CVSS: 6.8EPSS: 0%CPEs: 32EXPL: 0CVE-2018-2634 – OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600)
https://notcve.org/view.php?id=CVE-2018-2634
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102592 http://www.securitytracker.com/id/1040203 https://access.redhat.com/errata/RHSA-2018:0095 https://access.redhat.com/errata/RHSA-2018:0099 https://access.redhat.com/errata/RHSA-2018:0100 https://access.redhat.com/errata/RHSA-2018:0349 https://access.redhat.com/errata/RHSA-2018:0351 https://access.redhat.com/errata/RHSA-2018:0352 https://access.redhat.com/errata/ • CWE-284: Improper Access Control •
CVSS: 7.4EPSS: 0%CPEs: 35EXPL: 0CVE-2018-2637 – OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998)
https://notcve.org/view.php?id=CVE-2018-2637
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102576 http://www.securitytracker.com/id/1040203 https://access.redhat.com/errata/RHSA-2018:0095 https://access.redhat.com/errata/RHSA-2018:0099 https://access.redhat.com/errata/RHSA-2018:0100 https://access.redhat.com/errata/RHSA-2018:0115 https://access.redhat.com/errata/RHSA-2018:0349 https://access.redhat.com/errata/RHSA-2018:0351 https://access.redhat.com/errata/ • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4381
https://notcve.org/view.php?id=CVE-2016-4381
HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended access restrictions via unspecified vectors. HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x hasta la versión 8.x en versiones anteriores a 8.4.1-02, cuando Replication Manager (RepMgr) y Device Manager (DevMgr) están habilitados, permite a usuarios locales eludir restricciones de acceso intencionadas a través de vectores no especificados. • http://www.securityfocus.com/bid/92733 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05257711 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4378
https://notcve.org/view.php?id=CVE-2016-4378
The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before 8.4.1-00 allow remote attackers to obtain sensitive information via unspecified vectors. Los componentes (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor y (5) Hitachi Automation Director (HAD) en HPE XP P9000 Command View Advanced Edition Software en versiones anteriores a 8.4.1-00 y XP7 Command View Advanced Edition Suite en versiones anteriores a 8.4.1-00 permiten a atacantes remotos obtener información sensible a través de vectores no especificados. • http://www.securityfocus.com/bid/92649 http://www.securitytracker.com/id/1036686 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05241355 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •