98 matches found
CVE-2013-0169
The CVE-2013-0169 vulnerability is a timing-side‑channel flaw in CBC padding handling (Lucky Thirteen) that affects TLS/DTLS implementations such as OpenSSL, OpenJDK, and PolarSSL. Root cause: incorrect/insufficient consideration of timing during the MAC/padding check when processing malformed CB...
CVE-2022-21540
CVE-2022-21540 applies to Oracle Java SE (Hotspot) and Oracle GraalVM Enterprise Edition; affected versions include Oracle Java SE 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1 and GraalVM EE 20.3.6, 21.3.2, 22.1.0. The connected documents provide concrete details: the vulnerability can be exploite...
CVE-2022-21541
CVE-2022-21541 affects Oracle Java SE (Hotspot) and Oracle GraalVM Enterprise Edition. Affected Java SE versions include 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; GraalVM EE: 20.3.6, 21.3.2, 22.1.0. The vulnerability is described as difficult to exploit but allows an unauthenticated networked ...
CVE-2013-0431
CVE-2013-0431 is an Oracle Java sandbox bypass in the JRE/OpenJDK stack affecting Java SE 7 up to Update 11 and OpenJDK 7, exploitable by a user‑assisted remote attacker via JMX‑related vectors. The vulnerability allows bypassing sandbox restrictions and is discussed alongside CVE-2013-1490 (dist...
CVE-2021-2163
CVE-2021-2163 applies to Oracle/OpenJDK libraries across Java SE, Java SE Embedded and GraalVM Enterprise Edition. Affected versions include Java SE 7u291, 8u281, 11.0.10, 16; Java SE Embedded 8u281; GraalVM EE 19.3.5, 20.3.1.2 and 21.0.0.2. The vulnerability is exploitable remotely over multiple...
CVE-2023-21930
CVE-2023-21930 affects Oracle Java SE and GraalVM Enterprise Edition (JSSE component) on Java 8u361, 11.0.18, 17.0.6, 20 and GraalVM 20.3.9/21.3.5/22.3.1. An unauthenticated attacker with network access over TLS can compromise data confidentiality and integrity; exploitation is possible via TLS h...
CVE-2022-34169
CVE-2022-34169 affects the Apache Xalan Java XSLT library. It describes an integer truncation vulnerability when processing malicious XSLT stylesheets, which can corrupt Java class files generated by the internal XSLTC compiler and allow execution of arbitrary Java bytecode. Public references in ...
CVE-2021-3537
Summary: CVE-2021-3537 affects libxml2 up to 2.9.11. In XML mixed content parsing, errors were not propagated, causing a NULL dereference when an untrusted document is parsed in recovery mode and post-validated, with availability as the highest impact. The connected documents confirm the vulnerab...
CVE-2021-3517
CVE-2021-3517 is a libxml2 vulnerability affecting versions before 2.9.11. A flaw in the xml entity encoding functionality could allow processing of a crafted XML file to trigger an out‑of‑bounds read, with availability impact and potential confidentiality/integrity impact if memory information i...
CVE-2021-2388
CVE-2021-2388 affects Java SE Hotspot and GraalVM Enterprise Edition across several versions (Java SE 8u291, 11.0.11, 16.0.1; GraalVM EE 20.3.2, 21.1.0) and is exploitable via network access with multistream protocols; attacks require user interaction. Multiple connected advisories confirm affect...
CVE-2023-21967
CVE-2023-21967 affects Oracle Java SE and GraalVM Enterprise Edition (JSSE, Swing, Hotspot, Libraries) with multiple vulnerable versions including Java 8u361, 11.0.18, 17.0.6, 20 and GraalVM 20.3.9/21.3.5/22.3.1. Root cause is unresolved issues in the Java components allowing unauthenticated netw...
CVE-2023-21937
CVE-2023-21937 is an in-scope vulnerability affecting Oracle Java SE / GraalVM Enterprise Edition (Networking, Swing, Libraries, Hotspot, JSSE, etc.) with 8u361, 11.0.18, 17.0.6, 20 and related GraalVM versions impacted. It involves NULL-character handling and related input validation issues that...
CVE-2023-21954
CVE-2023-21954 (and related CVEs listed in the same advisory set) affects Oracle Java SE/OpenJDK/GraalVM Enterprise Edition components across multiple versions (e.g., 8u361, 11.0.18, 17.0.6, 20.x; Swing, Hotspot, JSSE, Libraries). The issue set comprises several distinct weaknesses (e.g., TLS han...
CVE-2023-21939
CVE-2023-21939 affects Oracle Java SE and GraalVM Enterprise Edition Swing component across several versions (e.g., Java 8u361, 11.0.18, 17.0.6, 20; GraalVM EE 20.3.9/21.3.5/22.3.1). It is an easily exploitable, unauthenticated remote issue over HTTP that can lead to unauthorized update/insert/de...
CVE-2023-21968
CVE-2023-21968 affects Oracle Java SE and GraalVM when using the Libraries component (and related entries list Swing/JSSE/Hotspot among affected subsystems) for multiple Java versions (e.g., 8u361, 11.0.18, 17.0.6, 20; GraalVM EE 20.3.9/21.3.5/22.3.1). The vulnerability is exploitable over the ne...
CVE-2021-2341
CVE-2021-2341 affects Java SE and Oracle GraalVM Enterprise Edition (affected components: Networking, Library, Hotspot) with Java SE versions 7u301, 8u291, 11.0.11, 16.0.1 and GraalVM EE 20.3.2/21.1.0. The vulnerability can allow unauthorized read access via network access and requires human inte...
CVE-2020-14556
CVE-2020-14556 and related CVEs (e.g., 14577, 14578, 14579, 14581, 14583, 14593, 14621, 14664) pertain to Oracle Java SE/OpenJDK/OpenJDK-derived runtimes across multiple components (Libraries, JSSE, 2D, JAXP, JavaFX, etc.). The primary 2020 issue affects Java SE and Java SE Embedded on various ve...
CVE-2023-21938
CVE-2023-21938 affects Oracle Java SE (Libraries, Swing, JSSE, Hotspot, JavaFX) and Oracle GraalVM Enterprise Edition across multiple components. Affected versions include Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4, 22.3.0. The vulner...
CVE-2022-21476
CVE-2022-21476 affects Oracle Java SE and Oracle GraalVM Enterprise Edition. Vulnerable components include Libraries, JAXP, ImageIO, 2D, JNDI, and serialization-related paths, with exploitation achievable by unauthenticated network access and potentially leading to data confidentiality breach or ...
CVE-2021-2369
CVE-2021-2369 affects Java SE libraries (and related GraalVM EE components) across multiple products. Affected versions include Java SE 7u301, 8u291, 11.0.11, 16.0.1 and GraalVM Enterprise Edition 20.3.2/21.1.0. The vulnerability permits unauthenticated network access to compromise Java SE or Gra...
CVE-2021-2161
CVE-2021-2161 affects Oracle Java SE family (Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition) in the Libraries component. The issue arises from how untrusted code is loaded/run and data from untrusted APIs, enabling a network-accessible attacker to perform unauthenticated actions and...
CVE-2021-35550
CVE-2021-35550 is a network-authenticated TLS vulnerability in the JSSE component of Oracle Java SE and Oracle GraalVM Enterprise Edition, affecting Java SE 7u311, 8u301, 11.0.12 and GraalVM EE 20.3.3/21.2.0. Exploitation is possible over TLS with unauthenticated access and can lead to confidenti...
CVE-2020-14621
CVE-2020-14621 details (connected data) : The vulnerability concerns Oracle Java SE/OpenJDK JAXP in Java SE/Embedded. Affected versions include Java SE: 7u261, 8u251, 11.0.7, 14.0.1; Java SE Embedded: 8u251. The issue is described as an easily exploitable flaw in the JAXP component that allows an...
CVE-2020-14577
CVE-2020-14577 is a TLS/JSSE-related issue in Oracle Java SE and Java SE Embedded (affecting Java 7u261, 8u251, 11.0.7 and 14.0.1; Embedded 8u251) enabling unauthenticated network access to read some data. Connected advisories show vendor-specific mitigations: for example, Amazon Linux ALAS advis...
CVE-2024-20952
CVE-2024-20952 affects Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition (Security component). Affected Oracle Java SE versions: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; GraalVM for JDK: 17.0.9, 21.0.1; GraalVM Enterprise Edition: 20.3.12, 21.3.8, 22.3.4. The initia...
CVE-2020-14798
CVE-2020-14798 is a vulnerability in Oracle Java SE Libraries affecting Java SE versions 7u271, 8u261, 11.0.8 and 15, and Java SE Embedded 8u261. Exploitation is possible over network with multiple protocols and does not require authentication, but requires user interaction. Impact described as p...
CVE-2020-2654
CVE-2020-2654 affects Oracle Java SE Libraries in Java SE 7u241, 8u231, 11.0.5 and 13.0.1 (Java SE and Java SE Embedded) with the issue described as an unauthenticated network-access vulnerability that can cause a partial denial of service. The root cause is tied to the Libraries component (with ...
CVE-2020-14781
CVE-2020-14781 affects Oracle Java SE/SE Embedded (JNDI) with affected versions including Java SE 7u271, 8u261, 11.0.8, 15 and Java SE Embedded 8u261. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to read a subset of Java SE/SE Embedded data. The ...
CVE-2020-14581
CVE-2020-14581 affects Oracle Java SE/Java SE Embedded (component: 2D) with affected versions Java SE: 8u251, 11.0.7, 14.0.1 and Java SE Embedded: 8u251. The CVE is listed with a low overall base score (CVSS 3.1: 3.7) and confidentiality impact (C:L) and no impact on integrity/availability (I:N/A...
CVE-2020-14803
CVE-2020-14803 affects Oracle Java SE Libraries in Java SE 11.0.8 and 15. The vulnerability allows an unauthenticated attacker over network to read a subset of Java SE data due to an issue in Libraries handling, per the CVSS base score 5.3 (CONF). Affected advisories across platforms corroborate ...
CVE-2020-2803
CVE-2020-2803 affects OpenJDK (Libraries component, Java SE/OpenJDK). The connected document confirms a vulnerability in boundary checks of java.nio buffer classes that allows an untrusted Java applet/application to bypass Java sandbox restrictions. Affected versions align with the original descr...
CVE-2020-2590
CVE-2020-2590 is an OpenJDK/Oracle Java SE vulnerability in the Security component (Kerberos interop) affecting Java SE and Java SE Embedded across multiple versions. Public descriptions indicate unauthenticated remote access via network and potential unauthorized data updates/deletes; CVSS 3.0 b...
CVE-2020-14779
CVE-2020-14779 affects Oracle Java SE SE/Embedded with Serialization and can enable an unauthenticated network-based attacker to cause partial denial of service. Affected versions include Java SE 7u271, 8u261, 11.0.8, 15 and Java SE Embedded 8u261; attack surface covers client and server deployme...
CVE-2020-2754
CVE-2020-2754 affects Oracle Java SE/Embedded (Scripting) with affected versions Java SE 8u241, 11.0.6 and 14; Java SE Embedded 8u241. Root cause: a parsing/validation weakness in the Scripting component allows an unauthenticated, network-based attacker to cause a partial Denial of Service on Jav...
CVE-2021-35561
CVE-2021-35561 affects Oracle Java SE/GraalVM Enterprise Edition across multiple components (e.g., Utility, Swing, ImageIO, Keytool, JSSE) with affected Java SE versions 7u311, 8u301, 11.0.12, 17 and GraalVM EE 20.3.3/21.2.0. The vulnerability allows unauthenticated network access to cause partia...
CVE-2020-2757
CVE-2020-2757 affects Oracle Java SE/SE Embedded (Serialization). Vulnerable: Java SE: 7u251, 8u241, 11.0.6, 14; SE Embedded: 8u241. Impact: unauthenticated network access leading to partial DoS on Java SE/SE Embedded. Root cause: serialization-related handling in the affected component; sandboxe...
CVE-2021-35603
CVE-2021-35603 is a TLS-related vulnerability in the JSSE component of Java SE and GraalVM Enterprise Edition. Affected: Java SE 7u311, 8u301, 11.0.12, 17; GraalVM EE 20.3.3 and 21.2.0. Description indicates an unauthenticated network attacker could read data from vulnerable Java deployments (e.g...
CVE-2020-2800
CVE-2020-2800 affects Oracle Java SE/Java SE Embedded, specifically the Lightweight HTTP Server component. Affected versions include Java SE 7u251, 8u241, 11.0.6, 14 and Java SE Embedded 8u241. The vulnerability can be exploited over a network with unauthenticated access via multiple protocols, p...
CVE-2020-2830
CVE-2020-2830 affects Oracle Java SE/Java SE Embedded (Concurrency component) with Java SE versions 7u251, 8u241, 11.0.6 and 14; Java SE Embedded 8u241. The vulnerability allows unauthenticated network-based exploitation via multiple protocols, potentially enabling partial denial of service on Ja...
CVE-2021-35578
CVE-2021-35578 affects Java SE (JSSE) and Oracle GraalVM Enterprise Edition; vulnerable are Java SE 8u301, 11.0.12, 17 and GraalVM EE 20.3.3/21.2.0. Attack requires network access via TLS to targeted APIs, with unauthenticated access and no user interaction, potentially enabling a partial denial ...
CVE-2021-35588
CVE-2021-35588 is a vulnerability in Oracle Java SE and GraalVM Enterprise Edition (Hotspot component) affecting Java SE 7u311 and 8u301 and GraalVM Enterprise Edition 20.3.3/21.2.0. The issue allows an unauthenticated, network-accessible attacker to exploit multiple protocols after user interact...
CVE-2020-2773
CVE-2020-2773 is a vulnerability in Oracle Java SE and Java SE Embedded (component: Security) that can be exploited remotely by unauthenticated attackers to cause a partial denial of service on affected Java runtimes. Affected versions include Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedde...
CVE-2020-14593
CVE-2020-14593 is a vulnerability in the 2D component of Oracle Java SE/SE Embedded. Affected: Java SE 7u261, 8u251, 11.0.7, 14.0.1; Java SE Embedded 8u251. Vulnerability type is unspecified in the provided sources, but exploitation is described as unauthenticated with network access via multiple...
CVE-2020-14583
CVE-2020-14583 affects Oracle Java SE/Java SE Embedded (Libraries component). Affected: Java SE 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded 8u251. Exploitation requires network access with user interaction and can lead to takeover of Java SE/Embedded with high impact on confidentiality, int...
CVE-2020-2781
CVE-2020-2781 concerns Oracle/OpenJDK Java SE JSSE vulnerability that allows unauthenticated network access to degrade availability in Java SE and Java SE Embedded (client/server deployment). The Chainguard data confirms affected OpenJDK JSSE components and versions, aligning with the CVE descrip...
CVE-2020-14796
CVE-2020-14796 affects the Libraries component in Oracle Java SE/Java SE Embedded across multiple OpenJDK builds (e.g., Java-7u271? Java-8u261? Java-11.0.8? Java-15; Embedded 8u261). The vulnerability can be exploited by an unauthenticated attacker over network protocols, but exploitation require...
CVE-2021-35567
CVE-2021-35567 affects Oracle Java SE and GraalVM Enterprise Edition libraries; root cause is incorrect principal selection when Kerberos Constrained Delegation is used. Affected: Java SE 8u301, 11.0.12, 17 and GraalVM EE 20.3.3/21.2.0 (Libraries component). Impact includes potential unauthorized...
CVE-2020-2756
CVE-2020-2756 affects Oracle Java SE/Java SE Embedded (component: Serialization). Affected: Java SE 7u251, 8u241, 11.0.6, 14; Java SE Embedded 8u241. An unauthenticated, network-exposed attacker can exploit to cause a partial Denial of Service. Connected advisories show remediation via updating t...
CVE-2020-2583
CVE-2020-2583 affects OpenJDK/OpenJDK-derived packages across multiple vendors and OSes, with the Serialization component (and related areas) being impacted. Public advisories in Debian (DLA-2128-1) and CentOS/Red Hat family outline affected versions such as Java 7u241/8u231/11.0.5/13.0.1 (and em...
CVE-2020-14579
CVE-2020-14579 affects Oracle Java SE/Embedded (Libraries component) with affected Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. The connected advisories confirm network-remote, unauthenticated access leading to a partial denial of service via multiple protocols, per CVSS 3.1 Base Score 3.7 ...