Published: 18/07/2023 Updated: 26/01/2024

CVSS v3 Base Score: 3.7 | Impact Score: 1.4 | Exploitability Score: 2.2

VMScore: 0

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2023-22006) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2023-22036) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2023-22041) Vulnerability in Oracle Java SE (component: JavaFX). The supported version that is affected is Oracle Java SE: 8u371. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2023-22043) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2023-22045) Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2023-22049) hb-ot-layout-gsubgpos.hh in HarfBuzz up to and including 6.0.0 allows malicious users to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. (CVE-2023-25193)

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle jre 17.0.7
oracle jre 11.0.19
oracle jdk 17.0.7
oracle jdk 11.0.19
oracle graalvm for jdk 20.0.1
oracle graalvm 21.3.6
oracle graalvm 22.3.2
oracle graalvm 20.3.10
oracle jre 1.8.0
oracle jdk 1.8.0
oracle jdk 20.0.1
oracle jre 20.0.1
oracle graalvm for jdk 17.0.7
debian debian linux 10.0
debian debian linux 11.0
debian debian linux 12.0
netapp oncommand insight -
netapp active iq unified manager -
netapp 7-mode transition tool -
netapp cloud insights acquisition unit -
netapp cloud insights storage workload security agent -

Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service For the oldstable distribution (bullseye) additional build dependencies need to be backported, a fix ...

Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service For the oldstable distribution (bullseye), these problems have been fixed in version 11020+8-1~deb ...

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking) Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11018, 1706, 20; Oracle GraalVM Enterprise Edition: 2039, 2135 and 2231 Difficult to exploit vulnerability allows unauthenticated attacker ...

DescriptionThe MITRE CVE dictionary describes this issue as: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot) Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11019, 1707, 2001; Oracle GraalVM Enterprise Edition: 20310, 2 ...

Synopsis Moderate: java-11-openjdk security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rate ...

概述 Moderate: Red Hat OpenShift Dev Spaces Security Update 类型/严重性 Security Advisory: Moderate 标题 Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and abrowser-based IDE built for teams and organizations Dev Spaces runs inOpenShift and is well-suited for container-based developmentThe 371 release is ...

Synopsis Moderate: java-17-openjdk security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-17-openjdk is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rate ...

概述 Moderate: java-17-openjdk security and bug fix update 类型/严重性 Security Advisory: Moderate Red Hat Insights 补丁分析识别并修复受此公告影响的系统。查看受影响的系统标题 An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this up ...

Synopsis Moderate: OpenJDK 1708 Security Update for Windows Builds Type/Severity Security Advisory: Moderate Topic An update is now available for OpenJDKRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is ...

概述 Moderate: java-11-openjdk security and bug fix update 类型/严重性 Security Advisory: Moderate Red Hat Insights 补丁分析识别并修复受此公告影响的系统。查看受影响的系统标题 An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this up ...

Synopsis Moderate: java-180-openjdk security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 8Red Hat Product Security ha ...

概述 Moderate: java-180-openjdk security and bug fix update 类型/严重性 Security Advisory: Moderate Red Hat Insights 补丁分析识别并修复受此公告影响的系统。查看受影响的系统标题 An update for java-180-openjdk is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated t ...

Synopsis Moderate: java-180-openjdk security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Produ ...

Synopsis Moderate: OpenJDK security update Type/Severity Security Advisory: Moderate Topic An update is now available for OpenJDKRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnera ...

Synopsis Moderate: java-17-openjdk security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-17-openjdk is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Sec ...

Synopsis Moderate: OpenJDK 11020 Security Update for Windows Builds Type/Severity Security Advisory: Moderate Topic An update is now available for OpenJDKRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is ...

Synopsis Moderate: OpenJDK 8u382 Security Update for Portable Linux Builds Type/Severity Security Advisory: Moderate Topic An update is now available for OpenJDKRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity ratin ...

Synopsis Moderate: OpenJDK 8u382 Windows Security Update Type/Severity Security Advisory: Moderate Topic An update is now available for OpenJDKRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available fo ...

Synopsis Important: Release of OpenShift Serverless Logic 1300 SP1 security update Type/Severity Security Advisory: Important Topic Release of OpenShift Serverless Operator 1301 and OpenShift Serverless Logic 1300 SP1Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

Synopsis Moderate: Release of OpenShift Serverless 1291 Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Serverless version 1291 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity ...

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility) Supported versions that are affected are Oracle Java SE: 11019, 1707, 2001; Oracle GraalVM Enterprise Edition: 20310, 2136, 2232; Oracle GraalVM for JDK: 1707 and 2001 Difficult to exploit ...

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking) Supported versions that are affected are Oracle Java SE: 11019, 1707, 2001; Oracle GraalVM Enterprise Edition: 20310, 2136, 2232; Oracle GraalVM for JDK: 1707 and 2001 Difficult to exploi ...

Vulnerability in Oracle Java SE (component: JavaFX) The supported version that is affected is Oracle Java SE: 8u371 Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Successful attacks of this vulnerability can result in unauthorized creation, deletion o ...

Cosminexus Developer's Kit for Java(TM) and Hitachi Developer's Kit for Java contain the following vulnerabilities: CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193 Affected products and versions are listed below Please upgrade your version to the appropriate version These vulnera ...

Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22043, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193 Affected products and versi ...

NVD-CWE-noinfo https://www.oracle.com/security-alerts/cpujul2023.html https://security.netapp.com/advisory/ntap-20230725-0006/https://www.debian.org/security/2023/dsa-5458 https://www.debian.org/security/2023/dsa-5478 https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5458 https://alas.aws.amazon.com/AL2/ALAS-2023-2137.html

Get Started

CVE-2023-22045

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect