CVE-2018-3183 – OpenJDK: Unrestricted access to scripting engine (Scripting, 8202936)
https://notcve.org/view.php?id=CVE-2018-3183
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/105622 http://www.securitytracker.com/id/1041889 https://access.redhat.com/errata/RHSA-2018:2942 https://access.redhat.com/errata/RHSA-2018:2943 https://access.redhat.com/errata/RHSA-2018:3002 https://access.redhat.com/errata/RHSA-2018:3003 https://access.redhat.com/errata/RHSA-2018:3521 https://access.redhat.com/errata/RHSA-2018:3533 https://access.redhat.com/errata/ • CWE-284: Improper Access Control •
CVE-2016-4381
https://notcve.org/view.php?id=CVE-2016-4381
HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended access restrictions via unspecified vectors. HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x hasta la versión 8.x en versiones anteriores a 8.4.1-02, cuando Replication Manager (RepMgr) y Device Manager (DevMgr) están habilitados, permite a usuarios locales eludir restricciones de acceso intencionadas a través de vectores no especificados. • http://www.securityfocus.com/bid/92733 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05257711 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-4378
https://notcve.org/view.php?id=CVE-2016-4378
The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before 8.4.1-00 allow remote attackers to obtain sensitive information via unspecified vectors. Los componentes (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor y (5) Hitachi Automation Director (HAD) en HPE XP P9000 Command View Advanced Edition Software en versiones anteriores a 8.4.1-00 y XP7 Command View Advanced Edition Suite en versiones anteriores a 8.4.1-00 permiten a atacantes remotos obtener información sensible a través de vectores no especificados. • http://www.securityfocus.com/bid/92649 http://www.securitytracker.com/id/1036686 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05241355 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •