BIT-JRE-2020-2655

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this...

SUSE CVE-2018-2826

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Libraries. The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require...

OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allow...

OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

UBUNTU-CVE-2020-2816

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability c...

UBUNTU-CVE-2019-2842

Vulnerability in the Java SE component of Oracle Java SE subcomponent: JCE. The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Utilities. Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

UBUNTU-CVE-2018-2952

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...

Oracle Java SE Remote Vulnerability (CNVD-2017-18125)

Java SE is short for Java Platform Standard Edition, based on the JDK and JRE, for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments. Java SE 8u131 has security vulnerabilities in its implementation that allow an attacker to exploit...

Oracle Java SE Remote Vulnerability (CNVD-2017-18123)

Java SE is short for Java Platform Standard Edition, based on the JDK and JRE, for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments. Oracle Java SE has a security vulnerability. Allowing an attacker to exploit the vulnerability coul...

Oracle Java SE/JRockit Remote Vulnerability (CNVD-2017-18229)

Java SE is short for Java Platform Standard Edition, based on the JDK and JRE, for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments. Oracle Java SE/JRockit has a security vulnerability that allows an attacker to exploit...

Oracle Java SE/JRockit Remote Vulnerability (CNVD-2017-18173)

Java SE is short for Java Platform Standard Edition, based on the JDK and JRE, for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments. Oracle Java SE/JRockit has security vulnerabilities in its implementation that allow an attacker to...

JDK: unspecified vulnerability fixed in 7u111 and 8u101 (Deployment)

Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment...

CVE-2016-3443

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue...

SAP NetWeaver J2EE Engine UDDI Server SQL Injection Vulnerability

SAP NetWeaver J2EE Engine is the German SAP SAP company's a service-oriented integrated application platform J2EE engine. A SQL injection vulnerability exists in the UDDI server of SAP NetWeaver J2EE Engine version 7.40. A remote attacker could exploit this vulnerability to execute arbitrary SQL...

JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment)

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476...

OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB...

JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs...