CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2019-2842 – OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511)
https://notcve.org/view.php?id=CVE-2019-2842
21 Jul 2019 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web St... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 33EXPL: 0CVE-2019-2762 – OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328)
https://notcve.org/view.php?id=CVE-2019-2762
21 Jul 2019 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedd... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-3619
https://notcve.org/view.php?id=CVE-2019-3619
03 Jul 2019 — Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server. Vulnerabilidad de divulgación de información en el administrador de agentes en McAfee ePolicy Orchestrator (ePO) versión 5.9.x y 5.10.0 anterior a la versión 5.10.0 La actualización 4 permite que un atacante remoto no aut... • http://www.securityfocus.com/bid/109066 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 41EXPL: 0CVE-2019-2602 – OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)
https://notcve.org/view.php?id=CVE-2019-2602
17 Apr 2019 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 2%CPEs: 2EXPL: 2CVE-2018-6671 – SB10240 - ePolicy Orchestrator (ePO) - Application Protection Bypass vulnerability
https://notcve.org/view.php?id=CVE-2018-6671
15 Jun 2018 — Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request. Vulnerabilidad de omisión de la protección de la aplicación en McAfee ePolicy Orchestrator (ePO) desde la versión 5.3.0 hasta la 5.3.3 y desde la versión 5.9.0 hasta la 5.9.1 permite que usuarios remotos autenticados omitan la protección de ... • https://packetstorm.news/files/id/152027 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6672 – SB10240 - ePolicy Orchestrator (ePO) - Information disclosure vulnerablity
https://notcve.org/view.php?id=CVE-2018-6672
15 Jun 2018 — Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors. Vulnerabilidad de divulgación de información en McAfee ePolicy Orchestrator (ePO) desde la versión 5.3.0 hasta la 5.3.3 y de la versión 5.9.0 a la 5.9.1 permite que usuarios autenticados vean información sensible en formato de texto plano mediante vectores sin especificar. • http://www.securityfocus.com/bid/104485 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-3936 – McAfee ePolicy Orchestrator (ePO) - OS Command Injection vulnerability
https://notcve.org/view.php?id=CVE-2017-3936
13 Jun 2018 — OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output. Vulnerabilidad de inyección de comandos del sistema operativo en McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1 y 5.1.0 permite que los atacantes ejecuten comandos del sistema operativo con privilegios lim... • http://www.securityfocus.com/bid/103155 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2018-6659 – SB10228 ePO Reflected Cross-Site Scripting vulnerability
https://notcve.org/view.php?id=CVE-2018-6659
02 Apr 2018 — Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input. Vulnerabilidad Cross-Site Scripting (XSS) reflejado en McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 y 5.9.0 permite que los usuarios autenticados remotos exploten una vulnerabilidad Cross-Site Scripting (XSS) al no sanear las entradas realizadas por un usuario. • http://www.securityfocus.com/bid/103392 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2018-6660 – SB10228 ePO Directory Traversal vulnerability
https://notcve.org/view.php?id=CVE-2018-6660
02 Apr 2018 — Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file. Vulnerabilidad de salto de directorio en McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 y 5.9.0 permite que los administradores utilicen flujos de datos de Windows alternativos. Esto se podría usar para omitir las ext... • http://www.securityfocus.com/bid/103392 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2017-3980
https://notcve.org/view.php?id=CVE-2017-3980
18 May 2017 — A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session. Una vulnerabilidad de salto de directorio en la Extensión ePO en McAfee ePolicy Orchestrator (ePO) versiones 5.9.0, 5.3.2 y 5.1.3 y anteriores permite a los usuarios autenticados remotos ejecutar un comando de su elección por medio de una sesión de ePO autenticada. • http://www.securityfocus.com/bid/98559 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •