Information Disclosure

Oracle Java SE is vulnerable to information disclosure attacks. This is because the JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. A local attacker could possibly use thi...

Improper Access Control

Oracle Java SE is vulnerable to improper access control vulnerability. This is because the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data...

Important: java-1.7.0-openjdk

Issue Overview: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network...

OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Denial Of Service (DoS)

Java SE, Java SE Embedded and JRockit are vulnerable to denial of service attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Networking component causing partial denial of service conditions...

Sandbox Restrictions Bypass

Java SE, Java SE Embedded and JRockit are vulnerable to sandbox restrictions bypass. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed RMI component to gain elevated privileges. Successful attacks of this vulnerability can result in...

Denial Of Service (DoS)

Java SE is vulnerable to denial of service attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Deployment component causing partial denial of service conditions...

Sandbox Restrictions Bypass

Java SE and Java SE Embedded are vulnerable to sandbox restrictions bypass. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Hotspot component to gain elevated privileges. Successful attacks could result in takeover of Java SE and Java SE...

Denial Of Service (DoS)

Java SE, Java SE Embedded and JRockit are vulnerable to denial of service attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Serialization component causing partial denial of service conditions...

Denial Of Service (DoS)

Java SE and Java SE Embedded are vulnerable to denial of service attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed JAXP component causing partial denial of service conditions...

Denial Of Service (DoS)

Java SE, Java SE Embedded and JRockit are vulnerable to denial of service attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Serialization component causing partial denial of service conditions...

Sandbox Restrictions Bypass

Java SE and Java SE Embedded are vulnerable to sandbox restrictions bypass. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed RMI component to gain elevated privileges. Successful attacks could result in takeover of Java SE and Java SE...

Privilege Escalation

Java SE, Java SE Embedded and JRockit are vulnerable to privilege escalation attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Security component to gain elevated privileges. Successful attacks could result in unauthorized access to...

Denial Of Service (DoS)

Java SE, Java SE Embedded and JRockit are vulnerable to denial of service attacks. A remote, unauthenticated attacker could exploit the flawed JAX-WS component to partially access data and cause partial denial of service conditions...

Privilege Escalation

Java SE, Java SE Embedded and JRockit are vulnerable to privilege escalation attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed JCE component to gain elevated privileges. Successful attacks could result in unauthorized access to...

Privilege Escalation

Java SE, Java SE Embedded and JRockit are vulnerable to privilege escalation attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed JCE component to gain elevated privileges. Successful attacks could result in unauthorized access to...

Privilege Escalation

Java SE, Java SE Embedded and JRockit are vulnerable to privilege escalation attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Security component to gain elevated privileges. Successful attacks could result in takeover of Java SE,...

Privilege Escalation

Java SE is vulnerable to privilege escalation attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed AWT component to gain elevated privileges. Successful attacks could result in takeover of Java SE...

Denial Of Service

Java SE and Java SE Embedded are vulnerable to denial of serviceDoS attacks. A remote user can exploit a flaw in the Serialization component to cause application crash resulting in partial denial of service conditions...

Privilege Escalation

Java SE and Java SE Embedded are vulnerable to privilege escalation attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Libraries component to gain elevated privileges. Successful attacks could result in takeover of Java SE and Java S...