CVSS: 4.3EPSS: 0%CPEs: 35EXPL: 0CVE-2018-2678 – OpenJDK: unbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142)
https://notcve.org/view.php?id=CVE-2018-2678
18 Jan 2018 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerabilit... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0CVE-2018-2582 – OpenJDK: insufficient validation of the invokeinterface instruction (Hotspot, 8174962)
https://notcve.org/view.php?id=CVE-2018-2582
18 Jan 2018 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion ... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html •
CVSS: 4.3EPSS: 0%CPEs: 35EXPL: 0CVE-2018-2588 – OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449)
https://notcve.org/view.php?id=CVE-2018-2588
18 Jan 2018 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JR... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •
CVSS: 5.8EPSS: 0%CPEs: 35EXPL: 0CVE-2018-2599 – OpenJDK: DnsClient missing source port randomization (JNDI, 8182125)
https://notcve.org/view.php?id=CVE-2018-2599
18 Jan 2018 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, J... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-330: Use of Insufficiently Random Values •
CVSS: 4.5EPSS: 0%CPEs: 34EXPL: 0CVE-2018-2602 – OpenJDK: loading of classes from untrusted locations (I18n, 8182601)
https://notcve.org/view.php?id=CVE-2018-2602
18 Jan 2018 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability ca... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-426: Untrusted Search Path •
CVSS: 5.3EPSS: 0%CPEs: 35EXPL: 0CVE-2018-2603 – OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387)
https://notcve.org/view.php?id=CVE-2018-2603
18 Jan 2018 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (part... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 8%CPEs: 58EXPL: 0CVE-2017-15095 – jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)
https://notcve.org/view.php?id=CVE-2017-15095
13 Nov 2017 — A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously. Se ha descubierto un error de deserialización en jackson-databind, en versiones anteriores a la 2.8.10 y a la 2.9.1, que podría permitir que un usu... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html • CWE-184: Incomplete List of Disallowed Inputs CWE-502: Deserialization of Untrusted Data •
CVSS: 3.1EPSS: 0%CPEs: 55EXPL: 0CVE-2017-10345 – OpenJDK: unbounded resource use in JceKeyStore deserialization (Serialization, 8181370)
https://notcve.org/view.php?id=CVE-2017-10345
19 Oct 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulne... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.6EPSS: 0%CPEs: 54EXPL: 0CVE-2017-10346 – OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711)
https://notcve.org/view.php?id=CVE-2017-10346
19 Oct 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may signi... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html •
CVSS: 5.3EPSS: 0%CPEs: 54EXPL: 0CVE-2017-10347 – OpenJDK: unbounded memory allocation in SimpleTimeZone deserialization (Serialization, 8181323)
https://notcve.org/view.php?id=CVE-2017-10347
19 Oct 2017 — Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability ... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html • CWE-770: Allocation of Resources Without Limits or Throttling •