The vulnerability of the Java Development Kit application development tool allows a remote attacker to compromise data confidentiality and integrity.

The vulnerability of the Java Development Kit, related to subcomponents of the application. Exploiting this vulnerability allows a malicious attacker to compromise data confidentiality and integrity by using the JNDI subcomponent...

The vulnerability of the Java Development Kit application development tool allows a remote attacker to compromise data confidentiality and integrity.

The vulnerability of the Java Development Kit, related to the subcomponents of the program. Exploiting this vulnerability allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of data, by utilizing the subcomponent Serviceability...

The vulnerability of the Java Development Kit application development tool allows a remote attacker to compromise data confidentiality and integrity.

The vulnerability of the Java Development Kit application development tool relates to subcomponents of the program. Exploiting this vulnerability allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of data, by using the JAX-WS subcomponent...

RedHat Update for java-1.8.0-openjdk RHSA-2016:0514-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix

The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 does not properly deserialize classes in an AccessController...

JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (Deployment)

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment...

OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945)

It was discovered that the GCM Galois/Counter Mode implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag...

OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167)

It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed...

OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430)

It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger...

OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167)

It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed...

OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017)

An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox...

OpenJDK: PBE incorrect key lengths (Libraries, 8138589)

It was discovered that the password-based encryption PBE implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected...

OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)

It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory...

OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)

It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory...

OpenJDK: PBE incorrect key lengths (Libraries, 8138589)

It was discovered that the password-based encryption PBE implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected...

OpenJDK: PBE incorrect key lengths (Libraries, 8138589)

It was discovered that the password-based encryption PBE implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected...

OpenJDK: missing checks for proper initialization in ObjectStreamClass (Serialization, 8103671)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization...

OpenJDK: java.nio Buffers integer overflow issues (Libraries, 8130891)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

OpenJDK: incomplete MaxXMLNameLimit enforcement (JAXP, 8086733)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911...

OpenJDK: inefficient use of hash tables and lists during XML parsing (JAXP, 8068842)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911...