CVSS: 9.6EPSS: 0%CPEs: 51EXPL: 0CVE-2017-10107 – OpenJDK: insufficient access control checks in ActivationID (RMI, 8173697)
https://notcve.org/view.php?id=CVE-2017-10107
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantl... • http://www.debian.org/security/2017/dsa-3919 •
CVSS: 5.3EPSS: 0%CPEs: 53EXPL: 0CVE-2017-10108 – OpenJDK: unbounded memory allocation in BasicAttribute deserialization (Serialization, 8174105)
https://notcve.org/view.php?id=CVE-2017-10108
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial... • http://www.debian.org/security/2017/dsa-3919 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 52EXPL: 0CVE-2017-10109 – OpenJDK: unbounded memory allocation in CodeSource deserialization (Serialization, 8174113)
https://notcve.org/view.php?id=CVE-2017-10109
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial... • http://www.debian.org/security/2017/dsa-3919 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.6EPSS: 0%CPEs: 51EXPL: 0CVE-2017-10110 – OpenJDK: insufficient access control checks in ImageWatched (AWT, 8174098)
https://notcve.org/view.php?id=CVE-2017-10110
20 Jul 2017 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can resu... • http://www.debian.org/security/2017/dsa-3919 •
CVSS: 9.6EPSS: 1%CPEs: 44EXPL: 0CVE-2017-10111 – OpenJDK: incorrect range checks in LambdaFormEditor (Libraries, 8184185)
https://notcve.org/view.php?id=CVE-2017-10111
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact a... • http://www.debian.org/security/2017/dsa-3919 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 52EXPL: 0CVE-2017-10115 – OpenJDK: DSA implementation timing attack (JCE, 8175106)
https://notcve.org/view.php?id=CVE-2017-10115
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java... • http://www.debian.org/security/2017/dsa-3919 • CWE-385: Covert Timing Channel •
CVSS: 8.3EPSS: 1%CPEs: 53EXPL: 0CVE-2017-10116 – OpenJDK: LDAPCertStore following referrals to non-LDAP URLs (Security, 8176067)
https://notcve.org/view.php?id=CVE-2017-10116
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE... • http://www.debian.org/security/2017/dsa-3919 •
CVSS: 5.9EPSS: 0%CPEs: 52EXPL: 0CVE-2017-10135 – OpenJDK: PKCS#8 implementation timing attack (JCE, 8176760)
https://notcve.org/view.php?id=CVE-2017-10135
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Ja... • http://www.debian.org/security/2017/dsa-3919 • CWE-385: Covert Timing Channel •
CVSS: 9.1EPSS: 55%CPEs: 34EXPL: 0CVE-2017-9788 – httpd: Uninitialized memory reflection in mod_auth_digest
https://notcve.org/view.php?id=CVE-2017-9788
13 Jul 2017 — In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. En Apache httpd, en versiones... • http://www.debian.org/security/2017/dsa-3913 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-456: Missing Initialization of a Variable •
CVSS: 5.3EPSS: 3%CPEs: 28EXPL: 0CVE-2017-3142 – An error in TSIG authentication can permit unauthorized zone transfers
https://notcve.org/view.php?id=CVE-2017-3142
30 Jun 2017 — An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0... • http://www.securityfocus.com/bid/99339 • CWE-20: Improper Input Validation CWE-287: Improper Authentication •