23 matches found
CVE-2020-11023
The connected Astra Linux bulletin confirms CVE-2020-11023: in jQuery versions >= 1.0.3 and < 3.5.0, passing HTML containing elements from untrusted sources to DOM manipulation methods (e.g., .html(), .append()) may lead to untrusted code execution. Patch released in jQuery 3.5.0. Remediat...
CVE-2023-22045
CVE-2023-22045 affects Oracle Java SE (Hotspot) and Oracle GraalVM variants (Enterprise Edition and JDK). Affected versions include Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; GraalVM Enterprise: 20.3.10, 21.3.6, 22.3.2; GraalVM for JDK: 17.0.7, 20.0.1. The vulnerability is diffic...
CVE-2023-22081
CVE-2023-22081 is a vulnerability in the Oracle Java SE line and related GraalVM products (JSSE component) with affected versions including Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7, 22.3.3. The i...
CVE-2023-22067
CVE-2023-22067 affects Oracle Java SE CORBA and related components (Oracle Java SE: 8u381/8u381-perf; Oracle GraalVM for JDK: 17.0.x, 20.0.2; plus Hotspot-backed Java deployments). The issue allows unauthenticated network access via CORBA to compromise data integrity (unauthorized updates) and is...
CVE-2023-41993
CVE-2023-41993 is a WebKit code‑execution vulnerability affecting Apple platforms where processing web content could trigger arbitrary code execution. The public record notes the issue was fixed in macOS Sonoma 14 and is associated with Safari/WebKit processing paths. Apple documents indicate the...
CVE-2023-21930
CVE-2023-21930 affects Oracle Java SE and GraalVM Enterprise Edition (JSSE component) on Java 8u361, 11.0.18, 17.0.6, 20 and GraalVM 20.3.9/21.3.5/22.3.1. An unauthenticated attacker with network access over TLS can compromise data confidentiality and integrity; exploitation is possible via TLS h...
CVE-2023-22025
CVE-2023-22025 affects multiple Java runtimes (Oracle Java SE, GraalVM for JDK, GraalVM Enterprise) with vulnerable components in Hotspot. Affected versions listed include Oracle Java SE 8u381-perf, 17.0.8, 21; GraalVM for JDK 17.0.8 and 21; GraalVM EE 21.3.7/22.3.3. The connected Broadcom Azul Z...
CVE-2024-20918
CVE-2024-20918 affects Oracle Java SE (8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1), Oracle GraalVM for JDK (17.0.9, 21.0.1), and Oracle GraalVM Enterprise Edition (20.3.12, 21.3.8, 22.3.4). The vulnerability, which is network-accessible via multiple protocols, can allow an unauthenticated attacke...
CVE-2023-21967
CVE-2023-21967 affects Oracle Java SE and GraalVM Enterprise Edition (JSSE, Swing, Hotspot, Libraries) with multiple vulnerable versions including Java 8u361, 11.0.18, 17.0.6, 20 and GraalVM 20.3.9/21.3.5/22.3.1. Root cause is unresolved issues in the Java components allowing unauthenticated netw...
CVE-2023-21937
CVE-2023-21937 is an in-scope vulnerability affecting Oracle Java SE / GraalVM Enterprise Edition (Networking, Swing, Libraries, Hotspot, JSSE, etc.) with 8u361, 11.0.18, 17.0.6, 20 and related GraalVM versions impacted. It involves NULL-character handling and related input validation issues that...
CVE-2023-21954
CVE-2023-21954 (and related CVEs listed in the same advisory set) affects Oracle Java SE/OpenJDK/GraalVM Enterprise Edition components across multiple versions (e.g., 8u361, 11.0.18, 17.0.6, 20.x; Swing, Hotspot, JSSE, Libraries). The issue set comprises several distinct weaknesses (e.g., TLS han...
CVE-2023-22049
CVE-2023-22049 affects Oracle Java SE and related GraalVM variants (Libraries component; and others listed) with affected versions including Oracle Java SE 8u371/8u371-perf/11.0.19/17.0.7/20.0.1; Oracle GraalVM Enterprise Edition and GraalVM for JDK versions. Exploitation is described as difficul...
CVE-2023-21968
CVE-2023-21968 affects Oracle Java SE and GraalVM when using the Libraries component (and related entries list Swing/JSSE/Hotspot among affected subsystems) for multiple Java versions (e.g., 8u361, 11.0.18, 17.0.6, 20; GraalVM EE 20.3.9/21.3.5/22.3.1). The vulnerability is exploitable over the ne...
CVE-2023-21939
CVE-2023-21939 affects Oracle Java SE and GraalVM Enterprise Edition Swing component across several versions (e.g., Java 8u361, 11.0.18, 17.0.6, 20; GraalVM EE 20.3.9/21.3.5/22.3.1). It is an easily exploitable, unauthenticated remote issue over HTTP that can lead to unauthorized update/insert/de...
CVE-2023-21938
CVE-2023-21938 affects Oracle Java SE (Libraries, Swing, JSSE, Hotspot, JavaFX) and Oracle GraalVM Enterprise Edition across multiple components. Affected versions include Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4, 22.3.0. The vulner...
CVE-2023-22006
CVE-2023-22006 affects Oracle Java SE (Networking) and GraalVM variants; listed affected versions include Oracle Java SE 11.0.19, 17.0.7, 20.0.1; GraalVM EE 20.3.10, 21.3.6, 22.3.2; GraalVM for JDK 17.0.7 and 20.0.1. The vulnerability is hard to exploit and requires network access via multiple pr...
CVE-2024-20952
CVE-2024-20952 affects Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition (Security component). Affected Oracle Java SE versions: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; GraalVM for JDK: 17.0.9, 21.0.1; GraalVM Enterprise Edition: 20.3.12, 21.3.8, 22.3.4. The initia...
CVE-2023-22041
This CVE (CVE-2023-22041) affects Oracle Java SE and Oracle GraalVM products, including: Oracle Java SE 8u371-perf, 11.0.19, 17.0.7, 20.0.1; GraalVM Enterprise 20.3.10, 21.3.6, 22.3.2; GraalVM for JDK 17.0.7 and 20.0.1. The vulnerability is exploitable by an unauthenticated attacker with a login ...
CVE-2024-20926
CVE-2024-20926 affects Oracle Java SE and related GraalVM products (Scripting component). Affected versions include Oracle Java SE 8u391, 8u391-perf, 11.0.21; GraalVM for JDK 17.0.9; GraalVM Enterprise 20.3.12, 21.3.8, 22.3.4. The vulnerability allows an unauthenticated attacker with network acce...
CVE-2023-22036
CVE-2023-22036 is described across the primary record as vulnerability in Oracle Java SE, GraalVM (Utility) with affected versions across Oracle Java SE 11.0.19, 17.0.7, 20.0.1 and GraalVM 20.3.10, 21.3.6, 22.3.2; attackable by unauthenticated network access via multiple protocols, potentially en...
CVE-2024-21145
CVE-2024-21145 affects Oracle Java SE and Oracle GraalVM suites (component: 2D). Affected: Java SE versions 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; GraalVM for JDK versions 17.0.11, 21.0.3, 22.0.1; GraalVM Enterprise Edition 20.3.14 and 21.3.10. The description states a difficult‑to‑...
CVE-2024-20932
CVE-2024-20932 affects Oracle Java SE and GraalVM offerings (Java SE 17.0.9; GraalVM for JDK 17.0.9; GraalVM Enterprise 21.3.8, 22.3.4) in the Security component. The vulnerability allows unauthenticated, network-exposed attackers to modify or view data in affected deployments, with CVSS 3.1 metr...
CVE-2024-20922
CVE-2024-20922 affects Oracle Java SE (JavaFX) and Oracle GraalVM Enterprise Edition, with affected Oracle Java SE: 8u391 and Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. The vulnerability is described as difficult to exploit and requires a logged-on user, with potential unauthorized up...