CVSS: 8.3EPSS: 0%CPEs: 26EXPL: 0CVE-2018-3169 – OpenJDK: Improper field access checks (Hotspot, 8199226)
https://notcve.org/view.php?id=CVE-2018-3169
17 Oct 2018 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significa... • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: 29EXPL: 0CVE-2018-3180 – OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613)
https://notcve.org/view.php?id=CVE-2018-3180
17 Oct 2018 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedde... • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html • CWE-295: Improper Certificate Validation •
CVSS: 9.0EPSS: 0%CPEs: 21EXPL: 0CVE-2018-3183 – OpenJDK: Unrestricted access to scripting engine (Scripting, 8202936)
https://notcve.org/view.php?id=CVE-2018-3183
17 Oct 2018 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful at... • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 26EXPL: 0CVE-2018-3214 – OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361)
https://notcve.org/view.php?id=CVE-2018-3214
17 Oct 2018 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of... • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.8EPSS: 0%CPEs: 10EXPL: 0CVE-2017-7513
https://notcve.org/view.php?id=CVE-2017-7513
22 Aug 2018 — It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a PostgreSQL server using a specially crafted X.509 certificate. Se ha detectado que Satellite 5 configurado con SSL/TLS para el backend PostgreSQL no pudo validar correctamente los campos de nombre de host de certificado de servidor X.509. Un atacante Man-in-the-Middle (MitM) podría usar este fallo ... • https://access.redhat.com/security/cve/cve-2017-7513 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 1%CPEs: 17EXPL: 0CVE-2018-1517 – JDK: DoS in the java.math component
https://notcve.org/view.php?id=CVE-2018-1517
20 Aug 2018 — A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681. Un fallo en el componente java.math en IBM SDK, Java Technology Edition 6.0, 7.0 y 8.0 podría permitir que un atacante inflija un ataque de denegación de servicio (DoS) con datos String especialmente manipulados. IBM X-Force ID: 141681. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Envir... • http://www.ibm.com/support/docview.wss?uid=ibm10719653 • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 2%CPEs: 14EXPL: 0CVE-2018-1656 – JDK: path traversal flaw in the Diagnostic Tooling Framework
https://notcve.org/view.php?id=CVE-2018-1656
20 Aug 2018 — The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882. Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0, 7.0 y 8.0) de IBM Java Runtime Environment no protege contra ataques de salto de directorio cuando se extraen archivos de volcado comprimidos. IBM X-Force ID: 144882. IBM Java SE vers... • http://www.ibm.com/support/docview.wss?uid=ibm10719653 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 37EXPL: 1CVE-2018-1000632 – dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents
https://notcve.org/view.php?id=CVE-2018-1000632
20 Aug 2018 — dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later. dom4j en versiones anteriores a la 2.1.1 contiene una vulnerabilidad CWE-91: Inyección XML en Clase: Element. Métodos: ... • https://access.redhat.com/errata/RHSA-2019:0362 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 9.8EPSS: 23%CPEs: 4EXPL: 0CVE-2018-10931 – cobbler: CobblerXMLRPCInterface exports all its methods over XMLRPC
https://notcve.org/view.php?id=CVE-2018-10931
09 Aug 2018 — It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon. Se ha descubierto que cobbler 2.6.x exponía todas las funciones desde su clase CobblerXMLRPCInterface mediante XMLRPC. Un atacante no autenticado remoto podría emplear este error para obtener privilegios elevados en cobbler o subir archivos a ubic... • https://access.redhat.com/errata/RHSA-2018:2372 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2017-12175 – 6: XSS in discovery rule filter autocomplete functionality
https://notcve.org/view.php?id=CVE-2017-12175
26 Jul 2018 — Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality. Red Hat Satellite en versiones anteriores a la 6.5 es vulnerable a Cross-Site Scripting (XSS) en la regla discovery cuando se introduce un filtro y se utiliza la funcionalidad de autocompletado. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a ... • http://www.securityfocus.com/bid/101245 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •