17 matches found
CVE-2018-2582
CVE-2018-2582 affects Oracle Java SE/OpenJDK (Hotspot) in Java SE 8u152, 9.0.1 and Java SE Embedded 8u151. The vulnerability occurs in the Hotspot/Libraries/AWT areas via network-accessible vectors, with unauthenticated remote exploitation and user interaction required for some attack paths. Publ...
CVE-2018-2641
CVE-2018-2641 affects Oracle/OpenJDK Java SE/Java SE Embedded, specifically the AWT component. Public records in Debian/CentOS/AIX advisories show multiple OpenJDK/OpenJDK7/8 packages with this CVE, related to the Java sandbox and deserialization/LDAP/JMX weaknesses. The vulnerability is exploita...
CVE-2018-2603
CVE-2018-2603 is an OpenJDK/Oracle Java Libraries vulnerability: unbounded memory allocation when reading DER-encoded input in the Libraries (and related JNDI/AWT/JMX contexts). This can allow an unauthenticated attacker with network access via multiple protocols to cause a partial denial of serv...
CVE-2018-2633
CVE-2018-2633 affects OpenJDK/OpenJDK-based runtimes (Java SE/Java SE Embedded/JRockit) via the JNDI LDAP path, specifically the LDAPCertStore in JNDI. The vulnerability arises from insecure handling of LDAP referrals, which could allow a remote attacker to cause a security impact by manipulating...
CVE-2018-2602
CVE-2018-2602 affects Oracle Java SE and Java SE Embedded (I18n). Publicly available docs describe the issue as a vulnerability in the I18n component where loading resource bundles from an untrusted location may allow a locally authenticated attacker to execute code or bypass sandboxing, with CVS...
CVE-2018-2579
CVE-2018-2579 affects OpenJDK components (Java SE/OpenJDK/JRockit) across multiple platforms; connected sources document an issue with unsynchronized access to encryption key data in Libraries, enabling potential information disclosure under network access. Public advisories show affected package...
CVE-2018-2677
CVE-2018-2677 affects Oracle Java SE and Java SE Embedded (AWT). A vulnerability in the Java SE/JRE AWT component could allow an unauthenticated attacker with network access to cause a partial denial of service on affected Java deployments (client sandboxed usage). Affected versions per descripti...
CVE-2018-2599
CVE-2018-2599 (Oracle Java SE/JRockit JNDI) affects Java SE 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded 8u151; JRockit R28.3.16. It is exploitable over network with unauthenticated access and can lead to partial data integrity/availability impact. Connected advisories corroborate multiple aff...
CVE-2018-2618
CVE-2018-2618 affects the Java cryptography (JCE) key-agreement in OpenJDK/OpenJDK-derived OpenJDK builds such as Java SE, Java SE Embedded, and JRockit. The connected sources describe insufficient strength of keys in the JCE component, enabling an unauthenticated attacker with network access to ...
CVE-2018-2637
CVE-2018-2637 affects the OpenJDK/OpenJDK JMX component (SingleEntryRegistry deserialization filter). A remote, unauthenticated attacker could exploit improper deserialization filter setup to bypass deserialization restrictions. Multiple advisories (ALAS-2018-949; CentOS/DSA entries; Debian secur...
CVE-2018-2629
CVE-2018-2629 corresponds to a GSS context use-after-free vulnerability in the OpenJDK JGSS component (Oracle Java SE/JRockit/JRE). Affected products/versions include Oracle Java SE (client/server), Java SE Embedded, and JRockit with affected releases such as Java SE 6u171, 7u161, 8u152, 9.0.1; J...
CVE-2018-2663
CVE-2018-2663 affects Oracle Java SE family, specifically the Libraries component (and related Java SE deployments) including Java SE/JRockit/Jackson? The connected documents indicate: vulnerable input handling during object deserialization in Libraries, AWT, and JNDI components, which can lead t...
CVE-2018-2588
CVE-2018-2588 affects Oracle Java SE (Java SE, Java SE Embedded, JRockit) LDAP component. Root cause: a vulnerability in the LDAP subcomponent could allow an attacker with network access to read data from affected Java deployments. Affected versions cited include Java SE: 6u171, 7u161, 8u152, 9.0...
CVE-2018-2634
CVE-2018-2634 affects the OpenJDK/JGSS component: the JGSS subsystem ignores javax.security.auth.useSubjectCredsOnly and always uses global credentials, potentially allowing an untrusted Java application to access credentials. Affected products in connected docs include OpenJDK/OpenJDK builds acr...
CVE-2018-2678
CVE-2018-2678 affects Oracle Java SE family (Java SE, Java SE Embedded, JRockit) with vulnerable JNDI component. Affected: Java 6u171, 7u161, 8u152, 9.0.1; Java SE Embedded 8u151; JRockit R28.3.16. Description indicates unauthenticated network access could lead to a partial denial of service via ...
CVE-2018-2657
CVE-2018-2657 affects Oracle Java SE and the JRockit Serialization component. The vulnerability allows an unauthenticated, network-accessing attacker to cause a partial denial of service (availability impact) by sending data to APIs in the Serialization component. Affected are Java SE 6u171 and 7...
CVE-2017-8988
CVE-2017-8988 is a remote bypass of security restrictions impacting HPE XP Command View Advanced Edition Software older than 8.5.3-00. Affected components span DevMgr, RepMgr, and HDLM (Windows, Linux; HDLM also on Solaris/AIX). The vulnerability enables bypass of security checks at runtime, with...