CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2019-2842 – OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511)
https://notcve.org/view.php?id=CVE-2019-2842
21 Jul 2019 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web St... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.1EPSS: 0%CPEs: 18EXPL: 0CVE-2019-2745 – OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698)
https://notcve.org/view.php?id=CVE-2019-2745
21 Jul 2019 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically i... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html • CWE-385: Covert Timing Channel •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-3619
https://notcve.org/view.php?id=CVE-2019-3619
03 Jul 2019 — Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server. Vulnerabilidad de divulgación de información en el administrador de agentes en McAfee ePolicy Orchestrator (ePO) versión 5.9.x y 5.10.0 anterior a la versión 5.10.0 La actualización 4 permite que un atacante remoto no aut... • http://www.securityfocus.com/bid/109066 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 41EXPL: 0CVE-2019-2602 – OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)
https://notcve.org/view.php?id=CVE-2019-2602
17 Apr 2019 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 2CVE-2018-6671 – SB10240 - ePolicy Orchestrator (ePO) - Application Protection Bypass vulnerability
https://notcve.org/view.php?id=CVE-2018-6671
15 Jun 2018 — Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request. Vulnerabilidad de omisión de la protección de la aplicación en McAfee ePolicy Orchestrator (ePO) desde la versión 5.3.0 hasta la 5.3.3 y desde la versión 5.9.0 hasta la 5.9.1 permite que usuarios remotos autenticados omitan la protección de ... • https://packetstorm.news/files/id/152027 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6672 – SB10240 - ePolicy Orchestrator (ePO) - Information disclosure vulnerablity
https://notcve.org/view.php?id=CVE-2018-6672
15 Jun 2018 — Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors. Vulnerabilidad de divulgación de información en McAfee ePolicy Orchestrator (ePO) desde la versión 5.3.0 hasta la 5.3.3 y de la versión 5.9.0 a la 5.9.1 permite que usuarios autenticados vean información sensible en formato de texto plano mediante vectores sin especificar. • http://www.securityfocus.com/bid/104485 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 3%CPEs: 3EXPL: 0CVE-2017-3980
https://notcve.org/view.php?id=CVE-2017-3980
18 May 2017 — A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session. Una vulnerabilidad de salto de directorio en la Extensión ePO en McAfee ePolicy Orchestrator (ePO) versiones 5.9.0, 5.3.2 y 5.1.3 y anteriores permite a los usuarios autenticados remotos ejecutar un comando de su elección por medio de una sesión de ePO autenticada. • http://www.securityfocus.com/bid/98559 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •