CVSS: 9.8EPSS: 0%CPEs: 34EXPL: 0CVE-2019-18805 – kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c
https://notcve.org/view.php?id=CVE-2019-18805
07 Nov 2019 — An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6. Se detectó un problema en el archivo net/ipv4/sysctl_net_ipv4.c en el kernel de Linux versiones anteriores a 5.0.11. Se presenta un desbordamiento de enteros firmado del... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2013-4280
https://notcve.org/view.php?id=CVE-2013-4280
04 Nov 2019 — Insecure temporary file vulnerability in RedHat vsdm 4.9.6. Vulnerabilidad de archivo temporal no seguro en RedHat vsdm versión 4.9.6. • https://access.redhat.com/security/cve/cve-2013-4280 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 4.2EPSS: 3%CPEs: 19EXPL: 0CVE-2019-2996 – JDK: unspecified vulnerability fixed in 8u221 (Deployment)
https://notcve.org/view.php?id=CVE-2019-2996
16 Oct 2019 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u221; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete acc... • http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html •
CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 0CVE-2019-2962 – OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690)
https://notcve.org/view.php?id=CVE-2019-2962
16 Oct 2019 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html • CWE-476: NULL Pointer Dereference •
CVSS: 4.3EPSS: 0%CPEs: 36EXPL: 0CVE-2019-2964 – OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684)
https://notcve.org/view.php?id=CVE-2019-2964
16 Oct 2019 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. N... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html • CWE-248: Uncaught Exception •
CVSS: 4.3EPSS: 0%CPEs: 39EXPL: 0CVE-2019-2973 – OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)
https://notcve.org/view.php?id=CVE-2019-2973
16 Oct 2019 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Th... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html • CWE-248: Uncaught Exception •
CVSS: 5.8EPSS: 0%CPEs: 40EXPL: 0CVE-2019-2975 – OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518)
https://notcve.org/view.php?id=CVE-2019-2975
16 Oct 2019 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthoriz... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html • CWE-248: Uncaught Exception •
CVSS: 4.3EPSS: 0%CPEs: 39EXPL: 0CVE-2019-2978 – OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892)
https://notcve.org/view.php?id=CVE-2019-2978
16 Oct 2019 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. No... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html •
CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 0CVE-2019-2981 – OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)
https://notcve.org/view.php?id=CVE-2019-2981
16 Oct 2019 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Th... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html • CWE-248: Uncaught Exception •
CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 0CVE-2019-2983 – OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915)
https://notcve.org/view.php?id=CVE-2019-2983
16 Oct 2019 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html • CWE-248: Uncaught Exception •