CVSS: 4.3EPSS: 0%CPEs: 46EXPL: 0CVE-2018-2952 – OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)
https://notcve.org/view.php?id=CVE-2018-2952
18 Jul 2018 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service ... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.9EPSS: 0%CPEs: 34EXPL: 0CVE-2018-2973 – JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE)
https://notcve.org/view.php?id=CVE-2018-2973
18 Jul 2018 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessib... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 8.3EPSS: 1%CPEs: 21EXPL: 0CVE-2018-2941 – JDK: unspecified vulnerability fixed in 7u191, 8u181, and 10.0.2 (JavaFX)
https://notcve.org/view.php?id=CVE-2018-2941
18 Jul 2018 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u181, 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability ca... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 8.3EPSS: 1%CPEs: 20EXPL: 0CVE-2018-2964 – JDK: unspecified vulnerability fixed in 8u181 and 10.0.2 (Deployment)
https://notcve.org/view.php?id=CVE-2018-2964
18 Jul 2018 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can r... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2972 – Ubuntu Security Notice USN-3747-1
https://notcve.org/view.php?id=CVE-2018-2972
18 Jul 2018 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). The supported version that is affected is Java SE: 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: Applies to client and server deployment of Java. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 2CVE-2018-14048 – Ubuntu Security Notice USN-5432-1
https://notcve.org/view.php?id=CVE-2018-14048
13 Jul 2018 — An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. Se ha encontrado un problema en libpng 1.6.34. Es un SEGV en la función png_free_data en png.c, relacionado con el manejo de errores recomendado para png_read_image. It was discovered that libpng incorrectly handled memory when parsing certain PNG files. • http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html •
CVSS: 6.5EPSS: 2%CPEs: 19EXPL: 0CVE-2018-13785 – libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service
https://notcve.org/view.php?id=CVE-2018-13785
09 Jul 2018 — In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. En libpng 1.6.34, un cálculo erróneo de row_factor en la función png_check_chunk_length (pngrutil.c) podría desencadenar un desbordamiento de enteros y una división entre cero resultante al procesar un archivo PNG manipulado, lo que conduciría a una denegación de servicio (DoS)... • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html • CWE-190: Integer Overflow or Wraparound CWE-369: Divide By Zero •