This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Oracle First view 2012-11-28
Product Openjdk Last view 2020-04-15
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:oracle:openjdk:1.7.0:*:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:11:*:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:11.0.1:*:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:11.0.2:*:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:11.0.3:*:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:11.0.4:*:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:11.0.5:*:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:13:*:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:13.0.1:*:*:*:*:*:*:* 20
cpe:2.3:a:oracle:openjdk:1.6.0:*:*:*:*:*:*:* 19
cpe:2.3:a:oracle:openjdk:1.8.0:*:*:*:*:*:*:* 16
cpe:2.3:a:oracle:openjdk:-:*:*:*:*:*:*:* 16
cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:* 13
cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:* 13
cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:* 13
cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:* 13
cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:* 13
cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:* 13
cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:* 13
cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:* 13
cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:* 13
cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:* 13
cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:* 13
cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:* 13
cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:* 13
cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:* 13
cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:* 13
cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:* 13
cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:* 13

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.3 2020-04-15 CVE-2020-2830

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

7.5 2020-04-15 CVE-2020-2816

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

8.3 2020-04-15 CVE-2020-2805

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

8.3 2020-04-15 CVE-2020-2803

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

4.8 2020-04-15 CVE-2020-2800

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

5.3 2020-04-15 CVE-2020-2781

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

3.7 2020-04-15 CVE-2020-2778

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

3.7 2020-04-15 CVE-2020-2773

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

4.8 2020-04-15 CVE-2020-2767

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

3.7 2020-04-15 CVE-2020-2757

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

3.7 2020-04-15 CVE-2020-2756

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

3.7 2020-04-15 CVE-2020-2755

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

3.7 2020-04-15 CVE-2020-2754

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

3.7 2020-01-15 CVE-2020-2659

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

3.7 2020-01-15 CVE-2020-2654

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

8.1 2020-01-15 CVE-2020-2604

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

6.8 2020-01-15 CVE-2020-2601

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).

4.8 2020-01-15 CVE-2020-2593

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

3.7 2020-01-15 CVE-2020-2590

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

3.7 2020-01-15 CVE-2020-2583

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

10 2015-11-09 CVE-2014-8873

A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8u1 includes a MIME type registration that is added to /etc/mailcap by mime-support, which allows remote attackers to execute arbitrary code via a JAR file.

9.3 2014-07-17 CVE-2014-2483

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the "use of privileged annotations."

10 2014-05-13 CVE-2014-2405

Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462.

10 2014-05-13 CVE-2014-0462

Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-2405.

4.4 2014-02-10 CVE-2014-1876

The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.

CWE : Common Weakness Enumeration

%idName
60% (3) CWE-310 Cryptographic Issues
20% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')
20% (1) CWE-20 Improper Input Validation

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:21079 RHSA-2013:0587: openssl security update (Moderate)
oval:org.mitre.oval:def:20786 VMware vSphere, ESX and ESXi updates to third party libraries
oval:org.mitre.oval:def:19608 Multiple OpenSSL vulnerabilities
oval:org.mitre.oval:def:19540 HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, an...
oval:org.mitre.oval:def:19428 HP-UX Apache Web Server, Remote Denial of Service (DoS)
oval:org.mitre.oval:def:19424 HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, an...
oval:org.mitre.oval:def:19016 OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1....
oval:org.mitre.oval:def:18841 HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Unauthorized Discl...
oval:org.mitre.oval:def:18565 DSA-2621-1 openssl - several vulnerabilities
oval:org.mitre.oval:def:18302 USN-1732-1 -- openssl vulnerabilities
oval:org.mitre.oval:def:23909 ELSA-2013:0587: openssl security update (Moderate)
oval:org.mitre.oval:def:23489 DEPRECATED: ELSA-2013:0587: openssl security update (Moderate)
oval:org.mitre.oval:def:24405 Vulnerability in the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1...
oval:org.mitre.oval:def:24938 OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1....
oval:org.mitre.oval:def:26214 SUSE-SU-2013:0328-1 -- Security update for Java
oval:org.mitre.oval:def:25811 SUSE-SU-2013:0701-1 -- Security update for java-1_7_0-ibm
oval:org.mitre.oval:def:25236 SUSE-SU-2013:0701-2 -- Security update for java-1_6_0-ibm
oval:org.mitre.oval:def:27605 DEPRECATED: ELSA-2013-0587 -- openssl security update (moderate)
oval:org.mitre.oval:def:27551 DEPRECATED: ELSA-2013-0275 -- java-1.7.0-openjdk security update (important)
oval:org.mitre.oval:def:19582 HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, a...
oval:org.mitre.oval:def:19565 HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, a...
oval:org.mitre.oval:def:16887 Unspecified vulnerability in the Java Runtime Environment (JRE) component in ...
oval:org.mitre.oval:def:25952 SUSE-SU-2013:1238-1 -- Security update for java-1_6_0-openjdk
oval:org.mitre.oval:def:25782 SUSE-SU-2013:1254-1 -- Security update for java-1_7_0-openjdk
oval:org.mitre.oval:def:23723 The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6...

OpenVAS Exploits

id Description
2012-12-04 Name : Oracle Java SE Hash Collision DoS Vulnerability (Windows)
File : nvt/gb_oracle_java_se_hash_collision_dos_vuln_win.nasl
2012-12-04 Name : Oracle Java SE 'MurmurHash' Algorithm Hash Collision DoS Vulnerability (Windows)
File : nvt/gb_oracle_java_se_murmurhash_dos_vuln_win.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2014-A-0105 Multiple Vulnerabilities in Oracle Java
Severity: Category I - VMSKEY: V0053191
2013-A-0199 Multiple Vulnerabilities in Oracle Fusion Middleware
Severity: Category I - VMSKEY: V0040786
2013-A-0181 Multiple Vulnerabilities in Junos Pulse Secure Access Service (IVE)
Severity: Category I - VMSKEY: V0040371
2013-A-0180 Multiple Vulnerabilities in Juniper Networks Junos Pulse Access Service Acces...
Severity: Category I - VMSKEY: V0040372
2013-A-0179 Apple Mac OS X Security Update 2013-004
Severity: Category I - VMSKEY: V0040373
2013-A-0077 Multiple Vulnerabilities in OpenSSL
Severity: Category I - VMSKEY: V0037605

Snort® IPS/IDS

Date Description
2014-01-10 Oracle Java XML digital signature spoofing attempt
RuleID : 28157 - Type : BROWSER-PLUGINS - Revision : 3
2014-01-10 SSLv3 plaintext recovery attempt
RuleID : 25828 - Type : SERVER-OTHER - Revision : 4
2014-01-10 TLSv1.2 plaintext recovery attempt
RuleID : 25827 - Type : SERVER-OTHER - Revision : 4
2014-01-10 TLSv1.1 plaintext recovery attempt
RuleID : 25826 - Type : SERVER-OTHER - Revision : 4
2014-01-10 TLSv1.0 plaintext recovery attempt
RuleID : 25825 - Type : SERVER-OTHER - Revision : 4

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-09-27 Name: The remote Debian host is missing a security update.
File: debian_DLA-1518.nasl - Type: ACT_GATHER_INFO
2016-11-21 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL93600123.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-294.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_esx_VMSA-2013-0009_remote.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_esx_VMSA-2013-0012_remote.nasl - Type: ACT_GATHER_INFO
2015-07-28 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3316.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2014-0732-1.nasl - Type: ACT_GATHER_INFO
2015-02-16 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201502-12.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_gnutls_20130924.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_nss_20140809.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_openssl_20130716.nasl - Type: ACT_GATHER_INFO
2015-01-13 Name: The remote host has a library installed that is affected by an information di...
File: tivoli_directory_svr_swg21638270.nasl - Type: ACT_GATHER_INFO
2014-12-22 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10659.nasl - Type: ACT_GATHER_INFO
2014-12-16 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2014-772.nasl - Type: ACT_GATHER_INFO
2014-12-16 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2014-773.nasl - Type: ACT_GATHER_INFO
2014-12-12 Name: The remote host has an update manager installed that is affected by multiple ...
File: vmware_vcenter_update_mgr_vmsa-2014-0012.nasl - Type: ACT_GATHER_INFO
2014-12-12 Name: The remote host has a virtualization management application installed that is...
File: vmware_vcenter_vmsa-2014-0012.nasl - Type: ACT_GATHER_INFO
2014-12-05 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_compat-openssl097g-141202.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2014-0007.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2014-0008.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2013-0636.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2013-1455.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2013-1456.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2014-0413.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2014-0414.nasl - Type: ACT_GATHER_INFO