KLA11122 Multiple vulnerabilities in Oracle Java SE, Java SE Embedded and JRockit

Multiple serious vulnerabilities have been found in Oracle Java SE. Malicious users can exploit these vulnerabilities to cause denial of service and bypass security restrictions. Below is a complete list of vulnerabilities: 1. An unspecified vulnerability in subcomponent Smart Card IO can be...

CVE-2017-8012

The CVE pertains to Dell EMC/VNX Monitoring and Reporting (RMI Registry) deserialization vulnerability that can be exploited remotely to cause a DoS. The attack path involves the exposed RMI registry (default port 52569) accepting untrusted data; authentication exists but can be bypassed per the ...

CVE-2017-10145

Vulnerability in the Java Advanced Management Console component of Oracle Java SE subcomponent: Server. The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)

A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...

NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP Information Disclosure Vulnerability

NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP are both products of the U.S. company NetApp. The former is a set of software for monitoring, managing and optimizing the performance of data storage in Data ONTAP cluster environments; the latter is...

Design/Logic Flaw

NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation aka JMX RMI service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2016-9008

IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent...

OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)

A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...

OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)

A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...

OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)

A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...

OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)

A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...

OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)

A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...

CVE-2016-5554

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX...

UBUNTU-CVE-2016-5554

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX...

OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)

A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...

Unspecified Vulnerability in Oracle Java SE and Java SE Embedded Components (CNVD-2016-09781)

Oracle Java SE and Java SE Embedded are both products of Oracle Corporation. Java SE Java Platform Standard Edition is used to develop and deploy Java applications for desktops, servers, as well as embedded devices and real-time environments; Java SE Embedded is a Java platform for the developmen...

Aternity Remote Code Execution Vulnerability

Aternity webserver is a web server from the American company Aternity. A remote code execution vulnerability exists in Aternity 9 and prior versions of the web server, which stems from the program failing to require authentication for getMBeansFromURL to download Java Mbeans. A remote attacker ca...

OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430)

It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger...

OpenJDK: logging of RMI connection secrets (JMX, 8130710)

Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX...

OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430)

It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger...