Information Disclosure

Oracle Java SE is vulnerable to information disclosure attacks. This is because the JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. A local attacker could possibly use thi...

OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Denial Of Service (DoS)

Java SE, Java SE Embedded and JRockit are vulnerable to denial of service attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Networking component causing partial denial of service conditions...

Sandbox Restrictions Bypass

Java SE and Java SE Embedded are vulnerable to sandbox restrictions bypass. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Hotspot component to gain elevated privileges. Successful attacks could result in takeover of Java SE and Java SE...

Sandbox Restrictions Bypass

Java SE, Java SE Embedded and JRockit are vulnerable to sandbox restrictions bypass. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed RMI component to gain elevated privileges. Successful attacks of this vulnerability can result in...

Denial Of Service (DoS)

Java SE and Java SE Embedded are vulnerable to denial of service attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed JAXP component causing partial denial of service conditions...

Sandbox Restrictions Bypass

Java SE and Java SE Embedded are vulnerable to sandbox restrictions bypass. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed RMI component to gain elevated privileges. Successful attacks could result in takeover of Java SE and Java SE...

Denial Of Service (DoS)

Java SE, Java SE Embedded and JRockit are vulnerable to denial of service attacks. A remote, unauthenticated attacker could exploit the flawed JAX-WS component to partially access data and cause partial denial of service conditions...

Privilege Escalation

Java SE, Java SE Embedded and JRockit are vulnerable to privilege escalation attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Security component to gain elevated privileges. Successful attacks could result in unauthorized access to...

Denial Of Service

Java SE and Java SE Embedded are vulnerable to denial of serviceDoS attacks. A remote user can exploit a flaw in the Serialization component to cause application crash resulting in partial denial of service conditions...

Privilege Escalation

Java SE and Java SE Embedded are vulnerable to privilege escalation attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Libraries component to gain elevated privileges. Successful attacks could result in takeover of Java SE and Java S...

Sandbox Protection Bypass

Java SE andJava SE Embedded are vulnerable to sandbox protection bypass attacks. A remote user can exploit a flaw in the RMI component to gain elevated privileges or cause denial of service conditions on the target system...

Privilege Escalation

Java SE, Java SE Embedded and JRockit are vulnerable to privilege escalation attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Security component to gain elevated privileges. Successful attacks could result in takeover of Java SE,...

Privilege Escalation

Java SE, Java SE Embedded and JRockit are vulnerable to privilege escalation attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed JCE component to gain elevated privileges. Successful attacks could result in unauthorized access to...

Privilege Escalation

Java SE and Java SE Embedded are vulnerable to arbitrary code execution attacks. A remote user can exploit a flaw in the RMI component to gain elevated privileges. This may allow the user with lower privileges to perform restricted actions...

Arbitrary Code Execution

Java SE and Java SE Embedded are vulnerable to arbitrary code execution attacks. A remote user can exploit a flaw in the Hotspot component to partially modify data...

Privilege Escalation

Java SE and Java SE Embedded are vulnerable to privilege escalation. A remote user can exploit a flaw in the Libraries component to gain elevated privileges. This may allow the user with lower privileges to perform restricted actions...

Privilege Escalation

Java SE and Java SE Embedded are vulnerable to privilege escalation. A remote user can exploit a flaw in the JAXP component to gain elevated privileges. This may allow the user with lower privileges to perform restricted actions...