70 matches found
CVE-2017-10309
CVE-2017-10309 involves the Deployment subcomponent of Oracle Java SE. Public details in the provided documents indicate an XML External Entity/Information Disclosure style vulnerability affecting Java 8u144 and Java 9 deployments, with network-accessible exploitation requiring user interaction. ...
CVE-2017-10198
CVE-2017-10198 affects Oracle Java SE, Java SE Embedded, and JRockit. Vulnerability in the Security component (and related areas) allows unauthenticated network-based access to compromise affected Java runtimes (Java SE 6u151, 7u141, 8u131; Embedded 8u131; JRockit R28.3.14). Exploitation is possi...
CVE-2017-10078
CVE-2017-10078 affects Oracle Java SE 8u131 (Scripting) and can be exploited over network with multiple protocols, enabling high-impact confidentiality and integrity violations and data access. The vulnerability can be triggered by sandboxed Web Start/Applet use or via APIs without sandboxing. Th...
CVE-2018-2964
CVE-2018-2964 affects Oracle Java SE Deployment. Affected are Java SE 8u172 and 10.0.1; the flaw is exploitable over the network via multiple protocols and may allow takeover of Java SE, with client deployments using untrusted code in sandboxed environments being at risk. Exploitation is reported...
CVE-2018-2826
CVE-2018-2826 affects Oracle Java SE Libraries in Java SE 10. The vulnerability allows an unauthenticated network-based attacker to compromise Java SE, with potential takeover of the Java Runtime, per the description. CVSS 3.1 indicates HIGH impact (C, I, A HIGH) with NETWORK attack vector and re...
CVE-2017-10293
CVE-2017-10293 is a vulnerability in the Oracle Java SE Javadoc component affecting Java SE versions 6u161, 7u151, 8u144, and 9. It permits an unauthenticated attacker with network access via HTTP to potentially read and modify Java data and read data, with user interaction required for exploitat...
CVE-2017-10176
CVE-2017-10176 affects Oracle Java SE/SE Embedded/JRockit (OpenJDK/OpenJDK components) with affected releases including Java SE 7u141 and 8u131, SE Embedded 8u131, JRockit R28.3.14. The vulnerability enables an unauthenticated network attacker to access or take data via multiple protocols and can...
CVE-2017-10114
CVE-2017-10114 affects the Java SE/JavaFX component; specifically Java SE 7u141 and 8u131. The vulnerability is described as difficult to exploit, requiring network access via multiple protocols and user interaction, with potential takeover of Java SE and possible impact on other products relying...
CVE-2017-10118
CVE-2017-10118 affects Oracle Java SE/JRockit/JCE with a timing-channel vulnerability in ECDSA within the JCE component. A remote attacker could potentially recover private keys by observing timing differences, enabling unauthenticated network-remote exploitation on affected OpenJDK/JRockit confi...
CVE-2017-10105
CVE-2017-10105 is a vulnerability in the Oracle Java SE Deployment component affecting Java SE 6u151, 7u141, and 8u131. The connected CHAINGUARD entry confirms a vulnerability in Oracle Java SE Deployment with unspecified root cause and a potential impact to data integrity, but does not provide p...
CVE-2017-10111
CVE-2017-10111 affects Oracle Java OpenJDK’s Libraries component (Java SE). The connected advisories confirm vulnerable versions include Java SE 8u131 and Java SE Embedded 8u131, with exploitation described as arbitrary code execution via the LambdaFormEditor bounds checks in the Libraries, enabl...
CVE-2018-2638
CVE-2018-2638 is addressed in IBM product advisories for IBM Netezza and IBM InfoSphere Optim. The IBM Netezza Platform Software requires upgrading to 11.2.1.2 (Fix Central link provided in the bulletin). Separately, IBM InfoSphere Optim solutions (11.3.0) should apply fix pack 11.3.0.7 to mitiga...
CVE-2018-2941
CVE-2018-2941 affects Oracle Java SE (JavaFX) with affected products Java SE 7u181, 8u172, and 10.0.1. The vulnerability is difficult to exploit, requires network access via multiple protocols and user interaction, and can lead to takeover of Java SE. It principally concerns Java deployments runn...
CVE-2017-10125
CVE-2017-10125 is described in the initial document as a vulnerability in the Oracle Java SE Deployment component affecting Java SE 7u141 and 8u131. The impact is stated as potentially allowing takeover of Java SE, with CVSS 3.0/3.1 metrics indicating a physical access prerequisite (HPC: PHYSICAL...
CVE-2018-2825
CVE-2018-2825 concerns Oracle Java SE Libraries with affected Java SE 10, allowing network-based attacks that may compromise confidentiality, integrity, and availability; the exploitation requires user interaction. The connected documents largely discuss IBM-specific advisories (IBM i, Netcool Ag...
CVE-2017-10086
CVE-2017-10086 affects Oracle Java SE (JavaFX) in Java 7u141 and 8u131. Descriptions indicate an easily exploitable, network-accessible vulnerability that can be exploited with no authentication and user interaction, potentially leading to takeover of Java SE. The connected documents cite this CV...
CVE-2018-2581
CVE-2018-2581 affects Oracle Java SE (JavaFX) with Java SE versions 7u161, 8u152, and 9.0.1. An unauthenticated attacker with network access via multiple protocols can read a subset of Java SE data; exploitation requires user interaction. The issue is tied to JavaFX within client deployments (Web...
CVE-2018-2627
CVE-2018-2627 : Vulnerability in the Oracle Java SE component (Installer) for Windows installer only. Affected: Java SE 8u152 and 9.0.1. Exploitation is described as difficult and requires a logged-on, low-privilege user with user interaction; successful exploitation could lead to takeover of Jav...
CVE-2018-2942
CVE-2018-2942 affects Oracle Java SE (Windows DLL) with vulnerable Java SE versions 7u181 and 8u172. The vulnerability is exploitable over a network via multiple protocols and can lead to Java SE takeover; exploitation requires user interaction. CVSSv3.1 base score 8.3 (HIGH) with impacts to conf...
CVE-2019-10246
CVE-2019-10246 is described in connected IBM security bulletins as an Eclipse Jetty vulnerability where a server configured to Listing directory contents could expose the fully-qualified Base Resource directory name to remote clients, potentially revealing sensitive information. IBM Cognos Analyt...