Summary
Detail | |||
---|---|---|---|
Vendor | Oracle | First view | 2012-02-15 |
Product | Jdk | Last view | 2017-12-29 |
Version | 1.7.0 | Type | Application |
Update | update141 | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:oracle:jdk |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5.3 | 2017-12-29 | CVE-2013-4578 | jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation. |
6.5 | 2017-08-08 | CVE-2017-10243 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L). |
6.8 | 2017-08-08 | CVE-2017-10198 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). |
3.1 | 2017-08-08 | CVE-2017-10193 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). |
7.5 | 2017-08-08 | CVE-2017-10176 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). |
5.9 | 2017-08-08 | CVE-2017-10135 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). |
7.1 | 2017-08-08 | CVE-2017-10125 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). |
7.5 | 2017-08-08 | CVE-2017-10118 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). |
8.3 | 2017-08-08 | CVE-2017-10116 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). |
7.5 | 2017-08-08 | CVE-2017-10115 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). |
8.3 | 2017-08-08 | CVE-2017-10114 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). |
9.6 | 2017-08-08 | CVE-2017-10110 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). |
5.3 | 2017-08-08 | CVE-2017-10109 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). |
5.3 | 2017-08-08 | CVE-2017-10108 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). |
9.6 | 2017-08-08 | CVE-2017-10107 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). |
4.3 | 2017-08-08 | CVE-2017-10105 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). |
9 | 2017-08-08 | CVE-2017-10102 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). |
9.6 | 2017-08-08 | CVE-2017-10101 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). |
9.6 | 2017-08-08 | CVE-2017-10096 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). |
9.6 | 2017-08-08 | CVE-2017-10090 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). |
9.6 | 2017-08-08 | CVE-2017-10089 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). |
9.6 | 2017-08-08 | CVE-2017-10087 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). |
9.6 | 2017-08-08 | CVE-2017-10086 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). |
4.3 | 2017-08-08 | CVE-2017-10081 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). |
8.3 | 2017-08-08 | CVE-2017-10074 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
33% (1) | CWE-310 | Cryptographic Issues |
33% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33% (1) | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
SAINT Exploits
Description | Link |
---|---|
Java JAX-WS gmbal package sandbox breach | More info here |
Java JAX-WS statistics.impl package sandbox breach | More info here |
Oracle Java java.awt.image.ByteComponentRaster Overflow | More info here |
Oracle Java Runtime Hotspot Bytecode Verifier Type Confusion | More info here |
Oracle Java Runtime Environment AWT storeImageArray Vulnerability | More info here |
Java Runtime Environment Hotspot final field vulnerability | More info here |
Java Runtime Environment java.awt.image.IntegerComponentRaster buffer overflow | More info here |
Java Runtime Environment Color Management memory overwrite | More info here |
Oracle Java findMethod findClass Security Bypass | More info here |
Oracle Java Serviceability Subcomponent ProviderSkeleton Class Vulnerability | More info here |
ExploitDB Exploits
id | Description |
---|---|
28050 | Oracle Java lookUpByteBI - Heap Buffer Overflow |
27705 | Java storeImageArray() Invalid Array Indexing Vulnerability |
26529 | Java Applet ProviderSkeleton Insecure Invoke Method |
24966 | Java Web Start Launcher ActiveX Control - Memory Corruption |
24904 | Java CMM Remote Code Execution |
24309 | Java Applet AverageRangeStatisticImpl Remote Code Execution |
24308 | Java Applet Method Handle Remote Code Execution |
22657 | Java Applet JAX-WS Remote Code Execution |
19717 | Java Applet Field Bytecode Verifier Cache Remote Code Execution |
OpenVAS Exploits
id | Description |
---|---|
2012-12-13 | Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1424-1 (java-1_6_0-openjdk) File : nvt/gb_suse_2012_1424_1.nasl |
2012-12-13 | Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1423-1 (java-1_6_0-openjdk) File : nvt/gb_suse_2012_1423_1.nasl |
2012-12-13 | Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:1175-1 (java-1_6_0-openjdk) File : nvt/gb_suse_2012_1175_1.nasl |
2012-12-13 | Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:0828-1 (java-1_6_0-openjdk) File : nvt/gb_suse_2012_0828_1.nasl |
2012-12-04 | Name : Oracle Java SE 'MurmurHash' Algorithm Hash Collision DoS Vulnerability (Windows) File : nvt/gb_oracle_java_se_murmurhash_dos_vuln_win.nasl |
2012-11-02 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2012:169 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2012_169.nasl |
2012-10-29 | Name : Ubuntu Update for openjdk-7 USN-1619-1 File : nvt/gb_ubuntu_USN_1619_1.nasl |
2012-10-19 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:1384-01 File : nvt/gb_RHSA-2012_1384-01_java-1.6.0-openjdk.nasl |
2012-10-19 | Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 Oct (Windows) File : nvt/gb_oracle_java_se_mult_vuln01_oct12_win.nasl |
2012-10-19 | Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 oct12 (Windows) File : nvt/gb_oracle_java_se_mult_vuln02_oct12_win.nasl |
2012-10-19 | Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-03 oct12 (Windows) File : nvt/gb_oracle_java_se_mult_vuln03_oct12_win.nasl |
2012-10-19 | Name : Oracle Java SE JRE Multiple Unspecified Vulnerabilities-04 oct12 (Windows) File : nvt/gb_oracle_java_se_mult_vuln04_oct12_win.nasl |
2012-10-19 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-16351 File : nvt/gb_fedora_2012_16351_java-1.7.0-openjdk_fc16.nasl |
2012-10-19 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-16346 File : nvt/gb_fedora_2012_16346_java-1.7.0-openjdk_fc17.nasl |
2012-10-19 | Name : RedHat Update for java-1.7.0-openjdk RHSA-2012:1386-01 File : nvt/gb_RHSA-2012_1386-01_java-1.7.0-openjdk.nasl |
2012-10-19 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:1385-01 File : nvt/gb_RHSA-2012_1385-01_java-1.6.0-openjdk.nasl |
2012-10-19 | Name : CentOS Update for java CESA-2012:1386 centos6 File : nvt/gb_CESA-2012_1386_java_centos6.nasl |
2012-10-19 | Name : CentOS Update for java CESA-2012:1385 centos5 File : nvt/gb_CESA-2012_1385_java_centos5.nasl |
2012-10-19 | Name : CentOS Update for java CESA-2012:1384 centos6 File : nvt/gb_CESA-2012_1384_java_centos6.nasl |
2012-10-09 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2012:150-1 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2012_150_1.nasl |
2012-09-21 | Name : Java for Mac OS X 10.6 Update 10 File : nvt/gb_macosx_java_10_6_upd_10.nasl |
2012-09-06 | Name : Ubuntu Update for icedtea-web USN-1505-2 File : nvt/gb_ubuntu_USN_1505_2.nasl |
2012-09-04 | Name : RedHat Update for java-1.7.0-openjdk RHSA-2012:1223-01 File : nvt/gb_RHSA-2012_1223-01_java-1.7.0-openjdk.nasl |
2012-09-04 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:1222-01 File : nvt/gb_RHSA-2012_1222-01_java-1.6.0-openjdk.nasl |
2012-09-04 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:1221-01 File : nvt/gb_RHSA-2012_1221-01_java-1.6.0-openjdk.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2014-B-0019 | Multiple Vulnerabilities in Apache Tomcat Severity: Category I - VMSKEY: V0044527 |
2013-A-0191 | Multiple Vulnerabilities in Java for Mac OS X Severity: Category I - VMSKEY: V0040779 |
2013-A-0200 | Multiple Vulnerabilities in Oracle Java Severity: Category I - VMSKEY: V0040783 |
2012-A-0153 | Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity: Category I - VMSKEY: V0033884 |
2012-A-0146 | Multiple Vulnerabilities in VMware vCenter Update Manager 4.1 Severity: Category I - VMSKEY: V0033792 |
2012-A-0147 | Multiple Vulnerabilities in VMware vCenter Server 4.1 Severity: Category I - VMSKEY: V0033793 |
2012-A-0148 | Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity: Category I - VMSKEY: V0033794 |
Snort® IPS/IDS
Date | Description |
---|---|
2019-05-21 | Oracle Java privileged protection domain exploitation attempt RuleID : 49846 - Type : FILE-JAVA - Revision : 1 |
2019-05-21 | Oracle Java privileged protection domain exploitation attempt RuleID : 49845 - Type : FILE-JAVA - Revision : 1 |
2019-03-26 | Oracle Java ImagingLib buffer overflow attempt RuleID : 49256 - Type : FILE-JAVA - Revision : 1 |
2019-03-26 | Oracle Java ImagingLib buffer overflow attempt RuleID : 49255 - Type : FILE-JAVA - Revision : 2 |
2019-03-12 | Oracle Java JPEGImageWriter memory corruption attempt RuleID : 49117 - Type : FILE-JAVA - Revision : 1 |
2019-03-12 | Oracle Java JPEGImageWriter memory corruption attempt RuleID : 49116 - Type : FILE-JAVA - Revision : 1 |
2018-04-05 | limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt RuleID : 45830 - Type : SERVER-OTHER - Revision : 1 |
2018-01-17 | limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt RuleID : 45201 - Type : SERVER-OTHER - Revision : 2 |
2018-01-17 | limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt RuleID : 45200 - Type : SERVER-OTHER - Revision : 2 |
2018-01-17 | limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt RuleID : 45199 - Type : SERVER-OTHER - Revision : 2 |
2016-07-28 | Oracle Java RangeStatisticImpl sandbox breach attempt RuleID : 39355 - Type : FILE-JAVA - Revision : 1 |
2016-07-28 | Oracle Java RangeStatisticImpl sandbox breach attempt RuleID : 39354 - Type : FILE-JAVA - Revision : 1 |
2016-04-26 | Oracle Java Class Loader namespace sandbox bypass attempt RuleID : 38339 - Type : FILE-JAVA - Revision : 2 |
2016-04-26 | Oracle Java Class Loader namespace sandbox bypass attempt RuleID : 38338 - Type : FILE-JAVA - Revision : 2 |
2016-03-24 | Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt RuleID : 37821 - Type : FILE-JAVA - Revision : 1 |
2016-03-24 | Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt RuleID : 37820 - Type : FILE-JAVA - Revision : 1 |
2016-03-24 | Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt RuleID : 37819 - Type : FILE-JAVA - Revision : 1 |
2016-03-24 | Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt RuleID : 37818 - Type : FILE-JAVA - Revision : 1 |
2016-03-22 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 37805 - Type : FILE-JAVA - Revision : 3 |
2016-03-22 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 37804 - Type : FILE-JAVA - Revision : 4 |
2016-03-22 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 37803 - Type : FILE-JAVA - Revision : 2 |
2016-03-22 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 37802 - Type : FILE-JAVA - Revision : 2 |
2015-04-30 | Nuclear exploit kit obfuscated file download RuleID : 33983 - Type : EXPLOIT-KIT - Revision : 5 |
2015-04-30 | Nuclear exploit kit landing page detected RuleID : 33982 - Type : EXPLOIT-KIT - Revision : 3 |
2014-11-16 | Oracle Java IntegerInterleavedRaster integer overflow attempt RuleID : 31541 - Type : FILE-JAVA - Revision : 7 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2018-11-27 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZLSA-2017-1789.nasl - Type: ACT_GATHER_INFO |
2018-11-27 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZLSA-2017-2424.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0026.nasl - Type: ACT_GATHER_INFO |
2017-12-26 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2017-936.nasl - Type: ACT_GATHER_INFO |
2017-12-18 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2017-1330.nasl - Type: ACT_GATHER_INFO |
2017-12-18 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2017-1331.nasl - Type: ACT_GATHER_INFO |
2017-12-15 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-3453.nasl - Type: ACT_GATHER_INFO |
2017-12-08 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZLSA-2017-3392.nasl - Type: ACT_GATHER_INFO |
2017-12-07 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2017-3392.nasl - Type: ACT_GATHER_INFO |
2017-12-07 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2017-3392.nasl - Type: ACT_GATHER_INFO |
2017-12-07 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-3392.nasl - Type: ACT_GATHER_INFO |
2017-12-07 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20171206_java_1_7_0_openjdk_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
2017-10-23 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4005.nasl - Type: ACT_GATHER_INFO |
2017-09-25 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201709-22.nasl - Type: ACT_GATHER_INFO |
2017-09-13 | Name: The version of Java SDK installed on the remote AIX host is affected by multi... File: aix_java_july2017_advisory.nasl - Type: ACT_GATHER_INFO |
2017-09-11 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2017-1207.nasl - Type: ACT_GATHER_INFO |
2017-09-11 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2017-1208.nasl - Type: ACT_GATHER_INFO |
2017-08-30 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-2280-1.nasl - Type: ACT_GATHER_INFO |
2017-08-30 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-2281-1.nasl - Type: ACT_GATHER_INFO |
2017-08-29 | Name: The remote Debian host is missing a security update. File: debian_DLA-1073.nasl - Type: ACT_GATHER_INFO |
2017-08-28 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3954.nasl - Type: ACT_GATHER_INFO |
2017-08-28 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-2263-1.nasl - Type: ACT_GATHER_INFO |
2017-08-25 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-2530.nasl - Type: ACT_GATHER_INFO |
2017-08-22 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20170807_java_1_7_0_openjdk_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
2017-08-21 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-954.nasl - Type: ACT_GATHER_INFO |