CVSS: 5.3EPSS: 0%CPEs: 33EXPL: 0CVE-2019-2762 – OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328)
https://notcve.org/view.php?id=CVE-2019-2762
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://access.redhat.com/errata/RHSA-2019:2494 https://access.redhat.com/errata/RHSA-2019:2495 https://access.redhat.com/errata/RHSA-2019:2585 https://access.redhat.com/errata/RHSA-2019:2590 https://access.redhat.com/errata/RHSA-2019:2592 https://access.redhat.com •
CVSS: 5.1EPSS: 0%CPEs: 18EXPL: 0CVE-2019-2745 – OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698)
https://notcve.org/view.php?id=CVE-2019-2745
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://kc.mcafee.com/corporate/index?page=content&id=SB10300 https://lists.debian.org/debian-lts-announce/2019/08/msg00020.html https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us https://usn.ubuntu.com/4080-1 https://access&# • CWE-385: Covert Timing Channel •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-3619
https://notcve.org/view.php?id=CVE-2019-3619
Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server. Vulnerabilidad de divulgación de información en el administrador de agentes en McAfee ePolicy Orchestrator (ePO) versión 5.9.x y 5.10.0 anterior a la versión 5.10.0 La actualización 4 permite que un atacante remoto no autenticado vea información confidencial en texto sin formato mediante el rastreo del tráfico entre el administrador de agentes y el SQL servidor. • http://www.securityfocus.com/bid/109066 https://kc.mcafee.com/corporate/index?page=content&id=SB10286 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 41EXPL: 0CVE-2019-2602 – OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)
https://notcve.org/view.php?id=CVE-2019-2602
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/errata/RHBA-2019:0959 https://access.redhat.com/errata/RHSA-2019:1146 https://access.redhat.com/errata • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6672 – SB10240 - ePolicy Orchestrator (ePO) - Information disclosure vulnerablity
https://notcve.org/view.php?id=CVE-2018-6672
Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors. Vulnerabilidad de divulgación de información en McAfee ePolicy Orchestrator (ePO) desde la versión 5.3.0 hasta la 5.3.3 y de la versión 5.9.0 a la 5.9.1 permite que usuarios autenticados vean información sensible en formato de texto plano mediante vectores sin especificar. • http://www.securityfocus.com/bid/104485 http://www.securitytracker.com/id/1041155 https://kc.mcafee.com/corporate/index?page=content&id=SB10240 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •