Lucene search
K
HpXp7 Command View

53 matches found

CVE
CVE
added 2019/04/23 6:16 p.m.829 views

CVE-2019-2684

CVE-2019-2684 concerns Oracle Java SE and Java SE Embedded, specifically the RMI component. The connected Chainguard entry shows affected packages for OpenJDK builds (openjdk-21/openj9, openjdk-8/openj9, openjdk-11/openj9, openjdk-17/openj9). The initial description identifies affected Oracle Jav...

5.9CVSS5.7AI score0.37618EPSS
CVE
CVE
added 2019/02/04 7:0 a.m.813 views

CVE-2019-7317

CVE-2019-7317 is a use-after-free involving png_image_free in libpng. A connected document ties this to the FLTK package, affecting versions less than 1.3.8-1, and states that upgrading to a later FLTK version resolves the issue. If applying this advisory, upgrade FLTK to 1.3.8-1 or newer for rem...

5.3CVSS6.3AI score0.09393EPSS
CVE
CVE
added 2019/04/23 6:16 p.m.580 views

CVE-2019-2602

CVE-2019-2602 affects Oracle Java SE and Java SE Embedded Libraries component. Affected: Java SE 7u211, 8u202, 11.0.2, 12; Java SE Embedded 8u201. Root cause per the entry: vulnerability in Libraries that allows an unauthenticated, network-based attacker to cause a hang or frequent crashes (compl...

7.5CVSS6.8AI score0.07437EPSS
CVE
CVE
added 2019/04/23 6:16 p.m.537 views

CVE-2019-2698

CVE-2019-2698 affects Oracle Java SE (subcomponent 2D) with affected Java SE versions 7u211 and 8u202; exploitation could allow takeover of Java SE via network access without authentication. CVSSv3.1 base score 8.1. Affected openjdk/openjdk-based packages (e.g., java-1.8.0-openjdk) and Oracle Jav...

8.1CVSS7.7AI score0.12013EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.480 views

CVE-2018-3183

CVE-2018-3183 affects OpenJDK/OpenJDK-based runtimes (Java SE/Java SE Embedded/JRockit) specifically the Scripting engine. Public records in connected advisories show affected OpenJDK versions including Java 8u182 and 11 (and 8u181 for embedded/JRockit R28.3.19). The underlying issue is a scripti...

9CVSS8.8AI score0.02815EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.464 views

CVE-2019-2422

CVE-2019-2422 affects Oracle Java SE Libraries in Java SE 7u201, 8u192, 11.0.1 (and Java SE Embedded 8u191). The issue is a memory disclosure in FileChannelImpl that could allow an unauthenticated, network-reachable attacker to read a subset of data, with user interaction required in some context...

3.1CVSS2.4AI score0.03374EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.446 views

CVE-2018-3180

CVE-2018-3180 is an Oracle Java SE/Embedded/JRockit vulnerability disclosed across multiple advisories. The connected documents confirm affected products and components and provide concrete impact scopes: vulnerable are OpenJDK/OpenJDK-based builds of Java SE/Embedded and related JSSE/JNDI/Hotspo...

6.8CVSS5.8AI score0.03392EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.442 views

CVE-2019-2842

CVE-2019-2842 affects Oracle Java SE OpenJDK 8u212 (JCE) and related Java SE/OpenJDK components; vulnerable component is the JCE in Java SE 8u212, with network-based unauthenticated access leading to a partial DoS of Java SE. Connected advisories confirm multiple affected package sets (java-1.8.0...

4.3CVSS3.8AI score0.03358EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.437 views

CVE-2019-2745

CVE-2019-2745 is an OpenJDK/Java SE vulnerability in the Security subcomponent with affected Java versions including 7u221, 8u212, and 11.0.3. Multiple advisories (CentOS, RHEL/CentOS, Debian) describe this as a side-channel risk in EC cryptography or related OpenJDK components, with exploitation...

5.1CVSS4.8AI score0.0046EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.434 views

CVE-2018-3214

CVE-2018-3214 affects Oracle Java SE components (Sound, JRockit, JSSE, JNDI, Networking) across Java SE 6u201/7u191/8u182, Java SE Embedded 8u181, and JRockit R28.3.19. Descriptions indicate unauthenticated network access could lead to partial DOS, data exposure or data modification depending on ...

5.3CVSS5.5AI score0.07EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.428 views

CVE-2018-2952

CVE-2018-2952 affects OpenJDK/OpenJDK-derived Java runtimes (Java SE 7/8 and JRockit) in the Concurrency component. The root cause is insufficient index validation in PatternSyntaxException getMessage(), enabling unauthenticated network-based exploitation that can cause a denial of service via me...

4.3CVSS4AI score0.04184EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.411 views

CVE-2018-3139

CVE-2018-3139 affects Oracle Java SE/Java SE Embedded components (Networking) with affected Java versions (6u201, 7u191, 8u182, 11; Embedded 8u181). Multiple connected advisories (Red Hat/CentOS, Debian, IBM AIX, Amazon Linux 2) describe the vulnerability as an unauthenticated network-access issu...

3.1CVSS3.9AI score0.05243EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.401 views

CVE-2019-2786

CVE-2019-2786 affects Oracle Java SE/Java SE Embedded Security component (and related Utilities) with affected Java versions including Java 7/8/11 lines and embedded variants. The CVE describes an unauthenticated network-based vulnerability that can lead to read access to a subset of Java data, w...

3.4CVSS3.6AI score0.02613EPSS
CVE
CVE
added 2019/04/23 6:16 p.m.399 views

CVE-2019-2697

CVE-2019-2697 affects Oracle Java SE 7u211 and 8u202 in the 2D subcomponent. The flaw enables unauthenticated remote takeover via network access, primarily affecting client-side sandbox deployments (Web Start/applets) that load untrusted code. The CVSS v3.1 score is 8.1 (HIGH) with C/H/I/A impact...

8.1CVSS7.5AI score0.11466EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.387 views

CVE-2019-2769

CVE-2019-2769 affects Oracle Java SE/Java SE Embedded, with affected components in Utilities and related subsystems. The initial description identifies Java SE versions 7u221, 8u212, 11.0.3 and 12.0.1 and Java SE Embedded 8u211 as impacted, enabling network-based, unauthenticated exploitation tha...

5.3CVSS4.6AI score0.04351EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.378 views

CVE-2018-2582

CVE-2018-2582 affects Oracle Java SE/OpenJDK (Hotspot) in Java SE 8u152, 9.0.1 and Java SE Embedded 8u151. The vulnerability occurs in the Hotspot/Libraries/AWT areas via network-accessible vectors, with unauthenticated remote exploitation and user interaction required for some attack paths. Publ...

6.5CVSS5.5AI score0.04736EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.374 views

CVE-2018-3149

CVE-2018-3149 affects Oracle Java SE family (Java SE, Java SE Embedded, JRockit) in the JNDI component, with vulnerable Java runtimes including Java 6u201, 7u191, 8u182 and 11; Java SE Embedded 8u181; JRockit R28.3.19. The root cause is within the Java components referenced (JNDI) and can allow a...

8.3CVSS8.6AI score0.07215EPSS
Web
CVE
CVE
added 2018/10/17 1:0 a.m.359 views

CVE-2018-3169

CVE-2018-3169 — concrete details found : The vulnerability affects Oracle Java SE/Java SE Embedded (Hotspot) with affected versions Java SE 7u191, 8u182, 11 and Java SE Embedded 8u181. It is exploitable via network access and does not require authentication, with attack potential described as dif...

8.3CVSS8.6AI score0.0401EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.357 views

CVE-2019-2816

CVE-2019-2816 affects Oracle Java SE/Java SE Embedded Networking and related components (Utilities) with affected Java SE versions 7u221, 8u212, 11.0.3, 12.0.1 and Java SE Embedded 8u211. IBM AIX security bulletin confirms CVSS 3.0 base score 4.8 (Network, High/AC:H, Privileges N, User Interactio...

5.8CVSS4.2AI score0.02286EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.344 views

CVE-2018-3136

CVE-2018-3136 affects Oracle Java SE/Embedded Security component (and related features) with Java SE 6u201, 7u191, 8u182, 11 and Java SE Embedded 8u181 (AIX/others show broader OpenJDK/OpenJDK updates). The vulnerability allows unauthenticated network access to compromise Java SE/Embedded Securit...

3.4CVSS4.7AI score0.03641EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.332 views

CVE-2019-2762

CVE-2019-2762 is a vulnerability in Oracle Java SE/Java SE Embedded Utilities. Affected are Java SE: 7u221, 8u212, 11.0.3, 12.0.1; Java SE Embedded: 8u211. Public sources in the connected documents confirm an easily exploitable issue allowing unauthenticated network access to compromise the Java ...

5.3CVSS4.6AI score0.04351EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.325 views

CVE-2018-2799

CVE-2018-2799 is an OpenJDK/Oracle Java SE vulnerability affecting the JAXP component. Affected are Java SE: 7u171, 8u162, 10; Java SE Embedded: 8u161; JRockit: R28.3.17. The issue permits an unauthenticated attacker with network access to trigger a partial denial of service. The vulnerability is...

5.3CVSS5AI score0.15141EPSS
CVE
CVE
added 2019/01/16 7:0 p.m.319 views

CVE-2019-2426

CVE-2019-2426 affects Oracle Java SE Networking. Affected: Java SE 7u201, 8u192, 11.0.1; Java SE Embedded 8u191. Attack requires network access and can lead to unauthorized read access to a subset of Java SE data. Root cause: vulnerability in the Java SE Networking component that can be exploited...

4.3CVSS4.2AI score0.02575EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.318 views

CVE-2018-2973

CVE-2018-2973 is an Oracle Java SE/JSSE vulnerability affecting Java SE: 6u191, 7u181, 8u172, 10.0.1 and Java SE Embedded: 8u171. It can be exploited over the network with SSL/TLS by an unauthenticated attacker to cause unauthorized data modifications (integrity impact). Affected deployments load...

5.9CVSS6.2AI score0.04676EPSS
CVE
CVE
added 2019/07/23 10:31 p.m.308 views

CVE-2019-2766

CVE-2019-2766 affects Oracle Java SE and Java SE Embedded (Networking subcomponent) with affected versions: Java SE 7u221, 8u212, 11.0.3, 12.0.1 and Java SE Embedded 8u211. The Connected documents describe it as a network-accessible vulnerability that is difficult to exploit and can lead to unaut...

3.1CVSS3.5AI score0.02708EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.299 views

CVE-2018-2940

CVE-2018-2940 affects Oracle Java SE and Java SE Embedded Libraries. Affected: Java SE 6u191, 7u181, 8u172, 10.0.1; Java SE Embedded 8u171. Underlying issue in the Libraries component allows an unauthenticated, network-accessible attacker to read data from Java deployments that load untrusted cod...

4.3CVSS4.2AI score0.03146EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.298 views

CVE-2018-2798

CVE-2018-2798 affects Oracle Java/OpenJDK with the AWT component (and related JRE/JDK bundles). The connected advisories describe an issue: unbounded memory allocation during deserialization in the Container (AWT) path, enabling potentially unauthenticated network-accessed exploitation. Public di...

5.3CVSS5AI score0.078EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.295 views

CVE-2018-2790

CVE-2018-2790 affects Oracle Java SE/Java SE Embedded (OpenJDK in Linux distributions) with a JAR manifest handling flaw. Public sources in Debian and CentOS advisories cite it among OpenJDK issues for multiple Java versions (6u181, 7u171, 8u162, 10; Embedded 8u161). The connected docs identify t...

3.1CVSS3.9AI score0.05095EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.281 views

CVE-2018-2814

CVE-2018-2814 affects Java SE/Java SE Embedded (Hotspot). Affected: Java SE 6u181, 7u171, 8u162, 10; Java SE Embedded 8u161. The vulnerability allows network-based, unauthenticated access to compromise Java SE/Embedded with user interaction required, potentially leading to takeover. Underlying is...

8.3CVSS8.1AI score0.03746EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.271 views

CVE-2018-2800

CVE-2018-2800 affects Oracle Java SE/JRockit (RMI) and is reflected in multiple public advisories. Affected Java SE: 6u181, 7u171, 8u162; JRockit: R28.3.17. The vulnerability involves the Java SE JRockit RMI component and can allow an unauthenticated network-access attacker to compromise data via...

4.2CVSS4.3AI score0.0541EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.267 views

CVE-2018-2794

CVE-2018-2794 is an OpenJDK/Java SE issue affecting multiple deserialization-related paths (including JCEKS, security/JAXP, and RMI) with a vulnerability in a range of Java versions (e.g., 6u/7u/8u and 10). Connected advisories confirm affected products and provide fixes: Debian openjdk-7 update ...

7.7CVSS7.7AI score0.0074EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.257 views

CVE-2018-2815

CVE-2018-2815 is a deserialization flaw in Oracle Java SE, Java SE Embedded, and JRockit (Serialization component) that can be exploited over network without authentication to cause a partial denial of service. Affected are Java SE 6u181, 7u171, 8u162, 10; Java SE Embedded 8u161; JRockit R28.3.17...

5.3CVSS4.9AI score0.04816EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.256 views

CVE-2018-2641

CVE-2018-2641 affects Oracle/OpenJDK Java SE/Java SE Embedded, specifically the AWT component. Public records in Debian/CentOS/AIX advisories show multiple OpenJDK/OpenJDK7/8 packages with this CVE, related to the Java sandbox and deserialization/LDAP/JMX weaknesses. The vulnerability is exploita...

6.1CVSS5.9AI score0.05107EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.253 views

CVE-2018-2603

CVE-2018-2603 is an OpenJDK/Oracle Java Libraries vulnerability: unbounded memory allocation when reading DER-encoded input in the Libraries (and related JNDI/AWT/JMX contexts). This can allow an unauthenticated attacker with network access via multiple protocols to cause a partial denial of serv...

5.3CVSS5AI score0.06905EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.252 views

CVE-2018-2633

CVE-2018-2633 affects OpenJDK/OpenJDK-based runtimes (Java SE/Java SE Embedded/JRockit) via the JNDI LDAP path, specifically the LDAPCertStore in JNDI. The vulnerability arises from insecure handling of LDAP referrals, which could allow a remote attacker to cause a security impact by manipulating...

8.3CVSS6.8AI score0.0565EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.248 views

CVE-2018-2602

CVE-2018-2602 affects Oracle Java SE and Java SE Embedded (I18n). Publicly available docs describe the issue as a vulnerability in the I18n component where loading resource bundles from an untrusted location may allow a locally authenticated attacker to execute code or bypass sandboxing, with CVS...

4.5CVSS5.2AI score0.00631EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.247 views

CVE-2018-2579

CVE-2018-2579 affects OpenJDK components (Java SE/OpenJDK/JRockit) across multiple platforms; connected sources document an issue with unsynchronized access to encryption key data in Libraries, enabling potential information disclosure under network access. Public advisories show affected package...

4.3CVSS3.8AI score0.04078EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.247 views

CVE-2018-2677

CVE-2018-2677 affects Oracle Java SE and Java SE Embedded (AWT). A vulnerability in the Java SE/JRE AWT component could allow an unauthenticated attacker with network access to cause a partial denial of service on affected Java deployments (client sandboxed usage). Affected versions per descripti...

4.3CVSS4.4AI score0.04675EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.247 views

CVE-2018-2783

CVE-2018-2783 is an Oracle Java SE/Java SE Embedded/JRockit security vulnerability exploitable by an unauthenticated attacker over network connections to cause high confidentiality and integrity impact (CVSS 3.0 base 7.4). Affected product families and versions include Java SE 6u181, 7u161, 8u152...

7.4CVSS6.9AI score0.03966EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.247 views

CVE-2018-2797

CVE-2018-2797 (OpenJDK/OpenJDK for Java SE/Java SE Embedded/JRockit; subcomponent: JMX) concerns unbounded memory allocation during deserialization in the JMX-related path, enabling a network-exposed attacker to cause a partial denial of service. Public advisories and vendor pages (CentOS CESA-20...

5.3CVSS5AI score0.078EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.245 views

CVE-2018-2599

CVE-2018-2599 (Oracle Java SE/JRockit JNDI) affects Java SE 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded 8u151; JRockit R28.3.16. It is exploitable over network with unauthenticated access and can lead to partial data integrity/availability impact. Connected advisories corroborate multiple aff...

5.8CVSS4.8AI score0.04162EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.243 views

CVE-2018-2618

CVE-2018-2618 affects the Java cryptography (JCE) key-agreement in OpenJDK/OpenJDK-derived OpenJDK builds such as Java SE, Java SE Embedded, and JRockit. The connected sources describe insufficient strength of keys in the JCE component, enabling an unauthenticated attacker with network access to ...

5.9CVSS5.7AI score0.04721EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.242 views

CVE-2018-2796

CVE-2018-2796 causes unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency) in Oracle/OpenJDK Java SE. Affected: Java SE/Embedded and JRockit components with Java 7u171, 8u162 and 10, plus related JDK/JRE packages (e.g., OpenJDK builds) per the CVE references. I...

5.3CVSS5AI score0.06891EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.239 views

CVE-2018-2637

CVE-2018-2637 affects the OpenJDK/OpenJDK JMX component (SingleEntryRegistry deserialization filter). A remote, unauthenticated attacker could exploit improper deserialization filter setup to bypass deserialization restrictions. Multiple advisories (ALAS-2018-949; CentOS/DSA entries; Debian secur...

7.4CVSS6.2AI score0.04618EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.235 views

CVE-2018-2629

CVE-2018-2629 corresponds to a GSS context use-after-free vulnerability in the OpenJDK JGSS component (Oracle Java SE/JRockit/JRE). Affected products/versions include Oracle Java SE (client/server), Java SE Embedded, and JRockit with affected releases such as Java SE 6u171, 7u161, 8u152, 9.0.1; J...

5.3CVSS5AI score0.04829EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.229 views

CVE-2018-2663

CVE-2018-2663 affects Oracle Java SE family, specifically the Libraries component (and related Java SE deployments) including Java SE/JRockit/Jackson? The connected documents indicate: vulnerable input handling during object deserialization in Libraries, AWT, and JNDI components, which can lead t...

4.3CVSS4.3AI score0.04675EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.228 views

CVE-2018-2588

CVE-2018-2588 affects Oracle Java SE (Java SE, Java SE Embedded, JRockit) LDAP component. Root cause: a vulnerability in the LDAP subcomponent could allow an attacker with network access to read data from affected Java deployments. Affected versions cited include Java SE: 6u171, 7u161, 8u152, 9.0...

4.3CVSS4.2AI score0.03435EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.227 views

CVE-2018-2634

CVE-2018-2634 affects the OpenJDK/JGSS component: the JGSS subsystem ignores javax.security.auth.useSubjectCredsOnly and always uses global credentials, potentially allowing an untrusted Java application to access credentials. Affected products in connected docs include OpenJDK/OpenJDK builds acr...

6.8CVSS6.2AI score0.04532EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.218 views

CVE-2018-2795

CVE-2018-2795 is confirmed in multiple openjdk advisories. Public details in connected documents show OpenJDK/OpenJDK7/OpenJDK8 (and related Oracle/OpenJDK components) affected by deserialization and related issues in Security/JAXP/JMX, potentially enabling denial of service or sandbox-related im...

5.3CVSS5AI score0.078EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.214 views

CVE-2018-2678

CVE-2018-2678 affects Oracle Java SE family (Java SE, Java SE Embedded, JRockit) with vulnerable JNDI component. Affected: Java 6u171, 7u161, 8u152, 9.0.1; Java SE Embedded 8u151; JRockit R28.3.16. Description indicates unauthenticated network access could lead to a partial denial of service via ...

4.3CVSS4.3AI score0.04675EPSS
Total number of security vulnerabilities53