Beschreibung
Multiple serious vulnerabilities have been found in Oracle products. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, obtain sensitive information, cause denial of service and perform unspecified attacks.
Below is a complete list of vulnerabilities:
- Multiple unspecified vulnerabilities in the Libraries component can be exploited remotely to bypass security restrictions;
- An unspecified vulnerability in the Libraries component can be exploited remotely to bypass security restrictions;
- An unspecified vulnerability in the Install component can be exploited locally to perform unspecified attacks;
- An unspecified vulnerability in the Security component can be exploited locally via a specially crafted JCEKS key store to execute arbitrary code and obtain sensitive information;
- An unspecified vulnerability in the Security component can be exploited remotely to perform unspecified attacks;
- An unbounded memory allocation during deserialization in Container can be exploited remotely via specially crafted input to cause denial of service;
- An unbounded memory allocation during deserialization in PriorityBlockingQueue can be exploited remotely via specially crafted input to cause denial of service;
- An unbounded memory allocation during deserialization in NamedNodeMapImpl can be exploited remotely via specially crafted input to cause denial of service;
- An unbounded memory allocation during deserialization in TabularDataSupport can be exploited remotely via specially crafted input to cause denial of service;
- An insufficient consistency checks in deserialization of multiple classes in the Security component can be exploited remotely via specially crafted input to cause denial of service;
- An unbounded memory allocation during deserialization in StubIORImpl can be exploited remotely via specially crafted input to cause denial of service;
- An unspecified vulnerabilities in the RMI can be exploited remotely to bypass security restrictions;
- An incorrect merging of sections in the JAR manifest can be exploited remotely to bypass security restrictions.
Technical details
Java SE 10 is affected by vulnerabilities (1)-(11) and (13)
Java SE 8 is affected by vulnerabilities (2)-(13)
Java SE 6 and 7 is affected by vulnerabilities (2) and (4)-(13)
Java SE Embedded 8 is affected by vulnerabilities (2), (5)-(11) and (13)
JRockit is affected by vulnerabilities (5)-(12)
Ursprüngliche Informationshinweise
CVE Liste
- CVE-2018-2811 critical
- CVE-2018-2814 critical
- CVE-2018-2815 critical
- CVE-2018-2783 critical
- CVE-2018-2826 critical
- CVE-2018-2790 critical
- CVE-2018-2825 critical
- CVE-2018-2794 critical
- CVE-2018-2795 critical
- CVE-2018-2796 critical
- CVE-2018-2797 critical
- CVE-2018-2798 critical
- CVE-2018-2799 critical
- CVE-2018-2800 critical
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com