CVSS: 4.3EPSS: 0%CPEs: 52EXPL: 0CVE-2020-2659 – OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795)
https://notcve.org/view.php?id=CVE-2020-2659
15 Jan 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vul... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.1EPSS: 2%CPEs: 68EXPL: 0CVE-2020-2604 – OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)
https://notcve.org/view.php?id=CVE-2020-2604
15 Jan 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typi... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html • CWE-471: Modification of Assumed-Immutable Data (MAID) CWE-502: Deserialization of Untrusted Data •
CVSS: 6.8EPSS: 0%CPEs: 66EXPL: 0CVE-2020-2601 – OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951)
https://notcve.org/view.php?id=CVE-2020-2601
15 Jan 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in u... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.9EPSS: 1%CPEs: 15EXPL: 0CVE-2020-2585 – Gentoo Linux Security Advisory 202209-15
https://notcve.org/view.php?id=CVE-2020-2585
15 Jan 2020 — Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running san... • https://security.gentoo.org/glsa/202006-22 •
CVSS: 4.3EPSS: 0%CPEs: 75EXPL: 0CVE-2020-2583 – OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909)
https://notcve.org/view.php?id=CVE-2020-2583
15 Jan 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embed... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html • CWE-755: Improper Handling of Exceptional Conditions CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.8EPSS: 0%CPEs: 75EXPL: 0CVE-2020-2593 – OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548)
https://notcve.org/view.php?id=CVE-2020-2593
15 Jan 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html • CWE-172: Encoding Error •
CVSS: 4.3EPSS: 0%CPEs: 75EXPL: 0CVE-2020-2590 – OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352)
https://notcve.org/view.php?id=CVE-2020-2590
15 Jan 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vu... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 1%CPEs: 37EXPL: 0CVE-2019-13118 – Apple Security Advisory 2019-7-22-5
https://notcve.org/view.php?id=CVE-2019-13118
01 Jul 2019 — In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. En el archivo numbers.c en libxslt versión 1.1.33, un tipo que contiene caracteres de agrupación de una instrucción xsl:number era demasiado estrecho y una combinación de carácter/longitud no válida se podía ser pasada a la función xsltNumberFormatDecimal, conllevan... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.1EPSS: 0%CPEs: 218EXPL: 8CVE-2019-11358 – jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
https://notcve.org/view.php?id=CVE-2019-11358
19 Apr 2019 — jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminación de Object.prototype. Si un objeto fuente no sanitizado contenía una propi... • https://packetstorm.news/files/id/190328 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 5.9EPSS: 4%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
26 Feb 2019 — If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order ... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •