CVE-2018-2602 – OpenJDK: loading of classes from untrusted locations (I18n, 8182601)
https://notcve.org/view.php?id=CVE-2018-2602
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102642 http://www.securitytracker.com/id/1040203 https://access.redhat.com/errata/RHSA-2018:0095 https://access.redhat.com/errata/RHSA-2018:0099 https://access.redhat.com/errata/RHSA-2018:0100 https://access.redhat.com/errata/RHSA-2018:0115 https://access.redhat.com/errata/RHSA-2018:0349 https://access.redhat.com/errata/RHSA-2018:0351 https://access.redhat.com/errata/ • CWE-426: Untrusted Search Path •
CVE-2018-2629 – OpenJDK: GSS context use-after-free (JGSS, 8186212)
https://notcve.org/view.php?id=CVE-2018-2629
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102615 http://www.securitytracker.com/id/1040203 https://access.redhat.com/errata/RHSA-2018:0095 https://access.redhat.com/errata/RHSA-2018:0099 https://access.redhat.com/errata/RHSA-2018:0100 https://access.redhat.com/errata/RHSA-2018:0115 https://access.redhat.com/errata/RHSA-2018:0349 https://access.redhat.com/errata/RHSA-2018:1463 https://access.redhat.com/errata/ • CWE-416: Use After Free •
CVE-2018-2581 – JDK: unspecified vulnerability fixed in 7u171, 8u161, and 9.0.4 (JavaFX)
https://notcve.org/view.php?id=CVE-2018-2581
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102636 http://www.securitytracker.com/id/1040203 https://access.redhat.com/errata/RHSA-2018:0099 https://access.redhat.com/errata/RHSA-2018:0100 https://access.redhat.com/errata/RHSA-2018:1463 https://access.redhat.com/errata/RHSA-2018:1812 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://security.netapp.com/ •
CVE-2018-2641 – OpenJDK: GTK library loading use-after-free (AWT, 8185325)
https://notcve.org/view.php?id=CVE-2018-2641
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102605 http://www.securitytracker.com/id/1040203 https://access.redhat.com/errata/RHSA-2018:0095 https://access.redhat.com/errata/RHSA-2018:0099 https://access.redhat.com/errata/RHSA-2018:0100 https://access.redhat.com/errata/RHSA-2018:0115 https://access.redhat.com/errata/RHSA-2018:0349 https://access.redhat.com/errata/RHSA-2018:0351 https://access.redhat.com/errata/ • CWE-416: Use After Free •
CVE-2018-2633 – OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606)
https://notcve.org/view.php?id=CVE-2018-2633
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102557 http://www.securitytracker.com/id/1040203 https://access.redhat.com/errata/RHSA-2018:0095 https://access.redhat.com/errata/RHSA-2018:0099 https://access.redhat.com/errata/RHSA-2018:0100 https://access.redhat.com/errata/RHSA-2018:0115 https://access.redhat.com/errata/RHSA-2018:0349 https://access.redhat.com/errata/RHSA-2018:0351 https://access.redhat.com/errata/ • CWE-20: Improper Input Validation •