CVSS: 8.3EPSS: 0%CPEs: 25EXPL: 0CVE-2018-2825 – Oracle Java MethodHandles setVolatile Type Confusion Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2018-2825
18 Apr 2018 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeo... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 8.3EPSS: 3%CPEs: 25EXPL: 0CVE-2018-2826 – Oracle Java MethodHandles tryFinally Type Confusion Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2018-2826
18 Apr 2018 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeo... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2018-2627 – JDK: unspecified vulnerability fixed in 8u161 and 9.0.4 (Installer)
https://notcve.org/view.php?id=CVE-2018-2627
18 Jan 2018 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerabi... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html •
CVSS: 8.3EPSS: 0%CPEs: 34EXPL: 0CVE-2018-2638 – JDK: unspecified vulnerability fixed in 8u161 and 9.0.4 (Deployment)
https://notcve.org/view.php?id=CVE-2018-2638
18 Jan 2018 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can re... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html •
CVSS: 4.7EPSS: 0%CPEs: 31EXPL: 0CVE-2018-2581 – JDK: unspecified vulnerability fixed in 7u171, 8u161, and 9.0.4 (JavaFX)
https://notcve.org/view.php?id=CVE-2018-2581
18 Jan 2018 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can r... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html •
CVSS: 5.3EPSS: 2%CPEs: 28EXPL: 0CVE-2017-15906 – openssh: Improper write operations in readonly mode allow for zero-length file creation
https://notcve.org/view.php?id=CVE-2017-15906
26 Oct 2017 — The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. La función process_open en sftp-server.c en OpenSSH, en versiones anteriores a la 7.6, no evita correctamente las operaciones de escritura en el modo readonly, lo que permite que los atacantes creen archivos de longitud cero. Jann Horn discovered that OpenSSH incorrectly loaded PKCS#11 modules from untrusted directories. A remote a... • http://www.securityfocus.com/bid/101552 • CWE-20: Improper Input Validation CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 3.1EPSS: 0%CPEs: 55EXPL: 0CVE-2017-10345 – OpenJDK: unbounded resource use in JceKeyStore deserialization (Serialization, 8181370)
https://notcve.org/view.php?id=CVE-2017-10345
19 Oct 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulne... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.6EPSS: 0%CPEs: 54EXPL: 0CVE-2017-10346 – OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711)
https://notcve.org/view.php?id=CVE-2017-10346
19 Oct 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may signi... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html •
CVSS: 5.3EPSS: 0%CPEs: 54EXPL: 0CVE-2017-10347 – OpenJDK: unbounded memory allocation in SimpleTimeZone deserialization (Serialization, 8181323)
https://notcve.org/view.php?id=CVE-2017-10347
19 Oct 2017 — Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability ... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 54EXPL: 0CVE-2017-10348 – OpenJDK: multiple unbounded memory allocations in deserialization (Libraries, 8181432)
https://notcve.org/view.php?id=CVE-2017-10348
19 Oct 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. No... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html • CWE-770: Allocation of Resources Without Limits or Throttling •