CVSS: 5.3EPSS: 1%CPEs: 55EXPL: 0CVE-2019-10246
https://notcve.org/view.php?id=CVE-2019-10246
22 Apr 2019 — In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories. En Eclipse Jetty versión 9.2.27, versión 9.3.26 y versión 9.4.16 , el servidor que es ejecutado en Windows es vulnerable a la exposición del nombre del... • https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •
CVSS: 8.3EPSS: 1%CPEs: 20EXPL: 0CVE-2018-2964 – JDK: unspecified vulnerability fixed in 8u181 and 10.0.2 (Deployment)
https://notcve.org/view.php?id=CVE-2018-2964
18 Jul 2018 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can r... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 5.9EPSS: 0%CPEs: 34EXPL: 0CVE-2018-2973 – JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE)
https://notcve.org/view.php?id=CVE-2018-2973
18 Jul 2018 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessib... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 5.3EPSS: 1%CPEs: 28EXPL: 0CVE-2017-15906 – openssh: Improper write operations in readonly mode allow for zero-length file creation
https://notcve.org/view.php?id=CVE-2017-15906
26 Oct 2017 — The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. La función process_open en sftp-server.c en OpenSSH, en versiones anteriores a la 7.6, no evita correctamente las operaciones de escritura en el modo readonly, lo que permite que los atacantes creen archivos de longitud cero. Jann Horn discovered that OpenSSH incorrectly loaded PKCS#11 modules from untrusted directories. A remote a... • http://www.securityfocus.com/bid/101552 • CWE-20: Improper Input Validation CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.1EPSS: 0%CPEs: 27EXPL: 0CVE-2017-10125 – Gentoo Linux Security Advisory 201709-22
https://notcve.org/view.php?id=CVE-2017-10125
08 Aug 2017 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. • http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html •
CVSS: 9.6EPSS: 0%CPEs: 48EXPL: 0CVE-2017-10090 – OpenJDK: insufficient access control checks in AsynchronousChannelGroupImpl (8172465, Libraries)
https://notcve.org/view.php?id=CVE-2017-10090
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly... • http://www.debian.org/security/2017/dsa-3919 •
CVSS: 9.6EPSS: 1%CPEs: 44EXPL: 0CVE-2017-10111 – OpenJDK: incorrect range checks in LambdaFormEditor (Libraries, 8184185)
https://notcve.org/view.php?id=CVE-2017-10111
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact a... • http://www.debian.org/security/2017/dsa-3919 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 0%CPEs: 52EXPL: 0CVE-2017-10102 – OpenJDK: incorrect handling of references in DGC (RMI, 8163958)
https://notcve.org/view.php?id=CVE-2017-10102
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in ... • http://www.debian.org/security/2017/dsa-3919 •
CVSS: 9.6EPSS: 0%CPEs: 51EXPL: 0CVE-2017-10107 – OpenJDK: insufficient access control checks in ActivationID (RMI, 8173697)
https://notcve.org/view.php?id=CVE-2017-10107
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantl... • http://www.debian.org/security/2017/dsa-3919 •
CVSS: 7.5EPSS: 0%CPEs: 51EXPL: 0CVE-2017-10067 – OpenJDK: JAR verifier incorrect handling of missing digest (Security, 8169392)
https://notcve.org/view.php?id=CVE-2017-10067
20 Jul 2017 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. • http://www.debian.org/security/2017/dsa-3919 •