CVE-2018-2814 – OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025)
https://notcve.org/view.php?id=CVE-2018-2814
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103798 http://www.securitytracker.com/id/1040697 https://access.redhat.com/errata/RHSA-2018:1188 https://access.redhat.com/errata/RHSA-2018:1191 https://access.redhat.com/errata/RHSA-2018:1201 https://access.redhat.com/errata/RHSA-2018:1202 https://access.redhat.com/errata/RHSA-2018:1203 https://access.redhat.com/errata/RHSA-2018:1204 https://access.redhat.com/errata/ •
CVE-2018-2797 – OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985)
https://notcve.org/view.php?id=CVE-2018-2797
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103846 http://www.securitytracker.com/id/1040697 https://access.redhat.com/errata/RHSA-2018:1188 https://access.redhat.com/errata/RHSA-2018:1191 https://access.redhat.com/errata/RHSA-2018:1201 https://access.redhat.com/errata/RHSA-2018:1202 https://access.redhat.com/errata/RHSA-2018:1203 https://access.redhat.com/errata/RHSA-2018:1204 https://access.redhat.com/errata/ • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2018-2811 – JDK: unspecified vulnerability fixed in 8u171 and 10.0.1 (Install)
https://notcve.org/view.php?id=CVE-2018-2811
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103810 http://www.securitytracker.com/id/1040697 https://access.redhat.com/errata/RHSA-2018:1202 https://access.redhat.com/errata/RHSA-2018:1204 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://security.gentoo.org/glsa/201903-14 https://security.netapp.com/advisory/ntap-20180419-0001 https://access.redhat.com/sec •
CVE-2018-2799 – OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993)
https://notcve.org/view.php?id=CVE-2018-2799
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103872 http://www.securitytracker.com/id/1040697 https://access.redhat.com/errata/RHSA-2018:1188 https://access.redhat.com/errata/RHSA-2018:1191 https://access.redhat.com/errata/RHSA-2018:1201 https://access.redhat.com/errata/RHSA-2018:1202 https://access.redhat.com/errata/RHSA-2018:1204 https://access.redhat.com/errata/RHSA-2018:1206 https://access.redhat.com/errata/ • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2018-2638 – JDK: unspecified vulnerability fixed in 8u161 and 9.0.4 (Deployment)
https://notcve.org/view.php?id=CVE-2018-2638
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102546 http://www.securitytracker.com/id/1040203 https://access.redhat.com/errata/RHSA-2018:0099 https://access.redhat.com/errata/RHSA-2018:0351 https://access.redhat.com/errata/RHSA-2018:0352 https://access.redhat.com/errata/RHSA-2018:1463 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://security.netapp.com/ •