20.3.4 and 21.3.0. Exploitation could allow an unauthenticated network attacker to cause a partial denial of service or, d...
CVE-2022-21277
CVE-2022-21277 affects Oracle Java SE and Oracle GraalVM Enterprise Edition via ImageIO, with additional related CVEs (CVE-2022-21248, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21299, CVE-2022-21305, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365, CV...