53 matches found
CVE-2019-2684
CVE-2019-2684 concerns Oracle Java SE and Java SE Embedded, specifically the RMI component. The connected Chainguard entry shows affected packages for OpenJDK builds (openjdk-21/openj9, openjdk-8/openj9, openjdk-11/openj9, openjdk-17/openj9). The initial description identifies affected Oracle Jav...
CVE-2019-7317
CVE-2019-7317 is a use-after-free involving png_image_free in libpng. A connected document ties this to the FLTK package, affecting versions less than 1.3.8-1, and states that upgrading to a later FLTK version resolves the issue. If applying this advisory, upgrade FLTK to 1.3.8-1 or newer for rem...
CVE-2019-2602
CVE-2019-2602 affects Oracle Java SE and Java SE Embedded Libraries component. Affected: Java SE 7u211, 8u202, 11.0.2, 12; Java SE Embedded 8u201. Root cause per the entry: vulnerability in Libraries that allows an unauthenticated, network-based attacker to cause a hang or frequent crashes (compl...
CVE-2019-2698
CVE-2019-2698 affects Oracle Java SE (subcomponent 2D) with affected Java SE versions 7u211 and 8u202; exploitation could allow takeover of Java SE via network access without authentication. CVSSv3.1 base score 8.1. Affected openjdk/openjdk-based packages (e.g., java-1.8.0-openjdk) and Oracle Jav...
CVE-2018-3183
CVE-2018-3183 affects OpenJDK/OpenJDK-based runtimes (Java SE/Java SE Embedded/JRockit) specifically the Scripting engine. Public records in connected advisories show affected OpenJDK versions including Java 8u182 and 11 (and 8u181 for embedded/JRockit R28.3.19). The underlying issue is a scripti...
CVE-2019-2422
CVE-2019-2422 affects Oracle Java SE Libraries in Java SE 7u201, 8u192, 11.0.1 (and Java SE Embedded 8u191). The issue is a memory disclosure in FileChannelImpl that could allow an unauthenticated, network-reachable attacker to read a subset of data, with user interaction required in some context...
CVE-2018-3180
CVE-2018-3180 is an Oracle Java SE/Embedded/JRockit vulnerability disclosed across multiple advisories. The connected documents confirm affected products and components and provide concrete impact scopes: vulnerable are OpenJDK/OpenJDK-based builds of Java SE/Embedded and related JSSE/JNDI/Hotspo...
CVE-2019-2842
CVE-2019-2842 affects Oracle Java SE OpenJDK 8u212 (JCE) and related Java SE/OpenJDK components; vulnerable component is the JCE in Java SE 8u212, with network-based unauthenticated access leading to a partial DoS of Java SE. Connected advisories confirm multiple affected package sets (java-1.8.0...
CVE-2019-2745
CVE-2019-2745 is an OpenJDK/Java SE vulnerability in the Security subcomponent with affected Java versions including 7u221, 8u212, and 11.0.3. Multiple advisories (CentOS, RHEL/CentOS, Debian) describe this as a side-channel risk in EC cryptography or related OpenJDK components, with exploitation...
CVE-2018-3214
CVE-2018-3214 affects Oracle Java SE components (Sound, JRockit, JSSE, JNDI, Networking) across Java SE 6u201/7u191/8u182, Java SE Embedded 8u181, and JRockit R28.3.19. Descriptions indicate unauthenticated network access could lead to partial DOS, data exposure or data modification depending on ...
CVE-2018-2952
CVE-2018-2952 affects OpenJDK/OpenJDK-derived Java runtimes (Java SE 7/8 and JRockit) in the Concurrency component. The root cause is insufficient index validation in PatternSyntaxException getMessage(), enabling unauthenticated network-based exploitation that can cause a denial of service via me...
CVE-2018-3139
CVE-2018-3139 affects Oracle Java SE/Java SE Embedded components (Networking) with affected Java versions (6u201, 7u191, 8u182, 11; Embedded 8u181). Multiple connected advisories (Red Hat/CentOS, Debian, IBM AIX, Amazon Linux 2) describe the vulnerability as an unauthenticated network-access issu...
CVE-2019-2786
CVE-2019-2786 affects Oracle Java SE/Java SE Embedded Security component (and related Utilities) with affected Java versions including Java 7/8/11 lines and embedded variants. The CVE describes an unauthenticated network-based vulnerability that can lead to read access to a subset of Java data, w...
CVE-2019-2697
CVE-2019-2697 affects Oracle Java SE 7u211 and 8u202 in the 2D subcomponent. The flaw enables unauthenticated remote takeover via network access, primarily affecting client-side sandbox deployments (Web Start/applets) that load untrusted code. The CVSS v3.1 score is 8.1 (HIGH) with C/H/I/A impact...
CVE-2019-2769
CVE-2019-2769 affects Oracle Java SE/Java SE Embedded, with affected components in Utilities and related subsystems. The initial description identifies Java SE versions 7u221, 8u212, 11.0.3 and 12.0.1 and Java SE Embedded 8u211 as impacted, enabling network-based, unauthenticated exploitation tha...
CVE-2018-2582
CVE-2018-2582 affects Oracle Java SE/OpenJDK (Hotspot) in Java SE 8u152, 9.0.1 and Java SE Embedded 8u151. The vulnerability occurs in the Hotspot/Libraries/AWT areas via network-accessible vectors, with unauthenticated remote exploitation and user interaction required for some attack paths. Publ...
CVE-2018-3149
CVE-2018-3149 affects Oracle Java SE family (Java SE, Java SE Embedded, JRockit) in the JNDI component, with vulnerable Java runtimes including Java 6u201, 7u191, 8u182 and 11; Java SE Embedded 8u181; JRockit R28.3.19. The root cause is within the Java components referenced (JNDI) and can allow a...
CVE-2018-3169
CVE-2018-3169 — concrete details found : The vulnerability affects Oracle Java SE/Java SE Embedded (Hotspot) with affected versions Java SE 7u191, 8u182, 11 and Java SE Embedded 8u181. It is exploitable via network access and does not require authentication, with attack potential described as dif...
CVE-2019-2816
CVE-2019-2816 affects Oracle Java SE/Java SE Embedded Networking and related components (Utilities) with affected Java SE versions 7u221, 8u212, 11.0.3, 12.0.1 and Java SE Embedded 8u211. IBM AIX security bulletin confirms CVSS 3.0 base score 4.8 (Network, High/AC:H, Privileges N, User Interactio...
CVE-2018-3136
CVE-2018-3136 affects Oracle Java SE/Embedded Security component (and related features) with Java SE 6u201, 7u191, 8u182, 11 and Java SE Embedded 8u181 (AIX/others show broader OpenJDK/OpenJDK updates). The vulnerability allows unauthenticated network access to compromise Java SE/Embedded Securit...
CVE-2019-2762
CVE-2019-2762 is a vulnerability in Oracle Java SE/Java SE Embedded Utilities. Affected are Java SE: 7u221, 8u212, 11.0.3, 12.0.1; Java SE Embedded: 8u211. Public sources in the connected documents confirm an easily exploitable issue allowing unauthenticated network access to compromise the Java ...
CVE-2018-2799
CVE-2018-2799 is an OpenJDK/Oracle Java SE vulnerability affecting the JAXP component. Affected are Java SE: 7u171, 8u162, 10; Java SE Embedded: 8u161; JRockit: R28.3.17. The issue permits an unauthenticated attacker with network access to trigger a partial denial of service. The vulnerability is...
CVE-2019-2426
CVE-2019-2426 affects Oracle Java SE Networking. Affected: Java SE 7u201, 8u192, 11.0.1; Java SE Embedded 8u191. Attack requires network access and can lead to unauthorized read access to a subset of Java SE data. Root cause: vulnerability in the Java SE Networking component that can be exploited...
CVE-2018-2973
CVE-2018-2973 is an Oracle Java SE/JSSE vulnerability affecting Java SE: 6u191, 7u181, 8u172, 10.0.1 and Java SE Embedded: 8u171. It can be exploited over the network with SSL/TLS by an unauthenticated attacker to cause unauthorized data modifications (integrity impact). Affected deployments load...
CVE-2019-2766
CVE-2019-2766 affects Oracle Java SE and Java SE Embedded (Networking subcomponent) with affected versions: Java SE 7u221, 8u212, 11.0.3, 12.0.1 and Java SE Embedded 8u211. The Connected documents describe it as a network-accessible vulnerability that is difficult to exploit and can lead to unaut...
CVE-2018-2940
CVE-2018-2940 affects Oracle Java SE and Java SE Embedded Libraries. Affected: Java SE 6u191, 7u181, 8u172, 10.0.1; Java SE Embedded 8u171. Underlying issue in the Libraries component allows an unauthenticated, network-accessible attacker to read data from Java deployments that load untrusted cod...
CVE-2018-2798
CVE-2018-2798 affects Oracle Java/OpenJDK with the AWT component (and related JRE/JDK bundles). The connected advisories describe an issue: unbounded memory allocation during deserialization in the Container (AWT) path, enabling potentially unauthenticated network-accessed exploitation. Public di...
CVE-2018-2790
CVE-2018-2790 affects Oracle Java SE/Java SE Embedded (OpenJDK in Linux distributions) with a JAR manifest handling flaw. Public sources in Debian and CentOS advisories cite it among OpenJDK issues for multiple Java versions (6u181, 7u171, 8u162, 10; Embedded 8u161). The connected docs identify t...
CVE-2018-2814
CVE-2018-2814 affects Java SE/Java SE Embedded (Hotspot). Affected: Java SE 6u181, 7u171, 8u162, 10; Java SE Embedded 8u161. The vulnerability allows network-based, unauthenticated access to compromise Java SE/Embedded with user interaction required, potentially leading to takeover. Underlying is...
CVE-2018-2800
CVE-2018-2800 affects Oracle Java SE/JRockit (RMI) and is reflected in multiple public advisories. Affected Java SE: 6u181, 7u171, 8u162; JRockit: R28.3.17. The vulnerability involves the Java SE JRockit RMI component and can allow an unauthenticated network-access attacker to compromise data via...
CVE-2018-2794
CVE-2018-2794 is an OpenJDK/Java SE issue affecting multiple deserialization-related paths (including JCEKS, security/JAXP, and RMI) with a vulnerability in a range of Java versions (e.g., 6u/7u/8u and 10). Connected advisories confirm affected products and provide fixes: Debian openjdk-7 update ...
CVE-2018-2815
CVE-2018-2815 is a deserialization flaw in Oracle Java SE, Java SE Embedded, and JRockit (Serialization component) that can be exploited over network without authentication to cause a partial denial of service. Affected are Java SE 6u181, 7u171, 8u162, 10; Java SE Embedded 8u161; JRockit R28.3.17...
CVE-2018-2641
CVE-2018-2641 affects Oracle/OpenJDK Java SE/Java SE Embedded, specifically the AWT component. Public records in Debian/CentOS/AIX advisories show multiple OpenJDK/OpenJDK7/8 packages with this CVE, related to the Java sandbox and deserialization/LDAP/JMX weaknesses. The vulnerability is exploita...
CVE-2018-2603
CVE-2018-2603 is an OpenJDK/Oracle Java Libraries vulnerability: unbounded memory allocation when reading DER-encoded input in the Libraries (and related JNDI/AWT/JMX contexts). This can allow an unauthenticated attacker with network access via multiple protocols to cause a partial denial of serv...
CVE-2018-2633
CVE-2018-2633 affects OpenJDK/OpenJDK-based runtimes (Java SE/Java SE Embedded/JRockit) via the JNDI LDAP path, specifically the LDAPCertStore in JNDI. The vulnerability arises from insecure handling of LDAP referrals, which could allow a remote attacker to cause a security impact by manipulating...
CVE-2018-2602
CVE-2018-2602 affects Oracle Java SE and Java SE Embedded (I18n). Publicly available docs describe the issue as a vulnerability in the I18n component where loading resource bundles from an untrusted location may allow a locally authenticated attacker to execute code or bypass sandboxing, with CVS...
CVE-2018-2579
CVE-2018-2579 affects OpenJDK components (Java SE/OpenJDK/JRockit) across multiple platforms; connected sources document an issue with unsynchronized access to encryption key data in Libraries, enabling potential information disclosure under network access. Public advisories show affected package...
CVE-2018-2677
CVE-2018-2677 affects Oracle Java SE and Java SE Embedded (AWT). A vulnerability in the Java SE/JRE AWT component could allow an unauthenticated attacker with network access to cause a partial denial of service on affected Java deployments (client sandboxed usage). Affected versions per descripti...
CVE-2018-2783
CVE-2018-2783 is an Oracle Java SE/Java SE Embedded/JRockit security vulnerability exploitable by an unauthenticated attacker over network connections to cause high confidentiality and integrity impact (CVSS 3.0 base 7.4). Affected product families and versions include Java SE 6u181, 7u161, 8u152...
CVE-2018-2797
CVE-2018-2797 (OpenJDK/OpenJDK for Java SE/Java SE Embedded/JRockit; subcomponent: JMX) concerns unbounded memory allocation during deserialization in the JMX-related path, enabling a network-exposed attacker to cause a partial denial of service. Public advisories and vendor pages (CentOS CESA-20...
CVE-2018-2599
CVE-2018-2599 (Oracle Java SE/JRockit JNDI) affects Java SE 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded 8u151; JRockit R28.3.16. It is exploitable over network with unauthenticated access and can lead to partial data integrity/availability impact. Connected advisories corroborate multiple aff...
CVE-2018-2618
CVE-2018-2618 affects the Java cryptography (JCE) key-agreement in OpenJDK/OpenJDK-derived OpenJDK builds such as Java SE, Java SE Embedded, and JRockit. The connected sources describe insufficient strength of keys in the JCE component, enabling an unauthenticated attacker with network access to ...
CVE-2018-2796
CVE-2018-2796 causes unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency) in Oracle/OpenJDK Java SE. Affected: Java SE/Embedded and JRockit components with Java 7u171, 8u162 and 10, plus related JDK/JRE packages (e.g., OpenJDK builds) per the CVE references. I...
CVE-2018-2637
CVE-2018-2637 affects the OpenJDK/OpenJDK JMX component (SingleEntryRegistry deserialization filter). A remote, unauthenticated attacker could exploit improper deserialization filter setup to bypass deserialization restrictions. Multiple advisories (ALAS-2018-949; CentOS/DSA entries; Debian secur...
CVE-2018-2629
CVE-2018-2629 corresponds to a GSS context use-after-free vulnerability in the OpenJDK JGSS component (Oracle Java SE/JRockit/JRE). Affected products/versions include Oracle Java SE (client/server), Java SE Embedded, and JRockit with affected releases such as Java SE 6u171, 7u161, 8u152, 9.0.1; J...
CVE-2018-2663
CVE-2018-2663 affects Oracle Java SE family, specifically the Libraries component (and related Java SE deployments) including Java SE/JRockit/Jackson? The connected documents indicate: vulnerable input handling during object deserialization in Libraries, AWT, and JNDI components, which can lead t...
CVE-2018-2588
CVE-2018-2588 affects Oracle Java SE (Java SE, Java SE Embedded, JRockit) LDAP component. Root cause: a vulnerability in the LDAP subcomponent could allow an attacker with network access to read data from affected Java deployments. Affected versions cited include Java SE: 6u171, 7u161, 8u152, 9.0...
CVE-2018-2634
CVE-2018-2634 affects the OpenJDK/JGSS component: the JGSS subsystem ignores javax.security.auth.useSubjectCredsOnly and always uses global credentials, potentially allowing an untrusted Java application to access credentials. Affected products in connected docs include OpenJDK/OpenJDK builds acr...
CVE-2018-2795
CVE-2018-2795 is confirmed in multiple openjdk advisories. Public details in connected documents show OpenJDK/OpenJDK7/OpenJDK8 (and related Oracle/OpenJDK components) affected by deserialization and related issues in Security/JAXP/JMX, potentially enabling denial of service or sandbox-related im...
CVE-2018-2678
CVE-2018-2678 affects Oracle Java SE family (Java SE, Java SE Embedded, JRockit) with vulnerable JNDI component. Affected: Java 6u171, 7u161, 8u152, 9.0.1; Java SE Embedded 8u151; JRockit R28.3.16. Description indicates unauthenticated network access could lead to a partial denial of service via ...