CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 0CVE-2019-2981 – OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)
https://notcve.org/view.php?id=CVE-2019-2981
16 Oct 2019 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Th... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html • CWE-248: Uncaught Exception •
CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 0CVE-2019-2983 – OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915)
https://notcve.org/view.php?id=CVE-2019-2983
16 Oct 2019 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html • CWE-248: Uncaught Exception •
CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 0CVE-2019-2988 – OpenJDK: Integer overflow in bounds check in SunGraphics2D (2D, 8225292)
https://notcve.org/view.php?id=CVE-2019-2988
16 Oct 2019 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.8EPSS: 1%CPEs: 19EXPL: 0CVE-2019-2989 – OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298)
https://notcve.org/view.php?id=CVE-2019-2989
16 Oct 2019 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can res... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 0CVE-2019-2992 – OpenJDK: Excessive memory allocation in CMap when reading TrueType font (2D, 8225597)
https://notcve.org/view.php?id=CVE-2019-2992
16 Oct 2019 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.7EPSS: 1%CPEs: 37EXPL: 0CVE-2019-2999 – OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765)
https://notcve.org/view.php?id=CVE-2019-2999
16 Oct 2019 — Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability ca... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.1EPSS: 0%CPEs: 37EXPL: 0CVE-2019-2945 – OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573)
https://notcve.org/view.php?id=CVE-2019-2945
16 Oct 2019 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html •
CVSS: 6.8EPSS: 0%CPEs: 36EXPL: 0CVE-2019-2949 – OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302)
https://notcve.org/view.php?id=CVE-2019-2949
16 Oct 2019 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unaut... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0CVE-2019-2987 – OpenJDK: Missing glyph bitmap image dimension check in FreetypeFontScaler (2D, 8225286)
https://notcve.org/view.php?id=CVE-2019-2987
16 Oct 2019 — Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web S... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-5507
https://notcve.org/view.php?id=CVE-2019-5507
09 Oct 2019 — SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information. SnapManager para Oracle anterior a la versión 3.4.2P1, son susceptibles a una vulnerabilidad que cuando es explotada con éxito podría conllevar a la divulgación de información confidencial. • https://security.netapp.com/advisory/ntap-20191009-0004 •