CVSS: 5.3EPSS: 0%CPEs: 29EXPL: 0CVE-2018-2797 – OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985)
https://notcve.org/view.php?id=CVE-2018-2797
19 Apr 2018 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) ... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.7EPSS: 0%CPEs: 9EXPL: 0CVE-2018-2811 – JDK: unspecified vulnerability fixed in 8u171 and 10.0.1 (Install)
https://notcve.org/view.php?id=CVE-2018-2811
19 Apr 2018 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 5.3EPSS: 0%CPEs: 29EXPL: 0CVE-2018-2795 – OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977)
https://notcve.org/view.php?id=CVE-2018-2795
19 Apr 2018 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial ... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.3EPSS: 0%CPEs: 12EXPL: 0CVE-2018-2639 – JDK: unspecified vulnerability fixed in 8u161 and 9.0.4 (Deployment)
https://notcve.org/view.php?id=CVE-2018-2639
18 Jan 2018 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can re... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html •
CVSS: 4.7EPSS: 0%CPEs: 31EXPL: 0CVE-2018-2581 – JDK: unspecified vulnerability fixed in 7u171, 8u161, and 9.0.4 (JavaFX)
https://notcve.org/view.php?id=CVE-2018-2581
18 Jan 2018 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can r... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html •
CVSS: 8.3EPSS: 0%CPEs: 34EXPL: 0CVE-2018-2638 – JDK: unspecified vulnerability fixed in 8u161 and 9.0.4 (Deployment)
https://notcve.org/view.php?id=CVE-2018-2638
18 Jan 2018 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can re... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2018-2627 – JDK: unspecified vulnerability fixed in 8u161 and 9.0.4 (Installer)
https://notcve.org/view.php?id=CVE-2018-2627
18 Jan 2018 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerabi... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html •
CVSS: 4.5EPSS: 0%CPEs: 34EXPL: 0CVE-2018-2602 – OpenJDK: loading of classes from untrusted locations (I18n, 8182601)
https://notcve.org/view.php?id=CVE-2018-2602
18 Jan 2018 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability ca... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-426: Untrusted Search Path •
CVSS: 5.3EPSS: 0%CPEs: 35EXPL: 0CVE-2018-2603 – OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387)
https://notcve.org/view.php?id=CVE-2018-2603
18 Jan 2018 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (part... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 0%CPEs: 34EXPL: 0CVE-2018-2641 – OpenJDK: GTK library loading use-after-free (AWT, 8185325)
https://notcve.org/view.php?id=CVE-2018-2641
18 Jan 2018 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may sig... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-416: Use After Free •