OpenJDK: untrusted extension directories search path in Launcher (JCE, 8163528)

An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges...

OpenJDK: untrusted extension directories search path in Launcher (JCE, 8163528)

An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges...

OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945)

It was discovered that the GCM Galois/Counter Mode implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag...

OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945)

It was discovered that the GCM Galois/Counter Mode implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag...

OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945)

It was discovered that the GCM Galois/Counter Mode implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag...

OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945)

It was discovered that the GCM Galois/Counter Mode implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag...

CVE-2016-3426

Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE...

OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945)

It was discovered that the GCM Galois/Counter Mode implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag...

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...

JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)

Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE...

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...

Unspecified Vulnerability in Oracle Java SE JCE Component

Oracle Java SE is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments. A security vulnerability exists in the JCE subcomponent of Oracle Java SE, which can be exploited by a remote attacker to construct a malicious WEB page and trick...

Unspecified Vulnerability in Oracle Java SE JCE Component (CNVD-2015-04846)

Oracle Java SE is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments. A security vulnerability exists in the JCE subcomponent of Oracle Java SE, which can be exploited by a remote attacker to construct a malicious WEB page and trick...

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...

UBUNTU-CVE-2015-2613

Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE...

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...

OpenJDK: insufficient hardening of RSA-CRT implementation (JCE, 8071726)

It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures...

USN-2574-1 openjdk-7 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. CVE-2015-0460, CVE-2015-0469 Alexander Cherepanov discovered that...