Privilege Escalation

Java SE and Java SE Embedded are vulnerable to privilege escalation attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Libraries component to gain elevated privileges. Successful attacks could result in takeover of Java SE and Java S...

Sandbox Protection Bypass

Java SE andJava SE Embedded are vulnerable to sandbox protection bypass attacks. A remote user can exploit a flaw in the RMI component to gain elevated privileges or cause denial of service conditions on the target system...

Privilege Escalation

Java SE, Java SE Embedded and JRockit are vulnerable to privilege escalation attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Security component to gain elevated privileges. Successful attacks could result in takeover of Java SE,...

Privilege Escalation

Java SE, Java SE Embedded and JRockit are vulnerable to privilege escalation attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed JCE component to gain elevated privileges. Successful attacks could result in unauthorized access to...

Privilege Escalation

Java SE and Java SE Embedded are vulnerable to arbitrary code execution attacks. A remote user can exploit a flaw in the RMI component to gain elevated privileges. This may allow the user with lower privileges to perform restricted actions...

Arbitrary Code Execution

Java SE and Java SE Embedded are vulnerable to arbitrary code execution attacks. A remote user can exploit a flaw in the Hotspot component to partially modify data...

Privilege Escalation

Java SE and Java SE Embedded are vulnerable to privilege escalation. A remote user can exploit a flaw in the Libraries component to gain elevated privileges. This may allow the user with lower privileges to perform restricted actions...

Privilege Escalation

Java SE and Java SE Embedded are vulnerable to privilege escalation. A remote user can exploit a flaw in the JAXP component to gain elevated privileges. This may allow the user with lower privileges to perform restricted actions...

Privilege Escalation

Java SE and Java SE Embedded are vulnerable to privilege escalation attacks. A remote user can exploit a flaw in the Libraries component to gain elevated privileges. This may allow a user with lower privileges to perform restricted actions...

Denial Of Service (DoS)

Java SE and Java SE Embedded are vulnerable to denial of service attacks. A remote attacker could cause an application crash resulting in denial of service conditions via the Libraries component...

Improper Access Control

Java SE and Java SE Embedded are vulnerable to improper access control attacks. The affected component is JCE of OpenJDK. A local attacker could possibly use this flaw to load an attacker-controlled library which elevates their privileges...

Unauthorized Modification

Java SE and Java SE Embedded are vulnerable to unauthenticated modification attacks. An unauthenticated attacker can exploit a flaw in the Security component of OpenJDK which does not allow users to restrict the set of algorithms allowed for Jar integrity verification allowing an attacker to modi...

Unauthorized Modification

Java SE and Java SE Embedded are vulnerable to unauthorized modification attacks. An unauthenticated attacker can exploit a flaw in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a...

Denial Of Service (DoS)

Java SE and Java SE Embedded are vulnerable to denial of serviceDos attacks. This occurs in JAXP component of OpenJDK which fails to correctly enforce parse tree size limits when parsing XML documents. An attacker could use this flaw to crash the application via consuming an excessive amount of C...

Information Disclosure

Java SE and Java SE Embedded component of Oracle Java SE are vulnerable to information disclosure. A remote unauthenticated attacker is able to gain unauthorized read access to a subset of Java SE, Java SE Embedded accessible data via the Networking component...

Information Disclosure

Java SE and Java SE Embedded are vulnerable to information disclosure attacks. This allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, which leads to elevated privilege gaining and application crashing...

Sandbox Restrictions Bypass

Oracle Java SE and Java SE Embedded are vulnerable to sandbox restrictions bypass. Mishandled classloaders in the component JMX of OpenJDK allows an untrusted Java application or applet to bypass certain Java sandbox restrictions to perform unauthorized actions...

Information Disclosure

Oracle Java SE and Java SE Embedded are vulnerable to information disclosure. A remote user can exploit a flaw in the Networking component to access sensitive information...

Oracle Java SE 6 < Update 211 / 7 < Update 201 / 8 < Update 191 / 11 < Update 1 Multiple Vulnerabilities (October 2018 CPU)

Binary data 700659.prm...

Code injection

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via...