Lucene search
K
HpXp Command View

17 matches found

CVE
CVE
added 2018/01/18 2:0 a.m.374 views

CVE-2018-2582

CVE-2018-2582 affects Oracle Java SE/OpenJDK (Hotspot) in Java SE 8u152, 9.0.1 and Java SE Embedded 8u151. The vulnerability occurs in the Hotspot/Libraries/AWT areas via network-accessible vectors, with unauthenticated remote exploitation and user interaction required for some attack paths. Publ...

6.5CVSS5.5AI score0.04736EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.256 views

CVE-2018-2641

CVE-2018-2641 affects Oracle/OpenJDK Java SE/Java SE Embedded, specifically the AWT component. Public records in Debian/CentOS/AIX advisories show multiple OpenJDK/OpenJDK7/8 packages with this CVE, related to the Java sandbox and deserialization/LDAP/JMX weaknesses. The vulnerability is exploita...

6.1CVSS5.9AI score0.05107EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.253 views

CVE-2018-2603

CVE-2018-2603 is an OpenJDK/Oracle Java Libraries vulnerability: unbounded memory allocation when reading DER-encoded input in the Libraries (and related JNDI/AWT/JMX contexts). This can allow an unauthenticated attacker with network access via multiple protocols to cause a partial denial of serv...

5.3CVSS5AI score0.06905EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.252 views

CVE-2018-2633

CVE-2018-2633 affects OpenJDK/OpenJDK-based runtimes (Java SE/Java SE Embedded/JRockit) via the JNDI LDAP path, specifically the LDAPCertStore in JNDI. The vulnerability arises from insecure handling of LDAP referrals, which could allow a remote attacker to cause a security impact by manipulating...

8.3CVSS6.8AI score0.0565EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.248 views

CVE-2018-2602

CVE-2018-2602 affects Oracle Java SE and Java SE Embedded (I18n). Publicly available docs describe the issue as a vulnerability in the I18n component where loading resource bundles from an untrusted location may allow a locally authenticated attacker to execute code or bypass sandboxing, with CVS...

4.5CVSS5.2AI score0.00631EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.247 views

CVE-2018-2579

CVE-2018-2579 affects OpenJDK components (Java SE/OpenJDK/JRockit) across multiple platforms; connected sources document an issue with unsynchronized access to encryption key data in Libraries, enabling potential information disclosure under network access. Public advisories show affected package...

4.3CVSS3.8AI score0.04078EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.247 views

CVE-2018-2677

CVE-2018-2677 affects Oracle Java SE and Java SE Embedded (AWT). A vulnerability in the Java SE/JRE AWT component could allow an unauthenticated attacker with network access to cause a partial denial of service on affected Java deployments (client sandboxed usage). Affected versions per descripti...

4.3CVSS4.4AI score0.04675EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.245 views

CVE-2018-2599

CVE-2018-2599 (Oracle Java SE/JRockit JNDI) affects Java SE 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded 8u151; JRockit R28.3.16. It is exploitable over network with unauthenticated access and can lead to partial data integrity/availability impact. Connected advisories corroborate multiple aff...

5.8CVSS4.8AI score0.04162EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.242 views

CVE-2018-2618

CVE-2018-2618 affects the Java cryptography (JCE) key-agreement in OpenJDK/OpenJDK-derived OpenJDK builds such as Java SE, Java SE Embedded, and JRockit. The connected sources describe insufficient strength of keys in the JCE component, enabling an unauthenticated attacker with network access to ...

5.9CVSS5.7AI score0.04721EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.239 views

CVE-2018-2637

CVE-2018-2637 affects the OpenJDK/OpenJDK JMX component (SingleEntryRegistry deserialization filter). A remote, unauthenticated attacker could exploit improper deserialization filter setup to bypass deserialization restrictions. Multiple advisories (ALAS-2018-949; CentOS/DSA entries; Debian secur...

7.4CVSS6.2AI score0.04618EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.235 views

CVE-2018-2629

CVE-2018-2629 corresponds to a GSS context use-after-free vulnerability in the OpenJDK JGSS component (Oracle Java SE/JRockit/JRE). Affected products/versions include Oracle Java SE (client/server), Java SE Embedded, and JRockit with affected releases such as Java SE 6u171, 7u161, 8u152, 9.0.1; J...

5.3CVSS5AI score0.04829EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.229 views

CVE-2018-2663

CVE-2018-2663 affects Oracle Java SE family, specifically the Libraries component (and related Java SE deployments) including Java SE/JRockit/Jackson? The connected documents indicate: vulnerable input handling during object deserialization in Libraries, AWT, and JNDI components, which can lead t...

4.3CVSS4.3AI score0.04675EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.228 views

CVE-2018-2588

CVE-2018-2588 affects Oracle Java SE (Java SE, Java SE Embedded, JRockit) LDAP component. Root cause: a vulnerability in the LDAP subcomponent could allow an attacker with network access to read data from affected Java deployments. Affected versions cited include Java SE: 6u171, 7u161, 8u152, 9.0...

4.3CVSS4.2AI score0.03435EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.226 views

CVE-2018-2634

CVE-2018-2634 affects the OpenJDK/JGSS component: the JGSS subsystem ignores javax.security.auth.useSubjectCredsOnly and always uses global credentials, potentially allowing an untrusted Java application to access credentials. Affected products in connected docs include OpenJDK/OpenJDK builds acr...

6.8CVSS6.2AI score0.04532EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.214 views

CVE-2018-2678

CVE-2018-2678 affects Oracle Java SE family (Java SE, Java SE Embedded, JRockit) with vulnerable JNDI component. Affected: Java 6u171, 7u161, 8u152, 9.0.1; Java SE Embedded 8u151; JRockit R28.3.16. Description indicates unauthenticated network access could lead to a partial denial of service via ...

4.3CVSS4.3AI score0.04675EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.179 views

CVE-2018-2657

CVE-2018-2657 affects Oracle Java SE and the JRockit Serialization component. The vulnerability allows an unauthenticated, network-accessing attacker to cause a partial denial of service (availability impact) by sending data to APIs in the Serialization component. Affected are Java SE 6u171 and 7...

5.3CVSS4.7AI score0.07525EPSS
CVE
CVE
added 2018/08/06 8:0 p.m.56 views

CVE-2017-8988

CVE-2017-8988 is a remote bypass of security restrictions impacting HPE XP Command View Advanced Edition Software older than 8.5.3-00. Affected components span DevMgr, RepMgr, and HDLM (Windows, Linux; HDLM also on Solaris/AIX). The vulnerability enables bypass of security checks at runtime, with...

9.8CVSS9.5AI score0.02669EPSS