Oracle Java SE/JRockit Remote Vulnerability (CNVD-2017-18126)

Java SE is short for Java Platform Standard Edition, based on the JDK and JRE, for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments. Oracle Java SE/JRockit has a security vulnerability that could be exploited by an attacker to...

Oracle Java SE/JRockit Remote Vulnerability (CNVD-2017-18173)

Java SE is short for Java Platform Standard Edition, based on the JDK and JRE, for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments. Oracle Java SE/JRockit has security vulnerabilities in its implementation that allow an attacker to...

Oracle Java SE/JRockit Remote Vulnerability (CNVD-2017-18124)

Java SE is short for Java Platform Standard Edition, based on the JDK and JRE, for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments. Java SE 8u131 has a security vulnerability in its implementation that allows an attacker to exploit...

OpenJDK: insufficient access control checks in XML transformations (JAXP, 8172469)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: incorrect handling of certain EC points (Security, 8178135)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network...

OpenJDK: JAR verifier incorrect handling of missing digest (Security, 8169392)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successfu...

UBUNTU-CVE-2017-10193

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

UBUNTU-CVE-2017-10067

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successfu...

Debian Security Advisory DSA 3893-1 (jython - security update)

Alvaro Munoz and Christian Schneider discovered that jython, an implementation of the Python language seamlessly integrated with Java, is prone to arbitrary code execution triggered when sending a serialized function to the deserializer. OpenVAS Vulnerability Test $Id: deb3893.nasl 6782 2017-07-2...

[SECURITY] [DLA 954-1] openjdk-7 security update

Package : openjdk-7 Version : 7u131-2.6.9-2deb7u1 CVE ID : CVE-2017-3509 CVE-2017-3511 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in privilege escalation, denial of...

OpenJDK: insufficient byte type checks (Hotspot, 8132051)

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component...

OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945)

It was discovered that the GCM Galois/Counter Mode implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag...

OpenJDK: improper re-use of NTLM authenticated connections (Networking, 8163520)

It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with...

Oracle Java SE/JRockit Remote Security Vulnerability (CNVD-2017-07163)

Java SE is short for Java Platform Standard Edition, based on the JDK and JRE, for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments. Oracle Java SE: 7u131, 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 A remote security...

Oracle Java SE/JRockit Local Security Vulnerability

Java SE stands for Java Platform Standard Edition, based on the JDK and JRE, for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments. Oracle Java SE: 7u131, 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 contains a security...

Oracle Java SE AWT Remote Vulnerability

Oracle Java SE is the United States Oracle Oracle company's set of standard version of the Java platform for the development and deployment of desktop, server, and embedded devices and real-time environments in the Java application. A security vulnerability exists in the AWT subcomponent of the...

CVE-2017-3511

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with logon to th...

CVE-2017-3512

Vulnerability in the Java SE component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks...

Oracle Java SE Remote Vulnerability (CNVD-2017-04740)

Oracle Java SE and Java SE Embedded are both products of Oracle Corporation. Java SE Java Platform Standard Edition is used to develop and deploy Java applications for desktops, servers, as well as embedded devices and real-time environments; Java SE Embedded is a Java platform for the developmen...

JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...