CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2018/10/24 10:6 p.m.•2 views

OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

3.4CVSS7.4AI score0.03641EPSS

RedHat Linux•added 2018/06/25 2:57 p.m.•3 views

OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

3.1CVSS7.4AI score0.05095EPSS

IBM Security Bulletins•added 2018/06/18 12:32 a.m.•37 views

Security Bulletin: Java Platform Standard Edition Vulnerability in Multiple N Series Products (CVE-2016-0636)

Summary Multiple N Series Products incorporate the Oracle Java Platform, Standard Edition Java SE software libraries. Java SE versions 7u97, 8u73 and 8u74 are susceptible to a vulnerability, potentially leading to an unauthorized Operating System takeover including arbitrary code execution...

9.3CVSS1.6AI score0.05786EPSS

Exploits0Affected Software1

RedHat Linux•added 2018/03/14 3:23 p.m.•3 views

JDK: unspecified vulnerability fixed in 6u181 and 7u171 (Serialization)

Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

5.3CVSS7.2AI score0.07666EPSS

RedHat Linux•added 2017/10/24 12:14 p.m.•6 views

OpenJDK: CardImpl incorrect state handling (Smart Card IO, 8169026)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Smart Card IO. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...

6.8CVSS7.4AI score0.02635EPSS

RedHat Linux•added 2017/10/24 12:9 p.m.•5 views

OpenJDK: unbounded memory allocation in PredicatedNodeTest deserialization (JAXP, 8181327)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

5.3CVSS7.4AI score0.03305EPSS

RedHat Linux•added 2017/10/20 11:31 a.m.•1 views

OpenJDK: CardImpl incorrect state handling (Smart Card IO, 8169026)

6.8CVSS7.4AI score0.02635EPSS

RedHat Linux•added 2017/02/28 8:19 a.m.•6 views

OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

9.6CVSS7.4AI score0.02997EPSS

Exploits1References4

OSV•added 2016/10/25 2:30 p.m.•3 views

CVE-2016-5556

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D...

9.6CVSS7.4AI score0.04903EPSS

Exploits0References14

RedHat Linux•added 2016/08/26 12:59 p.m.•3 views

OpenJDK: missing entity replacement limits (JAXP, 8149962)

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500...

RedHat Linux•added 2016/08/26 12:59 p.m.•3 views

OpenJDK: maximum XML name limit not applied to namespace URIs (JAXP, 8148872)

RedHat Linux•added 2016/07/20 12:11 p.m.•2 views

OpenJDK: maximum XML name limit not applied to namespace URIs (JAXP, 8148872)

RedHat Linux•added 2016/07/20 12:11 p.m.•0 views

OpenJDK: missing entity replacement limits (JAXP, 8149962)

RedHat Linux•added 2016/07/20 12:11 p.m.•5 views

OpenJDK: insufficient value count check in MethodHandles.filterReturnValue() (Libraries, 8158571)

Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598...

9.6CVSS7.4AI score0.06715EPSS

RedHat Linux•added 2016/05/03 6:35 p.m.•3 views

OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952)

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization...

10CVSS7.4AI score0.0472EPSS

RedHat Linux•added 2016/05/02 1:11 p.m.•5 views

OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952)

10CVSS7.4AI score0.0472EPSS

RedHat Linux•added 2016/02/02 10:4 a.m.•7 views

OpenJDK: URL deserialization inconsistencies (Networking, 8059054)

Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking...

5CVSS7.2AI score0.04557EPSS

RedHat Linux•added 2016/01/21 11:54 a.m.•2 views

ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543)

Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

10CVSS7.2AI score0.07076EPSS

RedHat Linux•added 2016/01/20 7:30 p.m.•3 views

OpenJDK: URL deserialization inconsistencies (Networking, 8059054)

5CVSS7.2AI score0.04557EPSS