1373 matches found
Privilege Escalation
Java SE and Java SE Embedded are vulnerable to privilege escalation attacks. A remote user can exploit a flaw in the Libraries component to gain elevated privileges. This may allow a user with lower privileges to perform restricted actions...
Denial Of Service (DoS)
Java SE and Java SE Embedded are vulnerable to denial of service attacks. A remote attacker could cause an application crash resulting in denial of service conditions via the Libraries component...
Unauthorized Modification
Java SE and Java SE Embedded are vulnerable to unauthenticated modification attacks. An unauthenticated attacker can exploit a flaw in the Security component of OpenJDK which does not allow users to restrict the set of algorithms allowed for Jar integrity verification allowing an attacker to modi...
Improper Access Control
Java SE and Java SE Embedded are vulnerable to improper access control attacks. The affected component is JCE of OpenJDK. A local attacker could possibly use this flaw to load an attacker-controlled library which elevates their privileges...
Unauthorized Modification
Java SE and Java SE Embedded are vulnerable to unauthorized modification attacks. An unauthenticated attacker can exploit a flaw in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a...
Denial Of Service (DoS)
Java SE and Java SE Embedded are vulnerable to denial of serviceDos attacks. This occurs in JAXP component of OpenJDK which fails to correctly enforce parse tree size limits when parsing XML documents. An attacker could use this flaw to crash the application via consuming an excessive amount of C...
Information Disclosure
Java SE and Java SE Embedded component of Oracle Java SE are vulnerable to information disclosure. A remote unauthenticated attacker is able to gain unauthorized read access to a subset of Java SE, Java SE Embedded accessible data via the Networking component...
Information Disclosure
Java SE and Java SE Embedded are vulnerable to information disclosure attacks. This allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, which leads to elevated privilege gaining and application crashing...
Sandbox Restrictions Bypass
Oracle Java SE and Java SE Embedded are vulnerable to sandbox restrictions bypass. Mishandled classloaders in the component JMX of OpenJDK allows an untrusted Java application or applet to bypass certain Java sandbox restrictions to perform unauthorized actions...
Information Disclosure
Oracle Java SE and Java SE Embedded are vulnerable to information disclosure. A remote user can exploit a flaw in the Networking component to access sensitive information...
Oracle Java SE 6 < Update 211 / 7 < Update 201 / 8 < Update 191 / 11 < Update 1 Multiple Vulnerabilities (October 2018 CPU)
Binary data 700659.prm...
Code injection
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via...
Design/Logic Flaw
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
CVE-2019-2684
CVE-2019-2684 concerns Oracle Java SE and Java SE Embedded, specifically the RMI component. The connected Chainguard entry shows affected packages for OpenJDK builds (openjdk-21/openj9, openjdk-8/openj9, openjdk-11/openj9, openjdk-17/openj9). The initial description identifies affected Oracle Jav...
CVE-2019-2602
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via...
OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via...
Oracle Java SE and Java SE Embedded Access Control Error Vulnerability (CNVD-2019-26750)
Oracle Java SE and Oracle Java SE Embedded are both products of Oracle Corporation.Oracle Java SE is a Java platform for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments.Oracle Java SE Embedded is a Java platform that targets Java...
OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via...
Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affect IBM Performance Management products
Summary Multiple vulnerabilities in the Oracle Java SE and the Java SE Embedded impact the IBM SDK, Java Technology Edition. Vulnerability Details CVEID: CVE-2018-1890 DESCRIPTION: IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code...
Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affect IBM Performance Management products
Summary Multiple vulnerabilities in the Oracle Java SE and the Java SE Embedded impact the IBM SDK, Java Technology Edition. Vulnerability Details CVEID: CVE-2018-3139 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could...