CVSS: 6.8EPSS: 0%CPEs: 32EXPL: 0CVE-2018-2634 – OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600)
https://notcve.org/view.php?id=CVE-2018-2634
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102592 http://www.securitytracker.com/id/1040203 https://access.redhat.com/errata/RHSA-2018:0095 https://access.redhat.com/errata/RHSA-2018:0099 https://access.redhat.com/errata/RHSA-2018:0100 https://access.redhat.com/errata/RHSA-2018:0349 https://access.redhat.com/errata/RHSA-2018:0351 https://access.redhat.com/errata/RHSA-2018:0352 https://access.redhat.com/errata/ • CWE-284: Improper Access Control •
CVSS: 7.4EPSS: 0%CPEs: 35EXPL: 0CVE-2018-2637 – OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998)
https://notcve.org/view.php?id=CVE-2018-2637
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102576 http://www.securitytracker.com/id/1040203 https://access.redhat.com/errata/RHSA-2018:0095 https://access.redhat.com/errata/RHSA-2018:0099 https://access.redhat.com/errata/RHSA-2018:0100 https://access.redhat.com/errata/RHSA-2018:0115 https://access.redhat.com/errata/RHSA-2018:0349 https://access.redhat.com/errata/RHSA-2018:0351 https://access.redhat.com/errata/ • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.1EPSS: 1%CPEs: 15EXPL: 0CVE-2014-0418 – JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
https://notcve.org/view.php?id=CVE-2014-0418
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, and CVE-2014-0424. Vulnerabilidad no especificada en Oracle Java SE 6u65 y 7u45 que permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con el despliegue, una vulnerabilidad diferente a CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, y CVE-2014-0424. • http://marc.info/?l=bugtraq&m=139402697611681&w=2 http://marc.info/?l=bugtraq&m=139402749111889&w=2 http://osvdb.org/102012 http://rhn.redhat.com/errata/RHSA-2014-0030.html http://secunia.com/advisories/56485 http://secunia.com/advisories/56535 http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.securityfocus.com/bid/64758 http://www.securityfocus.com/bid/64917 http://www.securitytracker.com/id/1029608 https://access.redhat.com/errat •
CVSS: 5.1EPSS: 1%CPEs: 17EXPL: 0CVE-2013-5906 – JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (Install)
https://notcve.org/view.php?id=CVE-2013-5906
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install, a different vulnerability than CVE-2013-5905. Vulnerabilidad no especificada en Oracle Java SE 5.0u55, 6u65 y 7u45 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Install, una vulnerabilidad diferente a CVE-2013-5905. • http://marc.info/?l=bugtraq&m=139402697611681&w=2 http://marc.info/?l=bugtraq&m=139402749111889&w=2 http://osvdb.org/102010 http://rhn.redhat.com/errata/RHSA-2014-0030.html http://secunia.com/advisories/56485 http://secunia.com/advisories/56535 http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.securityfocus.com/bid/64758 http://www.securityfocus.com/bid/64903 http://www.securitytracker.com/id/1029608 https://access.redhat.com/errat •
CVSS: 6.8EPSS: 0%CPEs: 14EXPL: 0CVE-2013-5895 – JDK: multiple unspecified vulnerabilities fixed in 7u51 (JavaFX)
https://notcve.org/view.php?id=CVE-2013-5895
Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX. Vulnerabilidad no especificada en Oracle Java SE 7u45 y JavaFX 2.2.45 permite a atacantes remotos afectar a la confidencialidad a través de vectores desconocidos relacionados con JavaFX. • http://marc.info/?l=bugtraq&m=139402697611681&w=2 http://osvdb.org/102022 http://rhn.redhat.com/errata/RHSA-2014-0030.html http://secunia.com/advisories/56484 http://secunia.com/advisories/56485 http://secunia.com/advisories/56535 http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.securityfocus.com/bid/64758 http://www.securityfocus.com/bid/64906 http://www.securitytracker.com/id/1029608 https://exchange.xforce.ibmcloud.com/vulnerabilities/90 •